How can a developer restrict access to records?

Changing organization-wide defaults is an effective way for a developer to restrict access to records within Salesforce. Organization-wide defaults (OWD) define the baseline level of access that all users have to records of each object. By setting OWD to more restrictive options such as "Private" or "Public Read Only," developers can ensure that users have limited visibility and access to records, which helps maintain data security and ensures that only those with the necessary permissions can view or edit records.

For instance, setting an object to "Private" means that only the record owner and users above them in the role hierarchy can access that record, thereby restricting access significantly. This is a foundational approach within Salesforce security modeling, allowing for customizations depending on business needs.

Other options, while they can influence access, do not inherently restrict access as directly as changing the organization-wide defaults does. Manual sharing allows users to share specific records but does not set a baseline restriction. Creating a new role hierarchy may manage access more effectively but generally relies on the existing OWD settings. Public groups facilitate sharing but do the opposite of restricting access.