Suppose i create a new object called "XXXX". Now profile called "AAAA" doesn't have read, create, edit permission on it.
Q1: What would happen if I create a record of object "XXX" and share it with user which has profile "AAAA" and give him "Edit" permission on the record? Would user be able to see the record or edit the record? please qualify your answer.
Q2: Can anybody explain in what order access on record or object is granted in terms of OWD, Sharing rule, Role and profile?
Q3: If i set OWD setting as Public Read/Edit on Object "XXXX" but profile "AAAA" don't have read, create and edit permission on Object "XXXX" then the user who owns profile "AAAA" would be able to see and edit the records of object "XXXX"?
Q4: What would happen if profile "AAAA" has only Read permission on Object "XXXX" then user who owns profile "AAAA" would be able to see and edit ALL the records of object "XXXX"?
Q5: In order to work out OWD setting, at least profile must have Read permission on that particular object?
Q6: The user who is higher role in hierarchy would get owner permission on the records created by user who are lower in the roles means he can edit and delete the record as well. Is that correct?
Best Answer
Imagine you have two users. Both are in the same profile, which allows them to Create, Edit object XYZ. But these two users are in different parts of the role hierarchy.
If User A Creates an XYZ, can user B edit it? The answer is only if the record is shared with him. If the Org Wide Default is Private then he will not even be able to see the record that User A has created (unless it is explicitly shared with him). He can still create his own XYZ records, and edit those. Likewise if the Org Wide Default is public read only, User B could see it, but not edit it despite what his profile allows. He can edit only his own records or those shared with him.
Sharing also works up the role hierarchy. So User A's boss can see the XYZ record that User A created. If his profile allows, he can edit it, but his profile may not.
You can think of the profile as "What can a user do with the XYZ object" and the sharing as "Which particular XYZ records can he or she do it with"
Does this help clarify?
EDIT--- Answering your additional questions
If OWD is Public Read / Write but the profile does not have access to Read or to Edit then you cannot Read or Edit.
If OWD is Public Read / Write on object XYZ and profile has Read permission but not Edit, then the user with that profile can only Read XYZ (all of them)
If a user doesn't even have Read access to object XYZ then they cannot see any object XYZ regardless of the Org Wide Default.
Not correct - the owner who is higher on the role hierarchy has sharing access to all the XYZ that his subordinates own. However, if the higher user has a profile which doesn't include read or edit then he cannot read or edit those records.