Set Your Org's External Org-Wide Defaults
External Org-Wide Defaults
External org-wide defaults give you full control over the baseline record access for site and portal users. This layer of protection ensures that you can define separate record access policies for internal users and external users.
Check out this video for a quick overview of external org-wide defaults and how they work with external users.
For example, you may have public read-only access on opportunities for all your internal users and set the external org-wide defaults to private so that partners do not see each others’ opportunities.
External Org-Wide Defaults Considerations
- Accounts and their associated contracts and assets
- Custom Objects
We highly recommend setting the default external access to private for all objects, and then opening up access using other means. Also, if you want to expose reports and dashboards on any objects to external users (such as a partner), you must set the external org-wide default to private.
Another thing to keep in mind is that the external org-wide default can’t be more permissive than the internal one. What does that mean? That if your internal Salesforce users have Public Read/Write access on cases, your external users can’t have Public Read/Write/Transfer access.
Setting and Testing External Org-Wide Defaults
Since Ursa Major has decided to expand sales via partners, setting external org-wide defaults is a must.
Maria wants to restrict external access to opportunities, while allowing internal Ursa Major Salesforce users the flexibility to see any opportunity.
In order to meet that requirement, Maria changes the default internal and external access settings.
- From Setup, enter Sharing Settings in the Quick Find box, then select Sharing Settings.
- Click Edit in the Organization-Wide Defaults area.
- For the Opportunity and Account and Contract objects, set the Default Internal Access to Public Read Only and the Default External Access to Private. Click OK if you get any popups or warnings.
- Click Save.
Now, let’s see how this external org-wide default change affects what folks actually see in the Salesforce org and in the Ursa Major Partner portal.
Add Opportunities to the Navigation Menu
In order to see opportunities in the Ursa Major Partner portal, we first have to add the opportunity object to the portal’s navigation menu.
- From Setup, enter
Digital Experiencesin the Quick Find box, then select All Sites.
- Click Builder next to the Ursa Major portal.
- Click anywhere on the Navigation Menu bar (1) and then click the Edit Default Navigation button (2).
- Click Add Menu Item. Drag the new menu item so that it’s nested under Sales.
- Change the following properties:
- Name: Opportunities
- Type: Salesforce Object
- Object Type: Opportunity
- Default List View: All Opportunities
- Click Save Menu.
- Click Publish and then Got it.
Test Opportunity Visibility in the Ursa Major Partner Portal
Log in to the Ursa Major Partner Portal as your system administrator. The easiest way to do this is from Salesforce Setup > Digital Experiences > All Sites > [site URL] . Navigate to the Opportunities menu item we just added.
Look at all the opportunities you can see!
Log in to the portal as Josh Davis. You can either use the credentials sent to you when you set up Josh as a site user, or use the Log in to Experience as User option on his contact record.
Navigate to the same Opportunities menu item, and select the All Opportunities list view. You shouldn’t be able to see any opportunities.
Good job! Give yourself a pat on the back, because you’ve passed your first test as a portal security guru.