Default visibility for files shared on records

There is no setting for the default visibility of files shared on records, but having a community (Experience Cloud site) changes the visibility options.
Default Visibility Behavior:

• When there are no communities defined in the org, a file shared with a record has a default visibility of AllUsers.
• When there is at least one community defined in the org, a file shared with a record has a default visibility of InternalUsers.

Example 1 — Org with no communities:
Attach a file to an Account record in an org with no communities enabled. Query the ContentDocumentLink object using the Account Id in the WHERE condition:
SELECT ContentDocumentId, LinkedEntityId, Visibility, ShareType FROM ContentDocumentLink WHERE LinkedEntityId='[AccountId]'
The result shows Visibility = AllUsers for the new file.

Output:

Example 2 — Org with communities enabled:
Enable Communities and attach a new file to the same Account record. Run the same query again.
The result shows the previously attached file remains Visibility = AllUsers, while the newly attached file shows Visibility = InternalUsers.

Output:

Overriding the Default Visibility:
The default visibility can be overridden in two ways:

1. Using the user interface (UI): When posting a file on the record's Chatter thread, select either 'To SF Only' or 'All with access'.
2. Using the API: When creating the ContentDocumentLink (CDL) between the file and the record, set the Visibility field to 'AllUsers' in your Apex trigger. For example, loop through the new ContentDocumentLink records in a trigger and set cont.Visibility = 'AllUsers' before insert.

for(ContentDocumentLink cont : Trigger.new)
{ 
cont.Visibility = 'AllUsers'; 
}