We set our Account and Contact OWD (Organization-Wide Defaults) sharing to Private. But somehow a user still can view Account not owned by him or sharing to him. Why?
Luckily Salesforce help us as admin to be Sherlock Holmes to track this.
1. Go to the effected account page layout
2. Click Sharing button, make sure it is added to Account page layout and you login as system admin
3. Click 'Expand List' button
4. Look for the user able to view the account and click Why? link
In this last screen, look for 'Reason for Access'.
In my case, I found that user able to view that Account, because there is a Read/Write sharing rule in the Contact to allow user to edit the contact. But, somehow Salesforce give Read Only permission for that user to View Account that tagged to Contact where user get access from Contact sharing rule.
Interesting??? There is so many secret within Salesforce.