Who can see what in Salesforce.
Field-tested guides on record and file access — sharing rules, role hierarchy, manual shares, teams, territories and the why behind every grant.
-
FilesFiles and guest / Experience Cloud users: exposure risks
How files become visible to guest and Experience Cloud users in Salesforce — the Visibility field, Set by Record sharing, and the misconfigurations that leak data.
-
FilesSalesforce public file links: security, expiry, passwords
Public links let anyone with the URL view a Salesforce file — no login. How they work, the expiry and password controls, and how to keep them from leaking data.
-
FilesHow file sharing works on records (ContentDocumentLink)
The data model behind Salesforce Files: ContentDocument, ContentVersion and ContentDocumentLink — and how ShareType and Visibility decide who can see a file.
-
Permissions"View All / Modify All" in Salesforce — the bypass to watch
View All and Modify All quietly bypass the Salesforce sharing model. What they do, where they come from, who to check, and why they matter for AI agents.
-
ProfilesProfiles vs permission sets vs sharing rules in Salesforce
Profiles and permission sets control object and field access; sharing rules control which records. How the two-check model decides what a user can actually do.
-
TroubleshootingA user can't see a record they should — how to fix it
Why a Salesforce user can't see a record they should — a checklist across object permissions, field-level security, sharing and restriction rules.
-
AgentforceAuditing record access before you deploy an AI agent
A practical pre-deployment playbook to audit what an Agentforce agent's user can actually see — object and record level — so it can't surface data it shouldn't.
-
Implicit sharingImplicit sharing in Salesforce, explained
Implicit sharing is the automatic, built-in access between accounts and their child records (and portal users) that no one configures — and the access people forget.
-
Restriction rulesRestriction rules vs scoping rules vs sharing rules
Sharing rules open access, restriction rules reduce it, scoping rules just set the default view. How the three differ and when to use each.
-
Org-wide defaultsOrganization-Wide Defaults (OWD) in Salesforce, explained
What org-wide defaults are, the access levels, internal vs external defaults, and why every other sharing mechanism can only open access above the OWD baseline.
-
Sharing rulesSharing rules vs role hierarchy in Salesforce: the difference
Role hierarchy grants access automatically up the org chart; sharing rules extend access sideways by criteria or ownership. When to use each, with examples.
-
TroubleshootingA user can see a record they shouldn't — how to find why
A step-by-step way to diagnose why a Salesforce user can see a record they should not, across org-wide defaults, role hierarchy, sharing rules and shares.
-
AgentforceDo Agentforce agents bypass Salesforce sharing?
No — Agentforce agents run as a Salesforce user and inherit that user's permissions and sharing. Here is what that means for data exposure and how to stay safe.
-
FilesWho can see a file in Salesforce? File access, explained
How Salesforce decides who can see a file: private shares, files attached to records, library files, public links and guest users — and how to check access.
-
Troubleshooting"Insufficient access rights on cross-reference id" — how to fix it
What the Salesforce "insufficient access rights on cross-reference id" error means, the five things that cause it, and a step-by-step way to fix it.
-
Record accessWho can see a record in Salesforce? How access is actually decided
A practical guide to how Salesforce decides who can see a record — org-wide defaults, role hierarchy, sharing rules, manual shares, teams and territories.