Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Salesforce Consultant
medium

How do you design a Salesforce sharing model?

Sharing model design is the architectural step that determines who sees what. Done wrong: data leaks or users locked out.

Process:

1. Data sensitivity classification. For each object, what's the sensitivity?

  • Public (everyone can see) — Products, Pricebook.
  • Internal (all internal users see, not external) — most operational data.
  • Restricted (specific groups only) — financial, HR, deal teams.
  • Highly restricted (one or two roles) — compliance-driven, mergers.

2. OWD baseline. Set per object based on sensitivity:

  • Public Read/Write — fully shared, fastest performance.
  • Public Read Only — visible, owner-edits.
  • Private — owner-only, sharing layered on top.

Bias toward more open OWD; tighten only when sensitivity demands. Private with millions of records causes performance pain.

3. Role hierarchy — model the org chart. Managers see records below them automatically (unless "Grant Access Using Hierarchies" is unchecked).

4. Sharing rules — declarative grants. Common patterns:

  • Region-based: "All Accounts in EMEA region readable to EMEA team".
  • Owner-based: "Records owned by users in Sales team readable to Sales Manager group".
  • Cross-team: "Marketing readable to all Sales".

5. Manual sharing — for one-offs.

6. Apex Managed Sharing — escape hatch for logic that can't be expressed declaratively.

7. Communities/external — separate OWD column, Sharing Sets for HVPU users.

8. Modify All / View All permissions — for system admins, audit roles.

9. Field-level security — gates fields, not records. Layer on top of sharing.

Validation testing:

  • For each persona, confirm they can see what they should AND can't see what they shouldn't.
  • Use System.runAs(testUser) { ... } in Apex tests for FLS/sharing validation.
  • For Communities, test as a portal user via "Login As" feature.

Common mistakes:

  • Too restrictive OWD — hard to get less restrictive later (recalc time, missing sharing).
  • Over-engineering with Apex sharing — declarative usually sufficient; reach for Apex only when needed.
  • Forgetting external users — separate OWD column matters once Communities enabled.
  • Sharing rules without recalc consideration — too many rules slow recalc.

A good sharing model is simple, principled, and documented — in the SDD and in an org-level architecture page.

Why this answer works

Senior consulting. The 9-step process and the "bias toward open OWD" performance insight are senior signals.

Follow-ups to expect

Related dictionary terms