User Guide - Limiting Access to System Data With OWSD
Organization-Wide Sharing Defaults
The base level system permissions are set by these settings, how you configure your oganization-wide sharing settings will effect your users ability to use Snapforce. It is important to realize that these settings are always going to be the strictest permissions e.g. the base-level permissions. Therefore when deciding on changing the sharing defaults for an object always set it to the strictest access you may or think you may need for said object; than if you need to provide additional access for that object you should modify other permissions and access settings available to solve the specific need at hand.
Setting Your Organization-Wide Sharing Defaults
- From Setup, click Security > Sharing Settings.
- For each object, select the default access you want to use.
You can assign the following access levels to accounts, campaigns, cases, contacts, contracts, leads, opportunities, orders, users, and custom objects.
|Controlled by Parent||
A user can perform an action (such as view, edit, or delete) on a contact or order based on whether he or she can perform that same action on the record associated with it.
For example, if a contact is associated with the Acme account, then a user can only edit that contact if he or she can also edit the Acme account.
|Private||Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.
For example, if Tom is the owner of an account, and he is assigned to the role of Western Sales, reporting to Carol (who is in the role of VP of Western Region Sales), then Carol can also view, edit, and report on Tom’s accounts.
|Public Read Only||
All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.
For example, Sara is the owner of ABC Corp. Sara is also in the role Western Sales, reporting to Carol, who is in the role of VP of Western Region Sales. Sara and Carol have full read/write access to ABC Corp. Tom (another Western Sales Rep) can also view and report on ABC Corp, but cannot edit it.
|Public Read/Write||All users can view, edit, and report on all records.
For example, if Tom is the owner of Trident Inc., all other users can view, edit, and report on the Trident account. However, only Tom can alter the sharing settings or delete the Trident account.
|Public Read/Write/Transfer||All users can view, edit, transfer, and report on all records. Only available for cases or leads.
For example, if Alice is the owner of ACME case number 100, all other users can view, edit, transfer ownership, and report on that case. But only Alice can delete or change the sharing on case 100.
|Public Full Access||All users can view, edit, transfer, delete, and report on all records. Only available for campaigns.
For example, if Ben is the owner of a campaign, all other users can view, edit, transfer, or delete that campaign.