Assign New Records Created by Salesforce Sites Guest Users to a Default Owner

To increase the security of your Salesforce data, Salesforce Sites guest users are no longer automatically the owner of records they create. Instead, when a Salesforce Sites guest user creates a record, the record is assigned to a default record owner that you choose.

Where: This change applies to Salesforce Classic and Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions.

When: This change applies to Salesforce orgs created in Summer ’20 or later. It applies to existing orgs unless the Opt Out of Guest User Security Policies Before Summer ’20 critical update has been activated and to all orgs in Winter ’21.

Why: Having an internal org user be the owner of records created by guest users is a Salesforce security best practice. If you activated the Opt Out of Guest User Security Policies Before Summer ’20 critical update, make sure you apply and test this change before Winter ’21, when it’s applied to all orgs.

How: The Salesforce Site owner is the default owner for records created by a Salesforce Sites guest user. To select a different default record owner for your Site, enter Sites in the Quick Find box, then select Sites. When creating a Site or editing an existing Site, select a user in the Default Record Owner lookup. Click Save.

If the Opt Out of Guest User Security Policies Before Summer ’20 critical update is active in your org, you must manually activate the Site setting before selecting default record owners. From Setup, in the Quick Find box, enter Sites, then select Sites. Select Assign new records created by Salesforce Sites guest users to a default owner and click Save.

Note

Note

Your communities are also listed on the Sites Setup page. To assign a default record owner to a community, the Assign new records created by guest users to the default owner setting must be active. That setting is also automatically activated in Summer ’20 unless the Opt Out of Guest User Security Policies Before Summer ’20 critical update is active in your org.