I would like all Account's to be private, however users can see any Account enabled with Customer Community if that Account Owner is in the same Role as them.
Using "Account Access", by clicking on "Why?", I can see that the Customer's role created automatically had the "Reports To" field set as the same Role of the Account owner. Therefore, anyone in the same role as the Account Owner would see that person's Account's through Role hierarchy.
The OWD for Account sharing is set to private, the organization only has a single Role configured for all users, and Account Teams are used for individual sharing.
For context: we will probably enable Account Role Optimization, however in testing that doesn't solve this issue, since the "Reports to" for the Person Role behaved the same way in testing.
I need to prevent exposing customer Accounts to people in the same Role as the Account owner, when those Account's are enabled with customer community.
Best Answer
External Roles (PC or CC+) exist in the role hierarchy under their respective Account Owner's Role, although you cannot see them when you view the role hierarchy.
Sounds like your sharing model is:
Thus, all of your Customer and Partner Roles exist under this single role. This means that all internal Users can see Customer and Partner Accounts.
Sounds like you don't want this.
Try this: