Guest users typically don’t need access to view all users in a
Salesforce org, so to promote data security, we disabled the View All Users permission in guest
user profiles. If you have a production org that was created before Winter ’20, we recommend that
you check guest user access and deselect the View All Users permission in all your guest user
profiles. To enhance security, we also removed these permissions from the guest user profile: Can
Approve Feed Post and Comments, Enable UI Tier Architecture, Remove People from Direct Messages,
View Topics, and Send Non-Commercial Email.
Where: This change applies to orgs with active communities in Enterprise, Essentials,
Unlimited, Performance, and Developer editions.
When: The timelines for the rollout and enforcement of this setting are
published in Guest User Security
Policies and Timelines.
How: These changes are auto-enabled in your org. However, you can opt out. In the Summer
’20 release, these changes are mandatory and you no longer have the option to opt out.