Secure Guest Users’ Org-Wide Defaults and Sharing Model (Previously Released Security Alert, Enforced)

Learn about the Secure guest user record access setting in this security alert, and how to safeguard your org’s data. This setting enforces private org-wide defaults for guest users and restricts the sharing mechanisms that you can use to grant record access to guest users. If you have a Salesforce org created before Winter ’20, we recommend that you review the external org-wide defaults, public groups, queues, manual sharing, and Apex managed sharing that you use to grant access to guest users. Then replace the access previously granted by these sharing mechanisms with guest user sharing rules before the security alert is enforced.

Where: This change applies to orgs with active communities and sites in Enterprise, Essentials, Unlimited, Performance, and Developer editions.

When: The timelines for the rollout and enforcement of this setting are published in Guest User Security Policies and Timelines.

How: Review the required actions before this security alert is enforced. From Setup, enter Security Alerts in the Quick Find box, then select Security Alerts. For Secure Guest Users’ Org-Wide Defaults and Sharing Model, click Get Started. Follow the instructions in the step-by-step guides for reviewing guest user sharing settings and creating guest user sharing rules.