In the Spring ‘20 Salesforce release, Salesforce is modifying what guest users are able to do using out of the box Salesforce in order to secure communities and force.com sites. As noted in this documentation and further explained in this documentation, although the changes are part of the Spring ‘20 release, they will not be automatically enabled in orgs until March 1st.
Who Will be Affected by This:
Any clients who utilize guest users in your Salesforce org may be affected by this depending on what your guest users do.
How Does this Affect My Use of Skuid and What is Skuid Doing About It?
Salesforce’s change also impacts Skuid’s File Upload component for site guest users. The Skuid Product Engineering team is working on a product change to restore the ability for Guest Users to use Skuid’s File Upload component to upload attachments to records. This change will be available in 11.2.30 and 12.2.14.
What Do I Need to Do?
As soon as possible, any clients who utilize guest users in your Salesforce org need to thoroughly test all functionality that your guest users can currently do in your prod org against what they can do in a sandbox with the ”Secure guest user record access” enabled.
1. If you are using Skuid’s File Upload component for site guest users:
Upgrade a sandbox to either 11.2.29 or 12.2.13 per these instructions. This way, you will be prepared to move quickly when the upcoming Skuid release that contains the fix is available (11.2.30 or 12.2.14)
Thoroughly test that version to ensure there are no adverse changes to any of your mission critical functionality
Upgrade that sandbox to 11.2.30 or 12.2.14 when it is available and test again
Upgrade your production org to 11.2.30 or 12.2.14 when everything checks out in your sandbox.
Please note that even on Skuid version 11.2.30 or 12.2.14, you will still need to use Salesforce’s new Guest User Sharing Rules to grant record level access to the records your Guest Users should be able to access.
For example, if your Guest Users currently use Skuid to create a record and then upload a file as an attachment to that record, you will need to create one or more Guest User Sharing Rules to share these newly-created records to your site’s Guest User. If you do not create the requisite sharing rules, you will still be unable to use Skuid’s File Upload component to upload attachments to those records, even with 11.2.30 or 12.2.14 installed.
2. If your guest users need to access records they have created, such as allowing Guest Users to create a record and then additional “detail” records related to that first record, you have several options:
Try to achieve the record access for your site guest user using Site Guest User Sharing Rules.
Modify your Skuid Page to either
Invoke Apex that runs an update in a “without sharing” context to perform the record linkages.
Run a Flow that runs in system context.
For more details on a or b, please see this article on how Salesforce recommends that customers write Apex to work outside of the security model you have configured for your Org.
If you continue to have problems either:
Open a case with Salesforce detailing your use case and how it works currently in winter ’20 and what you need it to continue to do. Our understanding is that Salesforce has a task force to help clients work through any issues related to this release.
Sign up for Salesforce’s office hours to ask questions of the experts live.
Other Salesforce Resources That May be Helpful
Here are also some resources Salesforce provided:
Assesses the impact on their public sites using the resources in Trailblazer Community group: Securing Community Cloud
SF Communities or Portals: Follow the guide to Secure Your Community or Portal
Salesforce Winter ‘20 release notes also include changes regarding guest users:
Use the New Guest Sharing Rule to create criteria-based “read-only” sharing specifically for guest user