Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Field Permissions
Organization-Wide Sharing Defaults
Set Your Internal Organization-Wide Sharing Defaults
External Organization-Wide Defaults Overview
Set Your External Organization-Wide Sharing Defaults
Sharing Rules
User Sharing and Visibility
Public and Personal Groups
Manual Sharing
Restriction Rules
Strengthen Your Data’s Security with Shield Platform Encryption
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

External Organization-Wide Defaults Overview

External organization-wide defaults provide separate organization-wide defaults for internal and external users to help you better secure your data.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions

By setting configuring separate levels of default record access for your internal and external users, you have more control over data access. External-organization-wide defaults simplify your sharing rules configuration and improve recalculation performance. These settings also speed up performance for reports, list views, searches, and API queries.

For example, you want all your internal users to have read access to all account records, but you want to limit access for external users to certain groups and records. To configure more restrictive access for external users, set the default internal access to Public Read Only and the default external access to Private. You can later open up record access for external users using other features.

The external access level for an object can’t be more permissive than the internal access level.

Note

You can set external organization-wide defaults for these objects. Your org might have other objects whose external organization-wide defaults can be modified.

  • Account
  • Asset
  • Case
  • Campaign
  • Contact
  • Individual
  • Lead
  • Opportunity
  • Order
  • User
  • Custom Objects

External organization-wide defaults aren’t available for some objects, but you can achieve the same behavior with sharing rules. Set the default access to Private and create a sharing rule to share records with all internal users.

External users include:

  • Authenticated website users
  • Chatter external users
  • Experience Cloud site users
  • Customer Portal users
  • Customer Community users
  • High-volume Experience Cloud site users
  • Partner users
  • Service Cloud Portal users

Chatter external users have access to only the User object.

Note

Guest users aren't considered external users. Guest users’ org-wide defaults are set to Private for all objects, and this access level can’t be changed.

Learn more about external org-wide default settings in this video.