On Tuesday, June 13, 2023, Salesforce announced a new tool to help organizations review the guest user settings for their Experience Cloud sites.
The Salesforce customers use Experience Cloud sites in unique ways, and the desired settings for guest user permissions of these sites may vary accordingly. In fact, they are built on different frameworks (all of which are accessible to the guest users): Visualforce, Aura, and Lightning Web Runtime (LWR). As these websites contain sensitive information pertaining to different levels, it is imperative for the customers to review the guest user permissions. A guest user is a person who accesses the Salesforce site or the Experience Cloud site (or Community) from the public Internet, without any requirement to log in.
Introduction of New Tool
There had been a data vulnerability detected by Salesforce platform wide, the root cause of which was identified after a month of review. As a result, they created a new report/tool that is available within the Salesforce org that indicates which data points in Experience Cloud could lead to data vulnerabilities from a security standpoint.
How to Use the Tool?
As a Salesforce solutions provider, we suggest that you analyze all the rows thoroughly and authenticate the intent of sharing a specific object with the guest users. From ‘Setup’ option in the Quick Find box, enter ‘Guest User Access’ and choose the ‘User Sharing Rule Access Report’.
- Choose a site from the dropdown list and evaluate the report. Confirm that the guest user requires access to these fields, objects, and records. Repeat this site for every site in your org.
- If there are fields which are at risk of being unduly accessible, update the object-level access by gaining access to the guest user record or update the access levels in the permission set, profile, or permission set group. You can obtain access to the guest user record with the help of the link from the ‘Guest User Sharing Rule Access Report’ page or via the Digital Experiences > (Your Site Name) Builder > Settings > General > (Your Site Name) Profile.
- If the access to records has been obtained through a guest sharing rule, assess the criteria of that rule.
- As always, we strongly acclaim that you test any changes in a sandbox environment before introducing the changes to a production site.
We strongly recommend using this new tool to carefully evaluate your organization’s Experience Cloud guest user settings to prevent unintended access to data. To verify which objects and fields are accessible to the guest users, we suggest that you use the ‘Guest User Sharing Rule Access Report’ page in Setup. We recommend this report to be run for all existing businesses that have communities or any form of Experience Cloud implementation.
How to Run the Report?
- Login to Salesforce
- Go to Setup
- Navigate to Security –> Guest User Sharing Rule Access Report
- Select a site
- It will show the vulnerability report
The newly introduced Salesforce tool serves as a remedial measure to all the future data vulnerabilities caused by unwanted data access through generating the vulnerability report of each site evaluated in an org.
For any further questions, feel free to reach us at email@example.com.