Record Level Access in Salesforce
You can control salesforce record level access in four ways:
- Org-wide defaults
- Role hierarchies
- Sharing rules
- Manual sharing
Org-wide defaults specify the default level of access users have to each other’s records.
Role hierarchies ensure managers have access to the same records as their subordinates. Each role in the hierarchy represents a level of data access that a user or group of users needs.
Sharing rules are automatic exceptions to org-wide defaults for particular groups of users, to give them access to records they don’t own or can’t normally see.
Manual sharing lets record owners give read and edit permissions to users who might not have access to the record any other way.
Sharing model for Object settings:
Private
Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.
Public Read Only
All users can view and report on records, but only the owner, and users above that role in the hierarchy, can edit them.
Public Read/Write
All users can view, edit, and report on all records.
Controlled by Parent
A user can view, edit, or delete a record if she can perform that same action on the record it belongs to.