Security Audit of public access data and pages for Salesforce Commmunities / Portal users and Site Guest users.

3:26 PM

Reviewing the data and pages you expose for external access ( Community users and Site Guest User) is an essential and critical piece to maintaining a healthy Salesforce instance. Here are a few suggestions that might help you get started.

Start with the Portal Health Check


Setup -> Security -> Health Check




Review the External Object Access 

While under the health check window. Scroll down to locate the number of objects that are exposed to external users.

 
This particular screen denotes that 85 objects have a default sharing model of either Public Read/Write or Public Read Only. This means that if the Community profile has 'Read', 'Edit' Access to the object  they get to read / edit all records of that object.

Keep in mind that any newly created custom object has a OWD of 'Public Read/Write' by default. As part of the deployment always ensure the OWD is always set appropriately.

 Fixing External Object Access

Setup -> Security -> Sharing Settings

Enable 'External Sharing Model' if not enabled already