+ Start a Discussion
dfiredfire 

processing DML on Sites

I have a multi-part form, which cycles from page to page, collecting info, and then on the last page saves the SObjects that have been created along the way.

 

This includes a Person Account, and severl custom objects. I have enabled read/create perms on Accounts, Contacts, and the relevant custom objs in the Site Public Access Settings.

 

When I do this inside SFDC it works fine, however when I try from the public site it navigates from page to page, but when I try to save I get a 401 - Authorization Required page. I know its not the Confirmation page that is supposed to appear after the save as I tried by-passing the save and going directly to the confirm page, and it worked.

 

I assume this is something to do with perms on doing DML. I am only inserting. I am currently running in a sandbox.

Best Answer chosen by Admin (Salesforce Developers) 
osamanosaman

Yes I agree with you. But when you are developing the application for your own purpose, you can use without sharing token.


There is a reason why "without sharing" is available.

All Answers

AhmedPotAhmedPot

For sites you have guest profile available.Check the CRUD settings (create - read - update -delete) for the object as well as the field level security : is the Guest Profile (Public Access Settings) allowed to create the object ?

Ankit AroraAnkit Arora

Yes Ahmed is right, you have to give rights for objects on which you are performing DML on guest profile.

 

You can do this by following this path :

 

Setup > AppSetup > Develop > Sites > Click On your site > Public Access Setting > Give CRUD rights to your object.

 

Thanks

Ankit Arora

Blog | Facebook | Blog Page

osamanosaman

User "without sharing" token in your controller class.

Ankit AroraAnkit Arora

Hi,

 

Using "Without Sharing" is not the best practice to write a class. Security scan result will show error in class where we have used "Without Sharing" when we want to list the app on appExchange.

 

Best is to use security settings for conditional hide/display.

 

Thanks

Ankit Arora

Blog | Facebook | Blog Page

osamanosaman

Yes I agree with you. But when you are developing the application for your own purpose, you can use without sharing token.


There is a reason why "without sharing" is available.

This was selected as the best answer
dfiredfire

I took out the "with sharing" and it works! This is an internal application and won't be issued on the appExchange so this solution works.

 

btw, I had set the CRUD setting for the Sites guest profile but I think the issue was that some of the fields were hidden for this profile as they contain sensitive information. Since this form is a one-way submission, removing the sharing rules works best for our needs.

 

Thank you both for your help.