What should be defined to avoid ambiguity about record access in sharing rules?

Defining organizational-wide defaults (OWD) is crucial to establishing a clear baseline for record access within the Salesforce platform. OWD settings dictate the default level of access that users have to records they do not own. By specifying these defaults, organizations can ensure that there is a defined and consistent level of visibility and access across different objects, thereby avoiding ambiguity in sharing rules.

Once the OWD is set, sharing rules can then be created to provide broader access or share specific records with designated groups, roles, or users. This layered approach to sharing ensures that everyone understands the foundational access restrictions and any subsequent expansions of access provided through role hierarchy, sharing rules, and manual sharing.

While sharing settings for all objects, profiles, and group memberships are important components of Salesforce's security model, they function within the framework established by the OWD. Without clearly defined organizational-wide defaults, the sharing rules may become confusing or contradictory, leading to potential security issues or access problems within the organization.