Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Control User Access to Your Experience Cloud Site Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Control User Access to Your Experience Cloud Site Control

            This control involves explicitly adding specific Profiles or Permission Sets to the "Members" section of a site’s Administration settings to define exactly which user groups are authorized to log in.

            Control Name

            Control User Access to Your Experience Cloud Site

            Recommended Configuration

            Set the Experience Cloud site’s profile to control customer and partner access.

            Control Overview

            This control involves explicitly adding specific Profiles or Permission Sets to the "Members" section of a site’s Administration settings to define exactly which user groups are authorized to log in.

            Security Risk If Not Configured

            If you do not add the appropriate profiles or permission sets to your Experience Cloud site’s membership, users (customers or partners) cannot access the site. Unintended data exposure may occur through Guest user access, or misconfigured Experience site profiles.

            Threat Scenarios

            An internal employee or an external partner with a valid Salesforce login discovers the URL of a highly sensitive "Executive Portal" and successfully logs in because their profile was broadly included in the site’s membership list.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Improper membership management results in cross-site data exposure and unauthorized access to proprietary community content, potentially compromising sensitive data.

            Higher Risk When

            • The site handles sensitive data.
            • Standard or default profiles are used, or other high-privilege internal profiles are added to external-facing sites, as this creates a bridge for internal data to leak into the public-facing community.

            Low Risk When

            • The site is intended to be a public informational knowledge base.
            • The company uses a unique profile to site mapping, making sure that a user’s permissions are tailored to the specific community they are accessing.

            Business and Integration Considerations

            Balancing ease of access with the need for data protection.

            Recommended Remediation

            Define a custom profile with the minimum access required, following the principle of least privilege that grants access to your Experience cloud site. Navigate to Experience Workspaces>Administration>Members, and make sure only the specific custom Profiles and Permission Sets required for that site are moved to the "Selected Profiles" list.

            Security Health Review Guidance

            Security Health Review identifies if you have not configured a profile to control login access to your Experience Cloud site, and recommends defining using a custom profile following the principle of least privilege.

            See Also

             
            Loading
            Salesforce Help | Article