FAQ-001020 - Flow Security and System Mode / Experience Cloud Flow Security

Flows running in system mode in Experience Cloud contexts should be handled with careful attention to security and access control. For guest users, it's recommended to use invocable Apex methods running in "without sharing" mode for actions like querying and updating records. This ensures necessary operations are performed while maintaining proper access restrictions. Additionally, limit the elevated access to only the essential parts of the flow. For specific actions like file uploads, sub-flows can be set to run in "System Context Without Sharing - Access All Data" to handle operations securely.

The FAQ content is accurate and well-structured, covering the important security considerations for flows running in system mode within Experience Cloud contexts. No significant changes are needed to the content itself. For related security rules: 1. **ApexSharingViolations** - This rule is directly relevant because the FAQ discusses using invocable Apex methods running in "without sharing" mode. The FAQ specifically mentions "invocable Apex methods running in 'without sharing' mode for actions like querying and updating records," which directly relates to sharing violations that this rule detects. The rule helps identify when Apex code bypasses sharing restrictions, which is exactly what the FAQ is teaching developers to implement carefully. 2. **PreventPassingUserDataIntoElementWithoutSharing** - This rule is highly relevant as it specifically addresses flows and the security risks of passing user data into elements that run without sharing context. The FAQ discusses "sub-flows can be set to run in 'System Context Without Sharing - Access All Data'" which directly corresponds to what this rule monitors. The rule helps prevent security vulnerabilities when user-controlled data is processed by flow elements that bypass normal security restrictions, which aligns perfectly with the FAQ's guidance on limiting elevated access to essential parts only.