I have 3 custom objects in Salesforce:

• Patient
• Doctor
• Appointment

Appointment is a junction object with:

• Master-Detail relationship to Patient
• Master-Detail relationship to Doctor

I set:

• Patient OWD = Private
• Doctor OWD = Public Read/Write

There are 2 users and both users can create Patient, Doctor, and Appointment records.

My confusion is:

Since Appointment has 2 master-detail parent objects, which parent controls the Appointment record access?

If Patient is Private but Doctor is Public Read/Write, then what will happen to Appointment record visibility?

I only learned OWD and role hierarchy yet, not sharing rules.

I have a Salesforce data model with the following setup:

• Doctor (Parent object)
• Patient (Parent object)
• Appointment (Junction object)
  • Master-Detail relationship with Doctor
  • Master-Detail relationship with Patient

OWD settings:

• Doctor → Public Read Only
• Patient → Private
• Appointment → Controlled by Parent

User scenario:

A Receptionist user:

https://preview.redd.it/bwu9iu46mv1h1.png?width=871&format=png&auto=webp&s=54bf88074c50e76be0a972b327d8e0882203803a

• Can create Appointment records
• Can select Doctor and Patient from lookup fields
• Can see only their Patient records which they owened

❗ Issue:

When the Receptionist tries to create an Appointment record, they get this error:

>

The error disappears only when I change Doctor OWD to Public Read/Write, but I want to keep proper security (not full access).

❓ Question:

Why does Appointment creation fail even when:

• Doctor is Public Read Only
• Patient access is controlled via sharing rules
• Receptionist has create permission on Appointment object

And what is the correct way to design sharing so that:

• Receptionist can create Appointment
• But Doctor remains not fully open (no Public Read/Write)

If anyone can explain the correct best practice for handling Junction Object + OWD + Sharing Rules, it would really help.