Loading
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Secure Guest Users’ Sharing Settings and Record Access

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Secure Guest Users’ Sharing Settings and Record Access

            Secure the access that unauthenticated guest users have to your org’s data.

            Required Editions

            Important
            Important Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.
            Available in: Salesforce Classic and Lightning Experience
            Available in: Essentials, Enterprise, Performance, Unlimited, and Developer editions
            User Permissions Needed
            To edit guest user sharing settings: Manage Sharing
            Important
            Important The Secure guest user record access setting is enabled in all Salesforce orgs with Experience Cloud sites and can't be disabled. The timelines for the rollout and enforcement of this setting are published in Guest User Security Policies and Timelines.
            1. From Setup, enter Sharing Settings in the Quick Find box.
            2. Select Sharing Settings.
            3. Select Secure guest user record access.
              When this setting is enabled, guest users:
              • Have org-wide defaults set to Private for all objects, including objects not listed on the Sharing Settings page. This access level can’t be changed. Child objects with a master-detail relationship that rely on a parent's sharing settings have an org-wide default of Controlled by Parent. The parent object's Private org-wide default is inherited by the child object, making it Private too.
              • Can’t be added to queues or public groups.
                • Guest users that were added to queues or public groups before this setting was enabled aren’t removed automatically. You must remove these guest users manually.
              • Can’t be given access to records through manual sharing or Apex managed sharing.
              • Can be granted Read Only access to records only through guest user sharing rules. Guest user sharing rules are a special type of criteria-based sharing rule and count toward the limit of 50 criteria-based sharing rules per object.
                Warning
                Warning The guest user sharing rule type grants access to guest users without login credentials. By creating a guest user sharing rule, you're allowing immediate and unlimited access to all records matching the sharing rule's criteria to anyone. To secure your Salesforce data and give your guest users access to what they need, consider all the use cases and implications of creating this type of sharing rule. Implement security controls that you think are appropriate for the sensitivity of your data. Salesforce is not responsible for any exposure of your data to unauthenticated users based on this change from default settings.

            See Also

             
            Loading
            Salesforce Help | Article