AgentForceAccess
🇬🇧 English
Request early access
Implicit sharingSharing modelSalesforce admin

Implicit sharing in Salesforce, explained

Implicit sharing is the automatic, built-in access between accounts and their child records (and portal users) that no one configures — and the access people forget.

AgentForceAccess 3 min read
A parent account node cascading light down to child contact and case records

Of all the ways a Salesforce user can see a record, implicit sharing is the one nobody configures and almost everybody forgets. It isn’t a rule you create — it’s automatic behaviour baked into how related records work. Understanding it removes a whole category of “but I never shared that with them” surprises.

What implicit sharing is

Implicit sharing is access Salesforce grants automatically because two records are related — chiefly between an account and its child records (contacts, cases, opportunities), and for portal/community users. You don’t set it up, it doesn’t appear as a sharing rule, and most of it can’t be turned off.

It’s one of the layers in the full record access model, and the one most often missing from people’s mental picture.

The two directions

Child to parent: see the account behind the record

If a user can access an opportunity, case, or contact, implicit sharing gives them read-only access to that record’s parent account.

The logic is practical: you can’t usefully work an opportunity if you can’t see which account it belongs to. So Salesforce quietly grants the account context — read-only — to anyone who can see the child.

Access to a child record → read-only access to its parent account. Automatically.

Parent to child: account access reaching down

In the other direction, having access to an account can extend access to its child records (its contacts, cases, opportunities), governed by the account’s sharing settings. This is how account ownership and account-level sharing pull the related records along with them.

The exact read/write level depends on configuration, but the principle holds: account access is rarely “just the account.”

It’s (almost) always read-only

The defining trait: implicit sharing is read-oriented. Child-to-parent account access is read-only. If a user can edit a related record, that edit right is coming from a different mechanism — ownership, the role hierarchy, or a sharing rule — not from implicit sharing.

Portal and community implicit sharing

Experience Cloud / portal scenarios add their own implicit sharing behaviours so external users can see the related records they need (for example, a customer seeing the cases and contacts tied to their account). The same theme applies: automatic, relationship-driven, and not expressed as a rule you manage.

Why it’s the access people overlook

Here’s the problem implicit sharing creates for audits:

  • It doesn’t show up as a sharing rule in setup.
  • It isn’t the role hierarchy.
  • When you ask “who did we share this with?”, the honest answer is no one — it’s implicit.

So when a user can see a contact or account “they were never given,” implicit sharing through a related record is a prime suspect — and it’s the layer that manual reviews skip. This is a frequent cause behind the question in a user can see a record they shouldn’t.

Seeing the access nobody configured

The hard part about implicit sharing is precisely that there’s nothing to look at — no rule, no checkbox, just a relationship quietly granting read access. Reconstructing it by hand across every related record is impractical.

AgentForceAccess accounts for it automatically: when it explains why a user can see a record, implicit sharing through a related account or child record is surfaced and cited like any other grant — so the access nobody configured stops being the access nobody noticed.

Frequently asked questions

What is implicit sharing in simple terms?

It is built-in access that Salesforce creates automatically between a parent account and its child records (contacts, cases, opportunities), and for portal/community users. You do not set it up with a rule and you generally cannot disable it — it just happens because the records are related.

If I can see an opportunity, can I see its account?

Yes. Child-to-parent implicit sharing gives you read-only access to the parent account of any opportunity, case or contact you can access — so you have the context for the child record. It does not let you edit the account.

Does implicit sharing ever grant edit access?

The account-to-child implicit sharing is almost always read-oriented. Child-to-parent access to the account is read-only. If a user can edit a related record, that edit right comes from another mechanism (ownership, role hierarchy, sharing rule), not from implicit sharing.

Why does implicit sharing cause audit surprises?

Because nothing in setup shows it as a rule. The record's Sharing button may attribute access to the related record, and admins reviewing sharing rules and the role hierarchy simply never see an implicit grant listed — so it is the access that gets overlooked.

See it on your own org

AgentForceAccess explains, in plain English, why any user can see any record or file — across every Salesforce sharing mechanism.

Request early access