This article is part of the Security & Permissions Guide
Organization-wide sharing is a feature of Advanced Permissions that opens access to record types across your account or limits access to record types based on user roles and sharing rules. There are two settings for each record type: Private and Public.
- Private limits access to a record type (contacts, opportunities, etc.) based on a person's role.
- Public gives access to all records of a record type to every user who has Read permissions in their profile.
When you first enable Advanced Permissions, all record types are set to Private by default. The Private setting is required to set up roles and sharing rules for the selected record type.
For example, if your all your project records need to be viewed by anyone whose profile lets them see projects, then you will set the permissions for projects to Public. But if some opportunity records need to be accessible only to certain people, then you will set permissions for opportunities to Private and set up roles and sharing rules.
Here are some more details:
Private
The Private setting locks down access to records of the selected type. With this setting, users can only see a record if they meet both of these criteria:
- They are the person who owns or is assigned to the record, or they are assigned to a role that allows them to view that person's items through the role hierarchy or through sharing rules.
- They are assigned to a profile that gives them Read permissions for the selected record type.
Access can be opened up by using roles and sharing rules, or by using the "Read All" permission in profiles.
Public
The Public setting opens access to records of the selected type for all users, no matter who owns it.
When the Public setting is enabled for a record type, roles and sharing rules no longer apply to it. Any user can see all records of that type as long as they meet one requirement:
- They are assigned to a profile that gives them Read permissions for the selected record type.
So, you can still restrict a user's access to that record type by assigning them to a profile without Read permissions for the record type. This will hide all those records—even the tab in the navigation menu—from the user.
Planning organization-wide sharing
There is only one question to ask about each record type to determine whether you'll set it to the Private or Public setting: Should all users have access to every record of this type, no matter who owns it?
Yes - Set the record type to Public so everyone can access all of these records.
No - Set the record type to Private to limit who can access each record.
You can change the organization-wide sharing for any record type from System Settings.