You are here:
Organization-Wide Default Access Settings
For most objects, you can assign default access to Controlled by Parent, Private, Public Read Only, or Public Read/Write. Other access levels, like Public Full Access and View Only, are available for only specific objects.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
Available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions Only Custom Objects are available in Database.com |
| User Permissions Needed | |
|---|---|
| To set default sharing access: | Manage Sharing |
These access levels apply to custom objects and most standard objects.
| Field | Description |
|---|---|
| Controlled by Parent | A user can perform an action (such as view, edit, or delete) on a contact or order based on whether he or she can perform that same action on the record associated with it. For example, if a contact is associated with the Acme account, then a user can only edit that contact if he or she can also edit the Acme account. |
| Private | Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records. For example, if Tom is the owner of an account, and he’s assigned to the role of Western Sales, reporting to Carol (who is in the role of VP of Western Region Sales), then Carol can also view, edit, and report on Tom’s accounts. |
| Public Read Only | All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records. For example, Sara is the owner of ABC Corp. Sara is also in the role Western Sales, reporting to Carol, who is in the role of VP of Western Region Sales. Sara and Carol have full read/write access to ABC Corp. Tom (another Western Sales Rep) can also view and report on ABC Corp, but can’t edit it. |
| Public Read/Write | All users can view, edit, and report on all records. For example, if Tom is the owner of Trident Inc., all other users can view, edit, and report on the Trident account. However, only Tom can alter the sharing settings or delete the Trident account. |
| Public Read/Write/Transfer | All users can view, edit, transfer, and report on all records. Only available for cases or leads. For example, if Alice is the owner of ACME case number 100, all other users can view, edit, transfer ownership, and report on that case. But only Alice can delete or change the sharing on case 100. |
| Public Full Access | All users can view, edit, transfer, delete, and report on all records. Only available for campaigns. For example, if Ben is the owner of a campaign, all other users can view, edit, transfer, or delete that campaign. |
Personal Calendar Access Levels
| Field | Description |
|---|---|
| Hide Details | Others can see whether the user is available at given times, but can’t see any other information about the nature of events in the user’s calendar. |
| Hide Details and Add Events | In addition to the sharing levels set by Hide Details, users can insert events in other users’ calendars. |
| Show Details | Users can see detailed information about events in other users’ calendars. |
| Show Details and Add Events | In addition to the sharing levels set by Show Details, users can insert events in other users’ calendars. |
| Full Access | Users can see detailed information about events in other users’ calendars, insert events in other users’ calendars, and edit existing events in other users’ calendars. |
Price Book Access Levels
| Field | Description |
|---|---|
| Use | All users can view price books and add them to opportunities. Users can add any product within that price book to an opportunity. |
| View Only | All users can view and report on price books but only users with the “Edit” permission on opportunities or users that have been manually granted use access to the price book can add them to opportunities. |
| No Access | Users can’t see price books or add them to opportunities. Use this access level in your organization-wide default if you want only selected users to access selected price books. Then, manually share the appropriate price books with the appropriate users. |
Activity Access Levels
| Field | Description |
|---|---|
| Private | Only the activity owner, and users above the activity owner in the role hierarchy, can edit and delete the activity; users with read access to the record to which the activity is associated can view and report on the activity. |
| Controlled by Parent | A user can perform an action (such as view, edit, transfer, and delete) on an activity based on whether he or she can perform that same action on the records associated with the activity. For example, if a task is associated with the Acme account and the John Smith contact, then a user can only edit that task if he or she can also edit the Acme account and the John Smith record. |
User Access Levels
| Field | Description |
|---|---|
| Private | All users have read access to their own user record and those below them in the role hierarchy. |
| Public Read Only | All users have read access on one another. You can see all users’ detail pages. You can also see all users in lookups, list views, ownership changes, user operations, and search. |
