Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Guest User Access: Site User Visibility Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Guest User Access: Site User Visibility Control

            This security setting determines whether users within a specific Experience Cloud site can discover and view the profiles of other members belonging to that same site.

            Control Name

            Guest User Access: Site User Visibility

            Recommended Configuration

            Sharing Settings>Organization Wide Sharing Default Edit>Set Site User Visibility to disabled/unchecked.

            Control Overview

            This security setting determines whether users within a specific Experience Cloud site can discover and view the profiles of other members belonging to that same site.

            Security Risk If Not Configured

            When this setting is enabled, it creates an environment where any authenticated user can bypass standard sharing logic to see the personal details and presence of every other member, leading to unauthorized directory exposure.

            Threat Scenarios

            A malicious portal user or a competitor with a valid login uses the search functionality to systematically identify and harvest the names and titles of all other customers or partners registered on the site.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Broad visibility into the site membership leads to a breach of privacy and can result in large-scale social engineering attacks or the unauthorized recruitment of your partners and customers by third parties.

            Higher Risk When

            Risk is higher in partner communities where exposing the identities of competing organizations could compromise sensitive business relationships or strategic alliances.

            Low Risk When

            If the site is a public help forum where member collaboration is the primary goal and users have already opted into sharing their profiles with the community.

            Business and Integration Considerations

            Disabling this visibility can hinder legitimate collaboration and networking features, such as direct messaging or public mentions, which may be essential for the success of a community-driven portal.

            Recommended Remediation

            Go to Sharing Settings in Setup, click Edit in the Organization-Wide Defaults section, and ensure that the checkbox for Site User Visibility is deselected.

            Security Health Review Guidance

            Security Health Review identifies the restriction of user visibility as a mandatory privacy standard, making sure that a user’s membership in a digital experience remains confidential and isn’t exposed to other participants without a specific business justification.

            See Also

             
            Loading
            Salesforce Help | Article