Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Security Alert)

This security alert is related to a critical update that gives you more control over which guest, portal, and community users can access Apex classes with @AuraEnabled methods in Aura and Lightning web components.

Where: This change applies to Aura and Lightning web components in Lightning communities, portals, and Salesforce Sites.

Why: When the associated critical update is activated, a guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. The critical update enforces user profile restrictions for Apex classes used by Aura and Lightning web components.

How: To view the security alert and see recommendations for your org, enter Security Alerts in the Quick Find box in Setup and select Security Alerts.