You are here:
Remove Records Shared Manually or via Apex Managed Sharing
With the Guest User Access Report, you can find records that were shared with guest users manually or via Apex sharing before the Winter ’21 enforcement of the guest user security policy. You can then delete the records manually or by using DataLoader.
Any record shared with guest users manually or via Apex sharing is potentially accessible to any user accessing the site from the internet. There is a risk of data being inadvertently shared.
This query returns any records shared with the guest user manually or via Apex sharing.
SELECT Id,[ParentId],RowCause,UserOrGroupId FROM [shareObject] WHERE UserOrGroupId IN [userOrGroupIdList] AND RowCause != 'Owner' AND RowCause != 'Rule' AND RowCause != 'GuestRule'- Substitute
[parentId]with the correct field for standard object shares. For custom objects, it’s[parentId]. - Substitute the
[shareObject]with the value of the API name of the share object. For example, for theAccountobject, the share object is calledAccountShare. For a custom object calledCustom_Object_1__c, the share object is calledCustom_Object_1__Share. - Substitute the
UserOrGroupIdListwith a list of IDs for any Public Groups that the guest user is a part of, in addition to the record ID of the guest user record. Also, removing the guest user from any public groups is recommended, in which case this value can be the guest user record ID.
Delete these records manually or by using DataLoader.
Did this article solve your issue?
Let us know so we can improve!
