FAQ-000395 - Community and Experience Cloud Security / Data Access and Record Security

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What are the security best practices for granting community or portal users access to records in a managed package?
Answer
To securely grant community or portal users access to records in a managed package, follow these best practices: 1. **Guest User Sharing Rules**: Create explicit sharing rules to grant access to specific records for guest users. 2. **Secure Guest User Record Access**: Enable the "Secure Guest User Record Access" setting to enforce a private Organization-Wide Default (OWD) for guest users. 3. **Avoid Manual Sharing**: Do not use manual or Apex sharing for guest users, as these are not best practices. 4. **Encrypt Sensitive Data**: Use encryption (e.g., AES256) for sensitive information like record IDs, and store keys securely in protected settings or metadata. 5. **System Mode for Critical Operations**: Run critical operations in system mode without sharing to bypass user permissions securely. 6. **CRUD/FLS Checks**: Enforce CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks in Apex code to prevent unauthorized access. 7. **Reassign Record Ownership**: Automate processes to reassign records created by guest users to a default owner for better control. 8. **Avoid Public Groups for Guest Users**: Do not include guest users in public groups to prevent unintended access. These practices ensure secure and controlled access to records for community or portal users.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
ApexCRUDViolationApexSharingViolations
Question
What are the security best practices for granting community or portal users access to records in a managed package?
Recommended Answer Update
To securely grant community or portal users access to records in a managed package, follow these best practices: 1. **Guest User Sharing Rules**: Create explicit sharing rules to grant access to specific records for guest users. 2. **Secure Guest User Record Access**: Enable the "Secure Guest User Record Access" setting to enforce a private Organization-Wide Default (OWD) for guest users. 3. **Avoid Manual Sharing**: Don't use manual or Apex sharing for guest users, as these aren't best practices. 4. **Encrypt Sensitive Data**: Use encryption (e.g., AES256) for sensitive information like record IDs, and store keys securely in protected settings or metadata. 5. **System Mode for Critical Operations**: Run critical operations in system mode without sharing to bypass user permissions securely. 6. **CRUD/FLS Checks**: Enforce CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks in Apex code to prevent unauthorized access. 7. **Reassign Record Ownership**: Automate processes to reassign records created by guest users to a default owner for better control. 8. **Avoid Public Groups for Guest Users**: Don't include guest users in public groups to prevent unintended access. These practices ensure secure and controlled access to records for community or portal users.
Reasoning
The FAQ content is accurate and well-structured, so I made minimal changes to improve conversational tone and clarity. I replaced formal phrases with more direct, conversational language: changed 'Do not use' to 'Don't use' and 'are not best practices' to 'aren't best practices' to align with the brand guidelines for conversational writing. I also changed 'Do not include' to 'Don't include' for consistency. These changes maintain all existing technical content while making the tone more approachable and easier to scan. For security rules selected: - **ApexCRUDViolation**: This rule directly relates to point #6 in the FAQ about enforcing CRUD and FLS checks in Apex code. The FAQ specifically mentions 'Enforce CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks in Apex code to prevent unauthorized access,' which is exactly what this rule validates. - **ApexSharingViolations**: This rule relates to multiple points in the FAQ about sharing and access control, particularly points #1 (Guest User Sharing Rules), #3 (Avoid Manual Sharing), #5 (System Mode for Critical Operations), and #8 (Avoid Public Groups for Guest Users). The FAQ discusses various sharing mechanisms and access patterns that this rule would evaluate for security compliance.
Reasoning References
Recommended Related Articles