Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Organization-Wide Defaults entry
How-to guide

Set Organization-Wide Defaults

Setting Organization-Wide Defaults is a foundational security decision. The steps below cover the design and rollout for a new org or major access model change.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated May 19, 2026

Setting Organization-Wide Defaults is a foundational security decision. The steps below cover the design and rollout for a new org or major access model change.

  1. Classify data sensitivity per object

    For each object, classify data sensitivity. HR, Compensation, sensitive customer financial data: high sensitivity. Product catalog, public reference data: low.

  2. Map user access needs

    For each object, document which user populations need access. The matrix determines whether Public is appropriate or whether Private plus sharing is needed.

  3. Open Sharing Settings

    Setup > Security > Sharing Settings. OWD list shows current settings per object.

  4. Set OWD per object

    Click Edit on Organization-Wide Defaults. For each object, set Internal and External OWD per the design. Save.

  5. Configure Role Hierarchy per object

    For objects where hierarchy should not grant access (compliance scenarios), uncheck Grant Access Using Hierarchies.

  6. Build sharing rules to compensate

    For Private OWDs, build sharing rules for legitimate access needs. Test with sample users from each population.

  7. Document the design

    Capture the OWD per object plus rationale in a doc. The data does not explain why OWD is set the way it is; future admins need the context.

Key options
Privateremember

Only owner sees. Strictest access; default for sensitive objects.

Public Read Onlyremember

Everyone with object Read sees; only owner edits.

Public Read/Writeremember

Everyone with Read/Write sees and edits. Most permissive common setting.

Public Read/Write/Transferremember

Adds transfer ownership.

Controlled by Parentremember

Inherits from parent object. For child objects matching parent access.

Gotchas
  • Tightening OWD restricts access on every existing record. Plan sharing rules to compensate before tightening.
  • Internal and External OWDs are separate settings. Confusion between them produces unexpected Community access.
  • Role hierarchy bypasses OWD by default. Compliance scenarios needing hierarchy bypass require explicit configuration.
  • Private OWD plus many sharing rules can slow saves. Performance test on high-volume objects.
  • Loosening OWD exposes previously restricted data. Audit before changing from Private to Public.

See the full Organization-Wide Defaults entry

Organization-Wide Defaults includes the definition, worked example, deep dive, related terms, and a quiz.