Salesforce’s Summer ’20 release introduces changes that will severely impact Communities with guest user access. These updates—going live in the coming weeks, exact date to be announced—will cause major failures to your customer-facing Communities if you don’t take preventative measures.
Here’s what you need to know to protect your Communities from breaking.
Will it impact me?
In Salesforce’s words, new Community settings will “enforce private org-wide defaults for guest users and restrict the sharing mechanisms that you can use to grant record access to guest users.” They will also remove “various obsolete user permissions from guest user profiles to enhance data security.”
Practically, this means that new rules will impact any active, public facing Salesforce Community that allows guest users to create, edit, or query records. Ensure that you review all of your Community settings in depth to determine if these changes will affect you. Salesforce recommends running the Guest User Access Report to review how guest users in your public Communities can currently access objects.
What will go wrong?
This update will cause your Community to break if guest users attempt to create, edit, or query records.
How can I protect my Salesforce Community?
To protect your Community, we recommend reading the resources at the bottom of this page in full, and consulting an expert if you are unsure of anything. Here is a summary of basic steps you should take to protect your Salesforce Community.
- Define a guest site user who will own records.
- Create a sharing rule on all all relevant objects the guest site user is required to access.
- Update classes that do edits on behalf of the guest site user to use without sharing notation. This includes any class called by the guest site user that does a query and edit operation.
- Assign apex classes to the guest site user profile.
To adequately protect your system prior to the updates, we recommend reading the following resources: