Apex Practice Questions

The Foundation: Org-Wide Defaults

The Org-Wide Default (OWD) serves as the strategic baseline for record access, defining the standard visibility for every object before any sharing expansion occurs.

Audience Segmentation // Hover to Expand

01

Internal

Whenever sharing settings are modified, they are recalculated for all the existing records.

A notification email is sent automatically once the recalculation process is completed.

02

External

You can define the sharing separately for external users. This provides maximum flexibility to configure access specifically for partners.

Best Practice:

Set the object to Private for external users and Public Read Only or Read/Write for internal users.

Note: The default external user access can either be equal or more restrictive than the internal access configured.

03

Guest

Highly restricted access for unauthenticated public users visiting your sites.

The Three Tiers of Sharing

Private Public Read Only Public Read/Write

Controlled By Parent

Implies a **Master-Detail** relationship where the child inherits security settings directly from the parent.

The Office Metaphor

Visualizing data visibility through building architecture.

🔒

Private

"Solid Walls: Only your own office is visible."

👁️

Public Read Only

"Glass Walls: See everything, touch nothing."

🔓

Public Read/Write

"Open Doors: Full collaborative access to every room."

Role Hierarchy

04

CEO Full Executive Visibility

03

VP of Engineering Department Head

02

Technical Manager Team Supervisor

01

Junior Developer Record Owner (Private OWD)

Source

Access Inherited Upward

Hierarchy Logic

To grant access to people above our role in the hierarchy ladder, we can select the 'Grant Access using hierarchies' option.

This enables access for any user above the current role in the vertical chain. For Custom Objects, this feature can be toggled to restrict hierarchical access if needed.

Administrative Overrides

If users have View all Data or Modify all Data permissions, the access is automatically available even if the hierarchy checkbox is unchecked.

Bypasses OWD Restrictions

Expert Insights

Relationship Transition

If a child object is **removed** from a master-detail relationship, the system automatically adjusts its standalone security profile.

OWD Automatically set to Public Read/Write

Hierarchy Grant Access checkbox set to True

Dynamic Recalculation

User movements within the hierarchy trigger immediate background security updates.

"When a user’s role is changed, the sharing rules are automatically reapplied based on their new position in the hierarchy."

System-level automation ensures data integrity

Core Principles

Sharing Rule Mechanics

Sharing rules give specific users greater access by making automatic exceptions to the org-wide default sharing settings.

"Sharing Rules can never be restrictive; they are only used to open up access."

Operational Logic

When OWD is set to Private or Read Only, Sharing Rules act as a bypass to open access to specific Public Groups, Roles, or Territories.

Relationship Transition:

If a child object is removed from a master-detail relationship, the OWD is set to Public Read/Write and hierarchy access is automatically enabled.

"System Behavior: When a user's role is changed, sharing rules are automatically reapplied based on the new role."

Sharing Rule Classifications

UK Sales

Lateral Flow

APAC Sales

Owner Based

Share records owned by UK Sales with APAC Sales based on role ownership.

Criteria Based

Share records with IT Public Group if Department field is set to "IT".

Note: Up to 300 rules total per object, including a max of 50 criteria-based rules.

Data Fortress: Architecting Sharing & Visibility