Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Guest User Access: Organization-Wide Sharing Default External Access Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Guest User Access: Organization-Wide Sharing Default External Access Control

            This control sets the most restrictive baseline for record visibility for all external users for org, so that no data is shared by default unless authorized through sharing rules.

            Control Name

            Guest User Access: Organization-Wide Sharing Default External Access

            Recommended Configuration

            Sharing Settings>Organization Wide Sharing Default Edit>Set Default External Access to Private.

            Control Overview

            This control sets the most restrictive baseline for record visibility for all external users for org, so that no data is shared by default unless authorized through sharing rules.

            Security Risk If Not Configured

            When external access is set to a public level, any unauthenticated guest or external partner can view or modify records they do not own, bypassing the principle of least privilege.

            Threat Scenarios

            An anonymous internet user goes to a public-facing portal and successfully views a list of all internal customer contacts or support cases because the underlying object sharing was left open to the public.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Maintaining permissive external defaults leads to the unintended disclosure of sensitive data, resulting in potential legal liabilities and a breach of data privacy regulations.

            Higher Risk When

            If the org-wide defaults for objects containing sensitive data (for example, financial information or personally identifiable information) are set to public read or write for the external user community.

            Low Risk When

            If the company has already implemented restrictive object-level permissions that prevent external profiles from accessing the data even if the sharing model is open.

            Business and Integration Considerations

            Moving to a private sharing model requires a thorough audit of existing business processes to make sure that legitimate external users still have the necessary sharing rules in place to perform their work.

            Recommended Remediation

            Go to Sharing Settings in Setup, click Edit in the Organization-Wide Defaults section, and update the Default External Access column to Private for all relevant objects.

            Security Health Review Guidance

            Security Health Review identifies a private external sharing model as a foundational security requirement, mandating that all external data visibility be explicitly granted rather than inherited through broad default settings.

            See Also

             
            Loading
            Salesforce Help | Article