Apex Code Development You need to sign in to do that
Don't have an account?
Reena Panimayam 5 Alternate for update Access for Guest Users
Hi All,
As per the recent Salesforce's "Guest User Security Policy", Salesforce recommends to enable the 'Secure Guest User Record Access', 'Assign Records Created by Guest Users to a Default Owner', 'Secure Guest Users' Org-Wide Defaults and Sharing Model', 'Remove View All Users Permission from Guest User Profiles'
We have few Guest User profiles in our Org, to which we provide the Edit/Modify All/View All accesses. As per the Salesforce Spring20/Summer20 Release notes, the Guest Users are not allowed to have the edit access anymore, they no longer going to be the default owner of the records they create, they no longer will be assigned to a Public Group and no longer have Object Permissions.
In this case, as its going to affect certain functionalities in our Org, we identified an alternate solution to provide access to the Guest Users, which is to declare our related 'Apex Classes' as 'Without Sharing' to run those classes in system mode.
My question here is, is this a best practice that can be opted as an alternate to provide edit access to our Guest Users? Or is there any other option for us to continue to provide the Guest Users the update access?
As per the recent Salesforce's "Guest User Security Policy", Salesforce recommends to enable the 'Secure Guest User Record Access', 'Assign Records Created by Guest Users to a Default Owner', 'Secure Guest Users' Org-Wide Defaults and Sharing Model', 'Remove View All Users Permission from Guest User Profiles'
We have few Guest User profiles in our Org, to which we provide the Edit/Modify All/View All accesses. As per the Salesforce Spring20/Summer20 Release notes, the Guest Users are not allowed to have the edit access anymore, they no longer going to be the default owner of the records they create, they no longer will be assigned to a Public Group and no longer have Object Permissions.
In this case, as its going to affect certain functionalities in our Org, we identified an alternate solution to provide access to the Guest Users, which is to declare our related 'Apex Classes' as 'Without Sharing' to run those classes in system mode.
My question here is, is this a best practice that can be opted as an alternate to provide edit access to our Guest Users? Or is there any other option for us to continue to provide the Guest Users the update access?
for sure this is not a best practice, but also let the guest user the Modify All permission is not good solution.
It will be preferred for the Guest User to manage (update/create) only the specific record on object configured in his profile.
Without Sharing is used to let the code be executed from a sys admin point of view.
The very important thing is to configure the security access for each profile to let them manage only allowed records.
Please mark as best answer
Claudio