Every operation in Salesforce is executed as a specific user. Hence, the data visibility changes as per the current context user’s record access. These users are authenticated with specific username and password. Their record access depends on several factors like OWD, sharing rules, manual sharing, profiles and permission sets assigned to them. They log into Salesforce with their credentials to access data; On the contrary, a Guest user can access Salesforce data underneath a site without any authentication. Each force.com site or an Experience site has specific Guest user profile. Earlier a site’s public user record access was decided by the usual record access features mentioned above. To enforce data security, Salesforce had released some important updates called Secure Guest User Policy which is part of Winter ’21. Now, it is enforced after the Summer ’21 release. In this article, we are going to check this security policy changes and finally we are going to analyse the possible ways to mitigate maximum impact or reduce the impact.
How to access Guest user Profile of a Site?
Accessing from the Salesforce Setup
Navigate to Salesforce Setup in Lex User Interface Sites and Domains Sites
From the listed Sites, click the site label that you wish to access guest profile.
Then, click the “Public Access Setting” as per the below image.
Accessing from the Experience builder
To access from experience builder, click the Settings gear icon from experience builder and click the Profile hyperlink under the Guest User Profile section.
Guest user policy changes
- Guest user cannot own a record in Salesforce. Whenever a guest user creates a record, it gets assigned to the default owner for the org. For the experience sites, we can assign default owner under Experience builder -> Administration -> Record Ownership section. Refer below image.
Also, we cannot transfer the ownership of an existing record to guest user. Records created by guest user must be assigned to default user.
- OWD for any object is set to Private by default for guest users. It cannot be changed. Read only is the maximum record access that we can provide to a guest user. That too is given through special sharing rule called “Criteria based Guest User Sharing Rule”. Controller “Without Sharing” context or “Manual Sharing” will also not work as far as the guest user is concerned. Refer the below image with guest user sharing rule for Case object.
- Guest user cannot update or delete a record. Read and create is the maximum profile level access that we can enable to guest user. Also, the View all and modify all permissions are no longer available to site guest profiles to avoid unconditional record accessibility. Refer below image that shows object permissions for guest users.
- Public groups or queues cannot have site guest users.
- Guest users are allowed to upload file by enabling “allow site guest users to upload files” checkbox under Salesforce Files Settings in Setup. Also make sure the parent record to upload files is shared with the guest user. Otherwise, file cannot be uploaded due to insufficient rights. If you are accessing file upload from experience site, Default owner for the guest user record must be set.
How to handle this?
- If you are using service components like record edit form based custom component, keep everything in the browser until record insert. Because after the creation of record, a guest user will lose edit access to his own record. Extensively use event. prevetdefault() and submit the form as a record insert. Or in the custom components, keep the collected object data as strings. After passing them to Apex controller, parse them in the controller and insert as specific object record.
- Use the guest user sharing rule extensively to share object records.
- If you are facing difficulties with record access, try to move that specific part to system context. In other words, try to move them to system mode-based flow, process builder or apex trigger. This will greatly help us to mitigate the record sharing and edit access restriction.
We “MST-ians” have in depth of experience in handling these site guest user related upgrades and have successfully reduced the impact in some of the assignments that we did. Below, we have given the glimpse of some guest user functionality that we manged.
- An experience site with complex registration and login procedure.
- Payment gateway that involved with public sites.
- Anonymous form submissions. (Grievance or complaints)
- Allowing user to upload enormous size files as a guest user.