External User Access Best Practices

For best practices related to setting up access for guest users, see Securely Share Your Experience Cloud Sites with Guest Users.

Licenses

• Use internal and external licenses as required to prevent unauthorized or unintended access. For more information, see When to Use an Internal or External License in Salesforce Help.
• Verify what object access and capabilities are available in the different Experience Cloud user licenses so that you can set up your users’ access correctly.

Profiles and Permission Sets

• Following the principle of least privilege, keep external users’ permissions to a minimum.
• Create custom profiles for your external users instead of using the standard profiles associated with community licenses. In doing so, you can customize ‌the profiles to meet your business needs and avoid granting unneeded access.
• To make managing permissions easier, use permission sets and permission set groups instead of profiles. You can reuse smaller, scoped permission sets and avoid creating and maintaining so many profiles for different access requirements.
• Create user access policies to set access for external users automatically based on criteria, such as the user’s profile. You can also leverage user access policies to migrate users from profiles to permission sets and permission set groups more efficiently.

User and Personal Information Visibility

• Configure user sharing so that external users have the correct visibility to each other. For example, you can configure settings so that external users are visible only to themselves or only to other users in the same site and account. For more information, see Control Which Users Experience Cloud Site Users Can See.
• Protect privacy by hiding user fields if they contain personally identifiable information (PII). For more information, see Manage Personal User Information Visibility for External Users.

Record Access and Sharing

• Whenever possible, keep the external organization-wide default for objects set to Private, meaning external users have no access to records that they don’t own for these objects.
• You can have up to three account roles, which can help you set up access for different types of external users in an account. However, for better performance, we recommend that you keep the default one account role, and use other sharing mechanisms to increase visibility of records as needed. Optimize account roles to improve performance.
• Data visibility in the external account role hierarchy functions the same as the regular role hierarchy. Internal users can see records owned by or accessible to external users below them in the hierarchy when one of their subordinates is the account owner.
• Grant super user access sparingly to partner and customer users, because of the widespread data access it allows.
• Keep track of which public groups and roles include external users, and take caution when granting them access in sharing rules. Remember that public groups can be nested, meaning a public group can include another public group that has external users.
• When possible, use sharing sets and share groups to give access to records related to an external user’s account or contact, rather than sharing rules or other record access features. Sharing sets and share groups are tailored for external user access scenarios, making them more performant, secure, and scalable in these cases.

Access Reviews and Audits

• Periodically review access using the different access summary features:
  • Pick a user that’s representative of a specific account, persona, or role. Then, view that user’s access summary to see the user’s assigned permissions, public groups, and queues. You can click a permission's row-level action, and then click Access Granted By to see which feature is granting it. Remove any permissions or group and queue assignments that aren’t necessary.
  • Review permissions in permission sets and permission set groups assigned to external users to make sure the access level is correct.
  • Review public group membership and usage using its access summary. For example, see which users are assigned to a public group. And for public groups that contain external users, see through which sharing rules they’re gaining access to records.
• Review permissions included in profiles assigned to external users in Setup or using API queries.