Print this page

Hierarchical Sharing Structure and Record Visibility concepts

Knowledge Article Number 000005643
Salesforce's sharing structure is based upon the following Salesforce concepts:
Want to learn more? Take a deep dive into how Salesforce controls access to data in our Data Security Salesforce Trailhead learning module. 

Sharing Model

Your Organization's sharing model sets the default access that users have to each other's data. The four sharing models are:
      1. Private
      2. Public Read Only
                  3. Public Read / Write
                  4. Public Read / Write / Transfer


Only the record owner, and users above that role in the Hierarchy, can view, edit, and report on those records.

Example: If Tom is the owner of an account, and he is assigned to the role of Regional Manager, reporting to Carol (who is in the role of Vice President), then Carol can also view, edit, and report on Tom's accounts.

Public Read Only

All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records. 

Example: Sara is the owner of an Account called ABC Corp. Sara is also in the role Regional Manager, reporting to Carol, who is in the role of Vice President. Sara and Carol have full read/write access to ABC Corp. Tom (another Regional Director) can also view and report on ABC Corp, but cannot edit it. This is because Tom is at the same level as Sara, not above her in the hierarchy.

Public Read/Write

All users can view, edit, and report on all records.

Example: If Tom is the owner of the Account Trident Inc., all other users can view, edit, and report on the Trident account. However, only Tom can alter the sharing settings or delete the Trident account.

Public Read/Write/Transfer

All Users can view, edit, transfer, and report on all records (Only available for Cases or Leads).

Example: If Alice is the owner of the Account ACME case number 100, all other users can view, edit, transfer ownership, and report on that case. But only Alice can delete or change the sharing on case 100.


A profile defines a User's permission to perform different functions within Salesforce. Profiles also control the following:
  • Which Page Layouts the User sees.
  • The Field-Level Security access that the User has to view and edit specific fields.
  • Which tabs the User can view.
  • Which Record Types are available to the User.
  • The hours and IP addresses from which the User can log in.
  • Administrators and Users with the "Manage Users" permission, can create, edit, and delete Profiles.

Roles (User Roles)

Every user must be assigned to a role, or their data will not display in Opportunity reports, Forecast rollups, and other displays based on roles.
  • All users that require visibility to the entire organization should be assigned the highest level in the hierarchy.
  • It is not necessary to create individual roles for each title at your company, rather you want to define a hierarchy of roles to control access of information entered by users in lower level roles.
  • When you change a user's role, any relevant sharing rules are reevaluated to add or remove access as necessary.

Record Types

If your Organization uses Record Types, edit it to modify which picklist values are visible. You can also set default picklist values based upon the record type for various Business Units, or Record Uses.

Page layouts

This controls which fields appear in the layout, and their orientation on the page. 

Field Level Security

Field-Level Security settings let System Administrators restrict the following:
  • Users
  • Access to view and edit specific fields on detail and edit pages. 
  • In related lists
  • List views
  • Reports
  • Offline Edition
  • Search results
  • Email and mail merge templates
  • Custom Links
  • When synchronizing data.

The fields that Users see on detail and edit pages are a combination of Page Layouts and Field-Level Security settings. The most restrictive field access settings of the two always apply.

Example: If a field is required in the Page Layout and 'read-only' in the Field-Level Security settings, the Field-Level Security overrides the Page Layout and the field will be 'read-only' for the User.

promote demote