1. User able to access the record
There are few scenario:
- Organization-Wide Defaults sharing setting on that object is Public Read Only or Public Read/Write; or
- Sharing rule added based on record owner or criteria for Public Groups or Roles; or
- User is the owner of the records; or
- User in higher role hierarchy of record owner; or
- User profile have "View all Data" or "Modify all Data" permission
2. User see Delete button
This is happened because:
- Delete button is added in record page layout; and
- User profile have permission to delete that object
3. Error 'Insufficient privileges'
The ability to delete records in Salesforce is controlled by the role hierarchy. Setting a sharing model to "Public Read/Write" alone does not give users the right to delete others records. There are 2 scenarios in which a user can delete a record:
- The user attempting to delete the record is a System Administrator.
- The user attempting to delete the record is the owner, or higher on the role hierarchy than the record owner.
Any other user that attempts to delete a record will receive an "Insufficient Privilege" error message.
Those below you on the role hierarchy may have read/write privileges according to the sharing model rules, however, they may not delete information from those individuals above them in that hierarchy.
For complete knowledge from Salesforce, click here.