Skip to main content

Set Your Org's External Org-Wide Defaults

Follow Along with Trail Together

Want to follow along with an expert as you work through this step? Take a look at this video, part of the Trail Together series. The clip starts at the 22:17 minute mark, in case you want to rewind and watch the beginning of the step again.

External Org-Wide Defaults

External org-wide defaults give you full control over the baseline record access for site and portal users. This layer of protection ensures that you can define separate record access policies for internal users and external users.

Check out this video for an overview of external org-wide defaults and how they work with external users.

For example, you may have public read-only access on opportunities for all your internal users and set the external org-wide defaults to private so that partners do not see one another’s’ opportunities.

External Org-Wide Defaults Considerations

Here are some things to consider when you use external org-wide defaults. External org-wide defaults affect all Experience Cloud and legacy portal licenses. Not all objects can have an external sharing model. Here are the ones that can.

  • Accounts and their associated contracts and assets
  • Assets
  • Cases
  • Contacts
  • Individuals
  • Opportunities
  • Orders
  • Custom Objects
  • Users

We highly recommend that you set the default external access to private for all objects, and then open up access using other means. Also, if you want to expose reports and dashboards on any objects to external users (such as a partner), you must set the external org-wide default to private.

Another thing to keep in mind is that the external org-wide default can’t be more permissive than the internal one. That means that if your internal Salesforce users have Public Read/Write access on cases, your external users can’t have Public Read/Write/Transfer access.

Note

When the Secure guest user record access setting is enabled in Setup | Sharing Settings, guest users aren't considered external users. Guest users’ org-wide defaults are set to Private for all objects, and this access level can’t be changed. You can open up access to guest users with other sharing mechanisms, such as sharing rules.

Setting and Testing External Org-Wide Defaults

Since Ursa Major has decided to expand sales via partners, setting external org-wide defaults is a must.

Maria wants to restrict external access to opportunities while allowing internal Ursa Major Salesforce users the flexibility to see any opportunity. In order to meet that requirement, Maria changes the default internal and external access settings.

  1. From Setup, enter Sharing Settings in the Quick Find box, then select Sharing Settings.
  2. Click Edit in the Organization-Wide Defaults area.
  3. For the Account and Contract and the Opportunity objects, set the Default Internal Access to Public Read Only and the Default External Access to Private.
  4. Click Save. Click OK if you get any popups or warnings.

Now let’s see how this external org-wide default change affects what people actually see in the Salesforce org and in the Ursa Major Partner portal.

Add Opportunities to the Navigation Menu

In order to see opportunities in the Ursa Major Partner portal, you first have to add the Opportunity object to the portal’s navigation menu.

  1. From Setup, enter Digital Experiences in the Quick Find box, then select All Sites.
  2. Click Builder next to the Ursa Major portal.
  3. Click anywhere on the Navigation Menu bar (1) and then click the Edit Default Navigation button (2).
    Detail of the navigation menu
  4. Click Add Menu Item.
  5. Drag New menu item to be nested under Sales.
  6. Change these properties:
    • Name: Opportunities
    • Type: Salesforce Object
    • Object Type: Opportunity
    • Default List View: All Opportunities

  1. Click Save Menu.
  2. Click Publish, then Publish again, and then Got It.

Test Opportunity Visibility in the Ursa Major Partner Portal

Log in to the Ursa Major Partner Portal as your system administrator. The easiest way to do this is from Salesforce Setup | Digital Experiences | All Sites | [site URL] . Navigate to the Opportunities menu item that you just added under Sales. Look at all those opportunities!

Now log in to the portal as Josh Davis. The easiest way to do this is via the Log in to Experience as User option on Josh’s contact record. From the App Launcher, select Contacts, click Josh Davis’s name to open his contact record, and from the quick actions dropdown menu, select Log in to Experience as User.

Navigate to the same Opportunities menu item, and select the All Opportunities list view. You shouldn’t be able to see any opportunities. Good job!

Resources

Salesforce Help: Set Your External Organization-Wide Sharing Defaults

Salesforce Help: Sharing Rules

Video series: Who Sees What in Experience Cloud

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback