On March 1, 2020, Salesforce will begin a phased deployment of Guest User Security updates for Salesforce public sites (sites accessed by guest/unauthenticated users including Community Cloud). This setting enforces private org-wide defaults for guest users and restricts the sharing mechanisms that you can use to grant record access to guest users. At this time, the changes will be auto-enabled, however, you will have the ability to “opt-out” by disabling the new settings. In the Summer ’20 release, these changes will be mandatory and there will no longer be an opt-out option.
Here’s an overview of the most significant changes:
- Guest user external org-wide defaults will always be set to private.
- Guest users can only access records through criteria-based sharing rules.
- Guest users can’t have more than read access to data.
- Guest users can’t be members of public groups or queues.
- Guest users can’t be a target of manual sharing.
For our Community Cloud clients, this change will mean that any public-facing Communities pages will no longer be accessible.
Additional changes:
- Guest users can’t own newly created records; ownership of records created by guest users is transferred to a default owner (an active user in your org).
- The “View All Users” permission is disabled, and “Guest User Visibility” is introduced as an alternative.
While these changes will secure Guest Users and increase the protection of your data, they may change your org’s expected behavior and affect workflows. For this reason, we strongly recommend you opt-in to test the new security features and assess their overall effect on your org prior to enforcement on March 1, 2020.
To help you test these changes for your org, Salesforce is providing Security Updates that will guide you through the process of enabling the new features and testing the effect on your organization. To access these updates:
- In Setup, type “Security Alerts”.
- From the Security Alerts page, click each individual security update and follow the recommendations to reach 100% completion.
- NOTE: the warning message will disappear once you’ve completed all security updates.
Ultimately, these changes will work together to enhance the protection of your data. Below, please find several resources that further discuss the importance of these changes, how they benefit your organization, and how (and why) to secure your organization.
- Join the monitored “Securing Community Cloud” Trailblazer group, where you can ask questions and get access to helpful webinars and tools to assess the effect on your org.
- Read the “Everything You Need To Know About Securing Public Sites” blog written by the Community Cloud Product Team.
- Check out Secure Your Community or Portal.
Contact Fíonta if you have questions about the changes or would like assistance testing the new security features.