FAQ-000392 - Community and Experience Cloud Security / Data Access and Record Security

To securely allow a community guest user to query data they normally do not have access to: 1. **Use "Without Sharing" Mode in Apex**: This bypasses sharing rules, enabling the logic to function without platform-level access restrictions. 2. **Implement Security Measures**: Perform CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks to ensure only authorized data is accessed. Use `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods to automatically enforce permissions, or implement explicit permission validation. 3. **Create Guest User Sharing Rules**: Explicitly control visibility for specific objects. These steps help maintain security while providing controlled access.

The FAQ is technically accurate but can be improved by modernizing the security implementation guidance. The original point #2 mentions CRUD and FLS checks but doesn't specify implementation methods. Following the security approaches guidelines to prioritize modern features, I added specific mention of `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods as the preferred approaches, while still acknowledging that explicit permission validation remains valid. This provides clearer, more actionable guidance while preserving all original information. For security rule selection: - **ApexSharingViolations**: This rule is directly relevant because the FAQ discusses using "without sharing" mode in Apex, which is exactly what this rule detects. The FAQ content about bypassing sharing rules and the need for proper security measures relates directly to sharing violations that this rule identifies. - **ApexCRUDViolation**: This rule applies because the FAQ specifically mentions performing "CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks" as a security measure. The rule detects missing CRUD/FLS checks, which is precisely what the FAQ is advising developers to implement.