Skip to main content

SF-0056 · Concept · Medium

What is grant access using hierarchies?

✓ Verified by Vikas Singhal · Last reviewed 5/17/2026

Grant Access Using Hierarchies is a per-object setting in Sharing Settings that decides whether Salesforce automatically extends record access upward through the role hierarchy. When it’s on, a manager sees every record owned by users below them — no sharing rule needed. When it’s off, the role hierarchy stops influencing record visibility for that object, and access must come from OWD, sharing rules, manual sharing, or Apex sharing instead.

Where it lives and what it controls

In Setup → Sharing Settings, each object has a checkbox: Grant Access Using Hierarchies.

  • Standard objects (Account, Opportunity, Case, Lead, Contact): the setting is always on and you can’t turn it off.
  • Custom objects: the setting is on by default and you can turn it off.

Whether the setting is on or off only matters when the OWD is Private or Public Read Only. On Public Read/Write, everyone already has full record access — hierarchy access is moot.

What “upward through the hierarchy” actually means

If Alice (role: Sales Rep) owns Opportunity #123, and Bob’s role (Sales Manager) sits directly above hers, then with this setting on:

  • Bob sees Opportunity #123 with at least the same access level the OWD grants others — typically Read, and Read/Write if Bob’s role is parent in the hierarchy and OWD is Private. Effectively, Bob gets full Read/Write on records owned by users beneath him.
  • Carol (CEO), above Bob, sees all of Bob’s reports’ records and Bob’s own records too.
  • A peer of Bob in a different team sees nothing — hierarchy access is strictly up the same branch, not sideways.

When you’d turn it off (for custom objects)

Common reasons to disable Grant Access Using Hierarchies on a custom object:

  • HR or compensation custom objects — managers shouldn’t see records belonging to their reports unless explicitly shared. Disable the setting, then build precise sharing rules.
  • Customer-confidential data captured in a custom object where only the rep should see their work, never their manager.
  • Audit / compliance records where only the assigned investigator should see the record, regardless of hierarchy.

Once disabled, the only ways for someone above in the hierarchy to see the record are: a sharing rule, manual share, team membership, Apex share, or View All / Modify All on the object.

Practical scenario

“OWD for the custom object Employee_Compensation__c is Private. We need only HR (specific people) to see the records, not the employee’s manager or VP. How do you configure this?”

The cleanest answer:

  1. Setup → Sharing Settings → Custom Object Settings → Employee_Compensation__c → Edit.
  2. Uncheck Grant Access Using Hierarchies.
  3. Save.
  4. Create a sharing rule that shares all Employee_Compensation__c records with a public group called “HR Team”.

Without step 2, every VP and manager above the record owner would inherit visibility — defeating the whole point.

Common interview follow-ups

  • Can I turn off Grant Access Using Hierarchies on Account? No. Standard objects don’t allow it.
  • Does this affect manual sharing or sharing rules? No — those continue to work. The setting only controls the automatic hierarchy-based share.
  • What about View All Data / Modify All Data? Those bypass the entire sharing model, including this setting. A sysadmin still sees the records.
  • What if my custom object is the child of a master-detail relationship? Access is governed by the parent’s setting, not the child’s. Disable hierarchy access on the parent if you want to block managers.

Verified against: Salesforce Help — Controlling Access Using Hierarchies and Sharing & Visibility Architect resources. Last reviewed 2026-05-17.