Loading
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Secure Data Accessible by Guest Users

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Secure Data Accessible by Guest Users

            Protect your data by securing the data created by unauthenticated guest users prior to Salesforce’s enforcement of the guest user security policies in the Winter ’21 and Spring ’21 releases.

            Required Editions

            Available in: Essentials, Enterprise, Performance, Unlimited, and Developer Editions

            Secure records that were created by or shared with guest users before the enforcement of the guest user security policies in the Winter ’21 and Spring ’21 releases. This data includes records created before Winter ’21 that are:

            • Owned by guest users
            • Shared to queues or public groups that a guest user is a member of
            • Shared with a guest user manually or using Apex-managed sharing

            After the enforcement of the new security policy in Winter ’21, guest users could no longer own records, be added to queues or public groups, or have records shared with them using manual- or Apex-managed sharing. However, the security policy didn’t work retroactively: If guest users had access to records before Winter ’21, they continue to have access until you secure the records.

            • Discover Which Records Are Available to Guest Users
              Use Authenticated and Guest User Access Report and Monitoring, available for free on AppExchange to see which objects and permissions users can access from your public sites. The report shows you the total number of records per object that users can access. The report also categorizes records owned by users, records shared with manual or Apex sharing, and queue or public group membership information.
            • Reassign Records Owned by Guest Users
              After the enforcement of the security policies introduced in Winter ’21, any record created by guest users is assigned to a default internal owner. However, guest users still own records they created before Winter ’21.
            • Remove Guest Site Users from Queues and Public Groups
              Queues and public groups created before the Winter ’21 enforcement of guest user security policies can still have guest site users as members. Guest users being part of a queue or public group is a concern because any record shared with the public group is visible to the guest user, which can be anyone on the internet. Also, it’s possible that other members in the group aren’t aware of the guest user’s access to their records.
            • Remove Records Shared Manually or via Apex Managed Sharing
              With the Guest User Access Report, you can find records that were shared with guest users manually or via Apex sharing before the Winter ’21 enforcement of the guest user security policy. You can then delete the records manually or by using DataLoader.
             
            Loading
            Salesforce Help | Article