The organization-wide default sets us a base level for access to the object. We can open the access using role hierarchies and sharing rules. Sharing rules can create automatic exceptions to the organization-wide defaults. We can create sharing rules based on the record owner and field values. We can share the records with users for the objects that are set as Private and Public Read Only using sharing rules. Sharing rules can only expand the sharing of the records, if the records are marked as Private or Public Read Only. If the user can see the records with organization-wide defaults, we can restrict them using sharing rules.
Let's set up the sharing rules:
Finally, the last option in sharing is the manual sharing option given to the individual users with full access to a record. It is used if the organization-wide default access for the object is set to Private. This is generally done by a record owner for a single record. Only the record owner and users above the owner in the role hierarchy are granted full access to the record. It is not possible to grant other users full access.
Users with the Modify All object-level permission for the given object or the Modify All Data permission can also manually share a record. User-managed sharing is removed when the record owner changes or when the access granted in the sharing does not grant additional access beyond the object's organization-wide sharing default access level.
Sharing can be a bit complex because we need to fix the complex business problems using different tools, so here is a quick guide to understand sharing:
3.143.4.181