Salesforce’s Spring ‘20 Release: Changes regarding guest users starting March 1, 2020



  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited May 28

    • As explained here, Salesforce has extended the ability to opt out of having the guest user changes auto enabled in Summer ‘20 and will start enforcement of the guest user changes in Winter ‘20 without the option to opt out. 
    • Skuid has identified 3 options available to Skuid clients: 
    1. Declarative: Add an additional user license (for Salesforce & Skuid). You can go about configuring a second Salesforce data source (follow this Salesforce doc) that points to your same org with the user credentials hard coded. However, it is important that you make sure this user ONLY has the permissions that they absolutely need. You can then use this data source on your public page. Note: This method requires an additional paid Salesforce user and Skuid license to accomplish. 

    2. Custom code: 

      1. Use triggers as described here

      2. Write Apex code that runs in “system mode” to get around the Salesforce security model. You will need to use Skuid’s model API on the Skuid page.

  • DaveDave Member ✭✭
    edited May 11
    Thank you for that update, quick question in the Option 1. declarative

    It says in the doc :

    A few caveats
    • Salesforce permissions are retained in all data source connections; an end user can only see and edit data they have access to in the associated orgs. Ensure that Salesforce user permissions are appropriately set in each external org being accessed.
    • If two people are simultaneously editing an external Salesforce org’s data, the last edit wins.
    Regarding Point #2, just to clarify if 2 different people use that skuid page and edit 2 different records at the same time, only one of them would save its own changes?
  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited May 22
    Hi Dave, in the scenario you described above (2 people, 2 different records, same page), both user's changes should be saved. We don't expect that there would be conflicts unless both users were trying to update the same record at the same time.
  • DaveDave Member ✭✭
    edited May 22
    HI Anna, thank you for answer above. I just set up a sandbox with the Declarative way, and all seems to be setup properly and when i try to create a new page, no problem i can use 'external SF Data' source, but it still asks me to OAuth myself....

    So either the Instructions are missing something or I did not understand when it comes to login using stored credentials

    So the goal of this is to have External users, without logging into SF be able to use a specific skuid page to i had with guest user license

    So ofc i tried to 'Hard code' my credentials for now as it's a test (i'm admin, not sure i can use mine or not).

    And here's the set up

    So here are my questions:

    1. How do i set it up so that it uses the Stored credentials above instead of asking me or the public users to OAuth

    2. Once that is done what skuid page do I share to those users? the one I preview from page builder?

    Quite confused, sorry if not very clear

    Let me know


  • DaveDave Member ✭✭
    edited June 3

    Anna or anyone that has tried the declarative way, any way to point me in right direction for message above please?
  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited June 5
    Hi Dave, I'm checking into #1 and will get back to you.

    for #2 the deployment process will be the same as usual, using the Salesforce Sites or Community Builder to deploy your page via the Skuid Page Lightning Component or a Visualforce page.
  • DaveDave Member ✭✭
    edited June 5
    Thank you Anna for helping me with this!

    So just to be clear for @2 the same way I was sharing my page with Guest User via VF using sites, this will work the same way, but instead of using the guest user access, it would use the programed credentials?

    Thank you
  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited June 17
    Hi Dave:

    For #1, it looks like your Authentication Provider "ExternalSF" may need to be tweaked. Set your Grant Type to Resource Owner Password Credentials in the Auth Provider configuration, and you get the option to specify a Credential Source on the Data Source config screen. Here's our documentation on the setting.  This is where you enter the username and password for your custom guest user.

    #2. Build / update the pages you want to use on your site to use this External SF data source. For existing pages, you can update the XML so that the models are pointing to the new External SF data source rather than the original Salesforce Data Source. This is the page you will share via VF using sites. The site viewer will still be an unauthenticated guest user, but because the pages are using the External SF data source, guest users should be able to access the data according to the permissions you've assigned to the custom guest user.  

    Again, make sure that the custom guest user only has the view and edit permissions that they absolutely need so that your site remains secure.
  • Nicholas L.Nicholas L. Member
    edited June 26
    Hi, I am wondering if this change will have any impact to passing variables as "params" on public sites?
  • DaveDave Member ✭✭
    edited June 17

    Thank you very much, I finally got it to work mostly! 'Guest User' can view and Edit

    But Regarding the File upload with the declarative way, it is not working for me.

    Whether i try: Method A: In Content Document (with Record Context) or Method B: Attachment to Record  

    Guest user has access to record(sharing rule enabled). Stored Credentials used for now are Admin, so not a permission issue.

    the 'Guest user' sees this message instead of the file upload component

    You do not have permission to upload files using the API.

    Followed the little instructions I found here:

    Any ideas?

  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited June 17
    Hey Dave, glad to hear you're making progress.
    • what version of Skuid are you using? 12.2.?
    • Remind me what context for this? Site? Lightning Community?

    A couple things to check:
    • If using Skuid-in-Visualforce to deploy in your community, make sure you follow the steps here to make a copy of the FileUpload Visualforce page and allow access to your new community guest user. 
    • This Visualforce Page should also be added to the list of Visualforce for the Site.
    For convenience, here's also the docs for the upload component

  • DaveDave Member ✭✭
    edited June 17
    Hey Anna,

    Thanks you for quick response above, as would love to finish this today

    I'm on 12.2.19

    Context is for Sites

    We use Skuid in VF , and Site's guest user has access to VF page for redirect, and those 3 you mentioned, Upload Image, Social and Include Cloned VF pages (i even updated them in case they got changed in newer version)

    Still same error.

    Any other idea I can try?

    This is my last piece of the puzzle before I attempt all of this in Production.

  • Matt SonesMatt Sones Member ✭✭
    edited June 19
    Does anyone have a sample VF page and APEX code to allow the guest user on a site with skuid to read/create/edit?

    I'd rather not have to require all of our customers to add a skuid and salesforce license to keep their sites working.
  • DaveDave Member ✭✭
    edited June 19
    I tried looking at that option with my Dev, but seem very complex, so we made decision instead of spending $$ on Development and the time it would take to get it done properly, to use the declarative way. More expensive on long run, but faster and simpler deployment!

    Hope someone can share that, I would be curious as well

  • Anna WiersemaAnna Wiersema Skuid Mod, Admin 🛠️ 
    edited June 26
    Hi Nicholas, it depends on which variables you're passing as params. The guest user will need to have access to those variables (e.g. record ids).

     that there is not distinction between guest users from a security standpoint, so any guest user familiar with the Javascript console can use it to access all the records that are open to guest user access regardless of how Skuid's conditions are set up.

Sign In or Register to comment.