You need to sign in to do that
Don't have an account?
E.J.R
Custom object permissions are ignored for Site Guest User
On our website, we have a form that customers use to update some of their information. The page uses a custom controller. The information is stored in a custom object. The customer presses a CommandButton to initiate any updates. In preparation for the Spring release, when Edit and Delete permissions are removed from our ORG, I manually removed these permissions ahead of time to see the impact on that page. For some reason, the object is still able to be updated by the Site Guest User, despite the profile having no Edit permissions to do so. In what situations could this be allowed to happen?
https://help.salesforce.com/articleView?id=000352282&language=en_US&mode=1&type=1
Thanks,
Thanks,
I've attached some step by step visuals for when I run through this scenario, followed by the debug log:
1) Remove object permissions for the Site Guest User profile:
2) Update the object from the website (ingognito tab to ensure SF session isn't interfering):
3) Result on Salesforce record:
4) Debug log after update: