External objects in Salesforce are designed to allow users to work with data that resides outside of Salesforce, often in another system such as a database or through an OData service. One defining characteristic of external objects is that they don't support sharing rules in the same way that standard and custom objects do within Salesforce.
The absence of sharing rules for external objects means that they do not benefit from Salesforce’s built-in security models related to record visibility or access control. This limitation arises because external objects operate on data stored outside of the Salesforce platform, making it challenging for Salesforce to enforce its sharing models that govern internal data.
This characteristic affects how organizations can manage access to external data, as they cannot leverage the same sharing settings that they would use for conventional Salesforce objects. Consequently, data from external sources is made accessible at a higher, more generalized level, creating a potential gap in granular access management that can usually be controlled via sharing rules for internal data.