What are group membership "org" locks?
The Sharing capabilities of Salesforce give administrators great flexibility in modeling their organization and sharing information between different groups of people. Administrators can define a role hierarchy, create public groups, establish queues for work teams, and organize sales operations with territory management. Accurately maintaining the membership of all these groups is crucial, as mistakes could lead to exposure of sensitive information to the wrong people. Accordingly, Salesforce uses various kinds of database locks to ensure that updates to group membership don’t interfere with each other and introduce incorrect data in the sharing system.
While these locks protect the integrity of customers’ security configuration, they can also generate error messages for some large organizations when trying to perform multiple updates at the same time. These errors, called "lock errors," indicate that an update was "locked out" (that is, not allowed to proceed) because a previous update had already locked the table that maintains group membership, and was still running. For customers with a lot of data and a very large number of roles and public groups, the probability of obtaining these locks is greater, and can become a serious performance issue for their maintenance processes. For example, customers may find that their administrators cannot perform manual operations like creating users while an automated process that changes group membership is running. Or they may wish to use multi-threading in integration with other systems, but discover that they encounter so many lock errors that their throughput is greatly reduced.