saving force.com site reference fields

  • 1
  • Question
  • Updated 3 years ago
I'm having trouble getting reference fields to save on a force.com site page - is a site 'Guest User' able to save data contained in reference fields if the object being looked up is not explicitly available to the Guest User profile?

ie....

- I have a custom object 'Feedback' which we have created a force.com site for.
- The feedback object has a lookup field to the Account object
- The Account Id and Account Name are passed in the url when the site page is loaded (e.g. "examplesiteurl.secure.force.com/feedback?acct=0012400000L****AA3&acctname=TestAccount"

The conditions I have on the feedback model are as pictured:



I've tried quite a few different combinations of conditions here, but can't seem to get it to work for the site's Guest User profile.

Do I need to expose the Account object to the site's Guest User profile? (Which I would prefer not to do) or is there some particular condition I have missed?

Thanks, Greg
Photo of Greg Jarrett

Greg Jarrett

  • 3,496 Points 3k badge 2x thumb

Posted 3 years ago

  • 1
Photo of Pablo Martinez

Pablo Martinez

  • 2,468 Points 2k badge 2x thumb
if that profile does not have access to the account object the lookups will be always empty (because that profile cannot read accounts).

Before continue reading, please note that I'm just discovering the sharing rules and all the things with not internal users, so the information can not be accurate or wrong.

I think you have 3 options here: 
  • Give read on accounts (and don't share any account with that user / group so he can use the object, but no data is shared with him (I think a user has automatically shared the account of his/her contact). I don't know how this will work if you try to put an account that is not shared with the user in the lookup, probably will fail (the record does not exist for that user)
  • Use apex. I think apex does not look at the permissions in profiles,(I'm not really sure of this). you can store the data on text fields and with a trigger update the account, or schedule a batch to set the account in all the feedbacks without account
hope it helps (and hopping the info is accurate)
Photo of Greg Jarrett

Greg Jarrett

  • 3,496 Points 3k badge 2x thumb
Thanks Pablo. 

I've considered the apex option - we would need to add text fields to the Feedback object where we capture the id url parameters, and then when the record is saved we use Apex to populate the lookup fields using those ids - but I'd prefer to stay away from that as it's harder to maintain as a long-term solution for the client in this case.

And I'd prefer not to give public site users read access to all Accounts on the site - whilst its 'low risk' it does technically expose ALL the Account data publicly, which isn't ideal.
Photo of Greg Jarrett

Greg Jarrett

  • 3,496 Points 3k badge 2x thumb
Just a quick update on this - I ended up having to go down the apex trigger path to update these reference fields behind the scenes. There didn't seem to be a way to do it using the UI as I didn't want to grant read access accounts on that force.com site. The trigger is working nicely for the site Guest User profile.