Skip to main content
GroupsSecuring Experience Cloud
Group

Securing Experience Cloud

At Salesforce, we understand that the confidentiality, integrity, and availability of your data is vital to your business, and we take the protection of your data very seriously. This groups provides information and best practices about upcoming security updates for our public and private sites, including Experiences Cloud sites, Force.com, and Site.com sites.
Irfan Ali (salesforce developer at Ntt Data Services) asked in #Experience Cloud
Jun 26, 2023, 11:39 AM
Dataraptor for guest user

I created an Omniscript form along with dataraptor Extract. When I test within Salesforce as Authenticated User, it works perfectly.

However, when I run as a guest user in an experience site, dataraptor fail to return any result.

I Have Assigned Omnistudio licence and required object permission (omnistudio objects).

 

Any one have idea, are dataraptor executes by guest user or not.

 

@Salesforce OmniStudio Developer @Vlocity @*Experience Cloud Developers* @* Experience Cloud *@Securing Experience Cloud 

6 answers
  1. Cindy Dennison (Department for Education)
    Jun 29, 2023, 9:16 AM
    This might not help but have you used F12/inspect on the page while running the Omniscript? I had a lot of errors when I checked mine and had to grant the guest user access to a number of different apex classes. I used Chrome and was also able to check the network tab to troubleshoot permission issues.
Write an answer...
0/9000
Luke Freeland (Architect at Metillium Inc)
Sep 10, 2021, 1:17 PM
Experience Cloud Work with an External Web Application Firewall?

We will be implementing Experience Cloud in the mid-term and our security department wants to know if we can use an external web application firewall with it. We asked our Salesforce technical contact and they said to ask the vendor we use. Does anyone know?

3 answers
Write an answer...
0/9000
Anna Babur (Advanced Communities)
Sep 1, 2023, 12:15 PM

One of the standout features of Salesforce is its flexible, multi-layered sharing model 🌐, which allows assigning different data sets to different sets of users.

 

As organizations continue to adopt Salesforce Experience Cloud 🚀, it becomes increasingly important to understand the various tools and techniques available for managing user permissions and data access within the platform. 🔐💼

 

In this article 👉👉👉https://bit.ly/3L6wJkN we will explore the concepts of permission sets and profiles, and provide you with best practices for securing your site and managing data access.One of the standout features of Salesforce is its flexible, multi-layered sharing model 🌐, which allows assigning different data sets to different sets of users.

Write a comment...
0/9000
Anna Babur (Advanced Communities)
Aug 25, 2023, 8:34 AM

Salesforce has recently announced a significant change to the data access and user permission management bringing a new era of user management in Salesforce. 

The company has reported the end-of-life (EOL) of permissions on profiles, which will take effect in the Spring ’26 release. 

This article 👉 👉 👉  https://bit.ly/45I8Kjx

...will explore the reasons behind this evolution, the future of profiles and permission sets, and provide you with information on what you can do now to prepare for the upcoming changes.

Salesforce has recently announced a significant change to the data access and user permission management bringing a new era of user management in Salesforce.

Write a comment...
0/9000
Irfan Ali (salesforce developer at Ntt Data Services) (Originally asked by Irfan Ali)
Jun 26, 2023, 11:43 AM
Write a comment...
0/9000
S Ragavi
May 4, 2023, 9:00 AM
Password Never Expires Permission on Guest User Profile

Is the "Password Never Expires Permission" permission applicable to guest user profile? Is there any security risk if you set it to true?

4 answers
  1. George Abboud (Salesforce)
    May 4, 2023, 3:44 PM

    @S Ragavi my question to you is, regardless of the answer to your question, why would you need to set this permission to true? Just set it to false, and avoid the potential "IF" because the guest user profile does not have a password, so this permission wouldn't functionally affect anything. So set it to false. Don't open up permissions that you don't need to open up.

Write an answer...
0/9000
Admin User
Apr 28, 2023, 3:46 PM
Guest Use Access Report ApexClasses

Using this app:

https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000FR6GaUAL&placement=a0d3u00000B363BAAR&tab=r

 

Generally our communities don't use the out of the box profiles and we don't grant guest users access to anything (except the basics like login page provided by sfdc).

 

The report from this app seems to reflect that just fine. But there is a large section on ApexClasses that may or may not include AuraEnabled methods all flagged as potential risk. Nearly all of these come from managed packages.

 

My questions are:

  1. None of the guest user profiles have access to these apex classes assigned at the profile level so how are these profiles even able to see those classes?
  2. The wording suggests that not having access is actually a problem:
AuraEnabled Apex Classes: The report will highlight any class with potential risks that is:
1) AuraEnabled or maybe AuraEnabled (If part of a managed package and the report cannot read the code within the class)
2) If the Guest User Profile does not have access to the class

To me, this is the opposite of a problem, we don't want guest users to have access to the class so why are these flagged as potential risks? 

 

Unfortunately an article was published and caught the eye of our leadership, I can't provide them a report with 10,000 potential risks that may not actually be risks.

3 answers
  1. George Abboud (Salesforce)
    Apr 28, 2023, 8:40 PM

    Thanks @Admin User - only challenge there is that the User Access Report can actually be run for guest, external, and internal users...so it's not always a site url to run the report (like in the case of internal users). But I will give it some thought on how to incorporate.

     

    Thanks again!

Write an answer...
0/9000
Sagar Dhawle (Salesforce Technical Consultant at Perficient Inc.) asked in #Sales Cloud
Dec 29, 2022, 7:03 AM
As a Any User I want to be able to share a given account's related objects once I share an account with a user. Furthermore, I want that the account's related objects are automatically shared with the account owner/team members So That we can keep Account

1- The account owner/team members automatically have their respective CRUD operations on the given account's related objects

 

2- When an account is maunally shared with a user, he automatically gets his respective CRUD operations on the given account's related objects

@* Experience Cloud * @Community Cloud Consultant Cert. Prep@Securing Experience Cloud

1 answer
Write an answer...
0/9000