FAQ-001021 - Flow Security and System Mode / Experience Cloud Flow Security

The correct security context for Flows triggered by Experience Cloud guest users depends on the use case. For actions like uploading files or updating records, the flow can be configured to run in "System Context Without Sharing - Access All Data." This allows the flow to bypass user permissions and operate securely. It's important to limit the elevated access to only the necessary parts of the flow to maintain security.

The existing answer is accurate and well-structured, providing appropriate guidance for Flow security contexts in Experience Cloud environments. No significant issues were found with the content - it correctly identifies that the security context depends on the use case and appropriately recommends "System Context Without Sharing - Access All Data" for scenarios requiring elevated permissions. The recommendation to limit elevated access to only necessary parts maintains good security practices. I selected the PreventPassingUserDataIntoElementWithoutSharing rule because it directly relates to the FAQ's core topic. This rule (severity 2) specifically addresses Flow security concerns when user data is passed into elements without proper sharing enforcement. The FAQ discusses configuring Flows to run in "System Context Without Sharing - Access All Data" for Experience Cloud guest users, which is exactly the scenario this rule monitors. The rule helps ensure that when Flows bypass user permissions (as mentioned in the FAQ), proper security considerations are maintained.