Print this page

Attachments can be Downloaded without Authenticating when Using a URL

Knowledge Article Number 000206698
Description Users are able to download attachments associated with objects in the Community without first logging into that Community. 

This occurs when:
  • Public Access on the Community is set to "Allow access without Login".
  • The Guest Profile in the Community is granted at least Read access to the object associated with that attachment.
With this setup, users will be able to download attachments without authenticating by using the file download URL that contains the attachment's record ID.

Example URL:

In this URL, replace 'customdomain' with the custom domain for your Community, and the 00Pxxxxxxxxxxxx with the record ID for the attachment. 
Resolution To instead route the URL to the Community login page, Read access for the Community's Guest Profile must be removed from the object in which the records reside. 

promote demote