What is an Org-Wide Default?

OWDs establish the default sharing baseline for each object, which other mechanisms can open up.

What are the OWD options?

OWDs have several options ranging from most restrictive (Private) to most open (Public Read/Write).

What's a best practice?

Least privilege: start restrictive and grant access deliberately through sharing mechanisms.

Org-Wide Default

Administration🔴 Advanced

Definition

The baseline sharing setting for each object in Salesforce that determines the default level of access all users have to each other's records (Private, Public Read Only, Public Read/Write, or Controlled by Parent).

Real-World Example

an admin at Redwood Financial recently implemented Org-Wide Default to ensure the Salesforce org runs smoothly and securely. They configure Org-Wide Default during a scheduled maintenance window, test it in a sandbox first, and then deploy to production. The result is tighter security and a more streamlined experience for all 200 users in the org.

Why Org-Wide Default Matters

An Org-Wide Default is the baseline sharing setting for each object in Salesforce that determines the default level of access all users have to each other's records. Options include Private (users only see their own records), Public Read Only (users can read all records but only edit their own), Public Read/Write (users can read and edit all records), and Controlled by Parent (inherits from a parent record's sharing). OWDs are the foundation of the Salesforce sharing model, establishing the most restrictive default that other mechanisms (sharing rules, role hierarchy, manual sharing) can then open up.

Choosing OWDs is one of the most consequential security decisions in any Salesforce implementation. Set OWDs more restrictive than necessary and users will constantly hit access issues; set them too open and data is exposed inappropriately. Mature orgs typically set OWDs to Private for sensitive objects (Accounts, Opportunities, Cases) and use sharing rules and role hierarchy to grant the access that users actually need. The principle of least privilege applies: start restrictive, open up deliberately.

How Organizations Use Org-Wide Default

•BrightEdge Solutions — Sets OWDs to Private for all sensitive objects, then uses sharing rules to grant appropriate access by team and territory.
•NovaScale — Treats OWD configuration as a foundational security decision, getting it right before building more complex sharing on top.
•Cobalt Ventures — Reviews OWDs annually as part of access governance, ensuring they still match the current organizational structure.