Skip to content
Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Organization-Wide Defaults entry
How-to guide

Set organization-wide defaults in Sharing Settings

You configure OWD in one place, Sharing Settings, and edit it per object. Decide each object's level from data sensitivity first, then set it. Plan tightening changes around a sandbox test, because they trigger a background recalculation.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated Jun 16, 2026

You configure OWD in one place, Sharing Settings, and edit it per object. Decide each object's level from data sensitivity first, then set it. Plan tightening changes around a sandbox test, because they trigger a background recalculation.

  1. Open Sharing Settings

    From Setup, type Sharing Settings in the Quick Find box and select it. The page lists every object with its current internal and external default side by side.

  2. Edit the Organization-Wide Defaults area

    Click Edit in the Organization-Wide Defaults section. Each object row shows a Default Internal Access dropdown and, where external sharing is enabled, a Default External Access dropdown.

  3. Set each object's access level

    Choose the level per object based on sensitivity. Set external access equal to or tighter than internal; Salesforce recommends external Private unless the business needs more. Private cannot be looser than the matching external value.

  4. Decide Grant Access Using Hierarchies

    For custom objects, leave the Grant Access Using Hierarchies box checked unless a compliance case requires managers not to inherit subordinate records. Standard objects keep it on and the box is locked.

  5. Save and wait for recalculation

    Click Save. Loosening applies at once; tightening runs a background sharing recalculation and you get an email when it finishes. Verify access with a few representative users afterward.

Default Internal Accessremember

The baseline access internal users have to records they do not own, per object. Options range from Private through Public Read/Write/Transfer depending on the object.

Default External Accessremember

The baseline for external authenticated users (Experience Cloud and portal logins). Must be the same as or more restrictive than the internal default. Recommended Private.

Grant Access Using Hierarchiesremember

Per-object checkbox that rolls record access up the role hierarchy to managers. Always on for standard objects; optional for custom objects.

Controlled by Parentremember

An access level for detail objects that inherits the user's access from the parent record, keeping child visibility in lockstep with the parent.

Gotchas
  • Tightening OWD does not take effect until the background sharing recalculation completes; loosening applies immediately.
  • You cannot change a custom object from Private to Public while Apex code references its sharing entries.
  • Guest user OWD is Private for all objects and cannot be edited; use guest user sharing rules for public site access instead.
  • Once the external sharing model is enabled in an org, it cannot be disabled, so plan before turning it on.

See the full Organization-Wide Defaults entry

Organization-Wide Defaults includes the definition, worked example, deep dive, related terms, and a quiz.