Category: Unauthorized Access

When we build the Salesforce Communities, sometimes based on the customer requirements, we need to provide guest access to the communities. Guest access in basically the unauthorized access to the community. As you can easily understand, any unauthorized access is always a very dangerous things to implement. So we need to make sure our security configuration is strong enough that no internal data is getting exposed to the outside world i.e. unauthorized users. And if situation demands, only the required information(as minimum as possible) will be exposed.I am going to write down what are the details we should keep in mind while configuring guest access to the communities. To start, let’s revisit some basic stuffs first.For each communities we build in Salesforce, there will be a guest profile created for us automatically. It doesn’t matter, whether we allow guest access or not, the guest profile will be created for us always.All guest users i.e. unauthorized users will use this profile to access the community. If we create 5 communities, then there will be 5 guest profiles created. Name of the profile will be Profile. Starting Spring’20 Salesforce release, the settings “Secure guest user record access” will be enabled by default. Salesforce recommends using this settings to provide user record access to the guest users through communities. But there are few important things we should keep in mind -OWD will be...