FAQ-001043 - Guest User Security and Sharing / CRUD and FLS Permissions

Guest users have limited permissions and can't access most standard and custom objects by default. When implementing guest user operations, you'll need to carefully handle CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) permissions. Here's what you need to know: **When to enforce CRUD/FLS checks:** - Always enforce permissions when guest users interact with sensitive data - Use `WITH USER_MODE` in SOQL queries to automatically enforce permissions - Apply `AccessLevel.USER_MODE` in Database methods for automatic permission enforcement - Validate permissions before any DML operations involving guest user data **When bypassing might be appropriate:** - Internal system operations that don't expose data to guest users - Logging or auditing operations - Operations specifically designed to work with guest user limitations **Implementation alternatives:** - Create dedicated objects with appropriate sharing settings for guest users - Use platform events for guest user interactions - Implement custom permission validation logic - Consider using Experience Cloud sharing rules For detailed implementation guidance and security best practices specific to guest user scenarios, see this comprehensive resource: https://www.learnexperiencecloud.com/article/Guest-User-Record-Access-Development-Best-Practices

The original answer was extremely brief and provided no actual guidance - it only contained a link without any explanatory content. This violates the completeness and clarity standards for FAQ responses. I expanded the answer to provide comprehensive guidance while maintaining the original structure and preserving the external link reference. The improvements include: 1) Clear explanation of guest user permission limitations, 2) Specific guidance on when to enforce vs bypass CRUD/FLS checks, 3) Modern security enforcement methods (WITH USER_MODE, AccessLevel.USER_MODE), 4) Alternative implementation approaches, 5) Maintained the original external resource link. I selected ApexCRUDViolation because this FAQ directly addresses CRUD permission validation in Apex code, which is exactly what this rule detects - violations of CRUD permissions in database operations. I selected ApexSharingViolations because guest user operations involve sharing and record access controls, and this rule identifies when Apex code bypasses sharing rules, which is a key concern mentioned in the FAQ's discussion of when to bypass permissions.