Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Record Access Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Record Access Control

            This setting enforces a mandatory private sharing model for unauthenticated users, so that they can only access records specifically shared with them through dedicated guest user sharing rules.

            Control Name

            Record Access

            Recommended Configuration

            In Organization-Wide Sharing Defaults Edit, turn on Secure Guest User Record Access.

            Control Overview

            This setting enforces a mandatory private sharing model for unauthenticated users, so that they can only access records specifically shared with them through dedicated guest user sharing rules.

            Security Risk If Not Configured

            Without this control active, guest users may inherit the same default internal or external access levels as authenticated users, potentially granting anonymous visitors the ability to view or edit records across the entire org. For example, Guest users may inherit the External Organization-Wide Defaults (OWDs), which are often too permissive for unauthenticated visitors.

            Threat Scenarios

            An anonymous user discovers a direct record URL or uses a search engine to find indexed pages that show sensitive internal data, such as private customer cases or employee contact details, due to overly permissive default sharing.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Large-scale unauthenticated leakage and PII exposure.

            Higher Risk When

            If the guest user profile has "API Enabled" and excessive object permissions (for example, Read access on sensitive objects) alongside a non-private OWD. This combination allows automated tools to extract data at scale rather than just probing individual records through the web interface.

            Low Risk When

            If the org has already manually set all external Org-Wide Defaults to "Private" and stripped the guest user profile of all object and field permissions. In this case, even without the master toggle, the individual layers of "Least Privilege" provide a defense-in-depth barrier against unauthorized access.

            Business and Integration Considerations

            Enabling this control forces a "Private" model, which may break legacy integrations or custom Lightning components that rely on guest users having broader access to upload files or update records. Salesforce admins must test these changes in a sandbox to identify where specific "Guest User Sharing Rules" or Apex without sharing logic are required to maintain business continuity.

            Recommended Remediation

            Go to Sharing Settings in Setup, click Edit in the Organization-Wide Defaults section, and check the box for Secure guest user record access.

            Security Health Review Guidance

            Security Health Review considers "Secure Guest User Record Access" mandatory. It enforces a private-by-default model to prevent unauthenticated data leaks to the web.

            See Also

             
            Loading
            Salesforce Help | Article