What are Organization-Wide Defaults?

OWDs are the sharing baseline that other mechanisms can open up.

What are the OWD options?

OWDs have several options ranging from most restrictive (Private) to most open (Public Read/Write).

What's the recommended approach?

Least privilege: start restrictive and grant access deliberately through sharing rules and role hierarchy.

Organization-Wide Defaults

Administration🟢 Beginner

Definition

The sharing model settings in Salesforce Setup that define the baseline record access for each object across the org, determining whether records are Private, Public Read Only, Public Read/Write, or Controlled by Parent by default.

Real-World Example

the system admin at BrightEdge Solutions uses Organization-Wide Defaults to control how users interact with Salesforce data and features. After configuring Organization-Wide Defaults in the sandbox and validating it with key stakeholders, they roll it out to production. User adoption improves because the interface now matches how teams actually work.

Why Organization-Wide Defaults Matters

Organization-Wide Defaults are the sharing model settings in Salesforce Setup that define the baseline record access for each object across the org, determining whether records are Private, Public Read Only, Public Read/Write, or Controlled by Parent by default. OWDs are the foundation of the Salesforce sharing model, establishing the most restrictive baseline that other mechanisms (sharing rules, role hierarchy, manual sharing, Apex managed sharing) can then open up.

Setting OWDs correctly is one of the most important security decisions in any Salesforce implementation. The principle is to start as restrictive as possible (typically Private for sensitive objects) and then grant access deliberately through sharing rules and role hierarchy. Setting OWDs too permissively means too many people see data they shouldn't; setting them too restrictively means users hit access issues constantly. Mature orgs treat OWD configuration as a foundational security exercise, getting it right before building on top with more granular sharing.

How Organizations Use Organization-Wide Defaults

•BrightEdge Solutions — Sets OWDs to Private for Accounts, Opportunities, and Cases, then uses sharing rules to grant access by team and territory.
•NovaScale — Treats OWD configuration as foundational, getting it right at the start of any Salesforce implementation.
•Cobalt Ventures — Reviews OWDs annually as part of access governance to ensure they still match the current organizational structure.