OWDs

Organization wide default in salesforce.com

Organization Wide Defaults in Salesforce.com are the baseline record-level security for the objects in an org.  These settings define the foundational security that any user in a Salesforce.com Org will have.  It is the only place in Salesforce.com where an administrator can actually limit what data users can interact with. The organization wide default determines the distribution of data with the user. We use the defaults in the object to determine which people across the role hierarchy can access which objects.

The four primary permission settings for OWD in Salesforce.com:

Private – Records are only available to the owners of the records

Public Read – All users in the org can read all of the records for an object

Public Read/Write – All users in the org can read and write to all of the records for an object

Public Read/Write/Transfer – All users in the org can read/write and transfer ownership of records for an object

To set up organization-wide defaults follow the simple method:

• First find out which user requires least access to an object. Set the organization-wide default to all the objects based on this user.
• Most restrictive record access is defined using a organization-wide default. Access to additional records is made available through the role hierarchy, sharing rules, and manual sharing.
• Changing organization-wide default settings can delete manual sharing if that sharing is no longer needed.

Limitations:
You can't change the organization-wide sharing default setting for some objects:

• Solutions are always Public Read/Write.
• Service contracts are always Private.
• The ability to view or edit a document, report, or dashboard is based on a user's access to the folder in which it's stored.
• Users can only view the forecasts of other users who are placed below them in the role hierarchy, unless forecast sharing is enabled. For more information, see Manually Sharing a Forecast.
• When a custom object is on the detail side of a master-detail relationship with a standard object, its organization-wide default is set to Controlled by Parent and it is not editable.