Sharing Settings

In Salesforce, you can control access to data at many different levels. For example, you can control the access your users have to objects with object permissions. Within objects, you can control the access users have to fields using field-level security. To control access to data at the record level, use sharing settings.
Available in: Salesforce Classic and Lightning Experience
Available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions

Teams are not available in Database.com


Note

Note

Watch Video Demo Who Sees What: Overview (Salesforce Classic)

Watch how you can control who sees what data in your organization.

Organization-Wide Defaults

Your organization-wide default sharing settings give you a baseline level of access for each object and enable you to extend that level of access using hierarchies or sharing rules. For example, you can set the organization-wide default for leads to Private if you only want users to view and edit the leads they own. Then, you can create lead sharing rules to extend access of leads to particular users or groups.

Sharing Rules

Sharing rules represent the exceptions to your organization-wide default settings. If you have organization-wide sharing defaults of Public Read Only or Private, you can define rules that give additional users access to records they do not own. You can create sharing rules based on record owner or field values in the record.

Tip

Tip

Sometimes it’s impossible to define a consistent group of users who need access to a particular set of records. In those situations, record owners can use manual sharing to give read and edit permissions to users who would not have access to the record any other way. Although manual sharing isn’t automated like organization-wide sharing settings, role hierarchies, or sharing rules, it gives record owners the flexibility to share particular records with users that need to see them.

Apex Managed Sharing

Apex managed sharing allows developers to programmatically share custom objects. When you use Apex managed sharing to share a custom object, only users with the “Modify All Data” permission can add or change the sharing on the custom object's record, and the sharing access is maintained across record owner changes.

Other Methods for Allowing Access to Records

In addition to sharing settings, there are a few other ways to allow multiple users access to given records:
Map category groups to roles
Control access to data categories by mapping them to user roles.
Queues

Queues help you prioritize, distribute, and assign records to teams who share workloads. Queue members and users higher in a role hierarchy can access queues from list views and take ownership of records in a queue.

Use queues to route lead, order, case, and custom object records to a group.
Teams
For accounts, opportunities, and cases, record owners can use teams to allow other users access to their records. A team is a group of users that work together on an account, sales opportunity, or case. Record owners can build a team for each record that they own. The record owner adds team members and specifies the level of access each team member has to the record, so that some team members can have read-only access and others can have read/write access. The record owner can also specify a role for each team member, such as “Executive Sponsor.” In account teams, team members also have access to any contacts, opportunities, and cases associated with an account.
Note

Note

A team member may have a higher level of access to a record for other reasons, such as a role or sharing rule. In this case, the team member has the highest access level granted, regardless of the access level specified in the team.