Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More

Users are able to view records that have not been shared with them.

Publish Date: Apr 2, 2026
Description

In Salesforce, users may sometimes have access to records that are not explicitly shared with them. This behavior is typically due to indirect access granted through related records or sharing configurations.

Record visibility is determined by several factors, including:

  • Record ownership
  • Role hierarchy
  • Territory hierarchy
  • Sharing rules
  • Profile permissions (such as View All or Modify All)
  • Team access (for example, Account Teams)

In some cases, access is granted through relationships between records, which can make it appear as though access was not intentionally provided.

Resolution

To determine why a user can access a specific record, use the Sharing button on the record (for example, an Account).

  1. Open the Account record.
  2. Click the Sharing button.
  3. Review the list of users and the reason for access.

Key Scenario:

  • If the access reason shows “Associated record owner or sharing”, the user has access because they own or have access to a related record (such as an Opportunity or Contact).

Example:

  • A user who owns an Opportunity related to an Account may gain Read access to that Account and its related Contacts.
  • If that Opportunity is shared with another user, that user may also gain Read access to the related Account and Contacts.

Notes:

  • Access to an Account can grant access to its related Contacts.
  • The Sharing button is available when the organization-wide default is Private or Public Read Only (for the object or related objects).
  • Reviewing the Sharing details helps identify indirect access paths and understand record visibility.
Knowledge Article Number

000385198

 
Loading
Salesforce Help | Article