Secure Guest Users’ Org-Wide Defaults and Sharing Model (Security Alert)

To increase the security of your Salesforce data, we‘re enforcing private org-wide defaults for guest users. We’re also restricting the sharing mechanisms that you can use to grant record access to guest users. If you have an org created before Winter ’20, we recommend that you review the external org-wide defaults, public groups, queues, and manual sharing that you use to grant access to guest users. Then replace the access previously granted by these sharing mechanisms with guest user sharing rules before the security alert is enforced.

Where: This change applies to orgs with active communities and sites in Enterprise, Essentials, Unlimited, Performance, and Developer editions.

When: The timelines for the rollout and enforcement of this setting will be published in the Securing Community Cloud group on the Trailblazer Community (Salesforce login required).

How: From Setup, enter Security Alerts in the Quick Find box, then select Security Alerts. For Secure Guest Users’ Org-Wide Defaults and Sharing Model, click Get Started. Follow the instructions in the step-by-step guides for reviewing guest user sharing settings and creating guest user sharing rules.