Sign Up ›
  • Sibendu Das
  • NEWBIE
  • 10 Points
  • Member since 2022
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 4
    Questions
  • 2
    Replies
3 replies

Restrict guest users in Experience cloud site from accessing getConfig or getObjectInfo

Dear Experts,

I am exploring vulnerabilties in Experience Cloud sites as per following article:
https://www.varonis.com/blog/abusing-salesforce-communities

My guest user profile does not have any permisison to any objects, APIs or anything else.

In Sharing setting setup, "Secure guest user record access" checkbox s selected. 

Even after that the guest user profile and guest user settings, it still allows guest user to access site configuration data (aura://HostConfigController/ACTION$getConfig
Data), and object details (aura://RecordUiController/ACTION$getObjectInfo)

It is only applying recod level access i.e. guest user cannot access any records, other than its own user record. 

Is it possible to restrict guest users further from  accessing site configuration?

Thanks in advance. 

Regards
Das



  


 
1 replies

Apex code permissions - is it restricted by license type attached to front-end user logged into Experience Cloud application? ?

We are building an web application using Salesforce experience cloud and LWC. Looking at a use case where some customer users, who are superusers for their organizations (Salesforce account), can add/manage users for their organization. These users in turn will be to access the application for different functionalities (but less than superusers).
My question is this achievable using External Identity License for these ‘superusers’ having additional access?  OR does it mandatorily need some other Salesforce license types, such as Customer Community Plus License(CCPL)?
Technically speaking, does the backend code (Apex) automatically applies restricted permissions based on what license is attached to user logged in to front-end of the application?
Sincerely appreciate any guidance.
We are building an web application using Salesforce experience cloud and LWC. Looking at a use case where some customer users, who are superusers for their organizations (Salesforce account), can add/manage users for their organization. These users in turn will be to access the application for different functionalities (but less than superusers).
My question is this achievable using External Identity License for these ‘superusers’ having additional access?  OR does it mandatorily need some other Salesforce license types, such as Customer Community Plus License(CCPL)?
Technically speaking, does the backend code (Apex) automatically applies restricted permissions based on what license is attached to user logged in to front-end of the application?
Sincerely appreciate any guidance.
 
1 replies

custom metadata fields - how to know when it changed

Dear All
We have some user settings stored as custom metadata types. 
When these changes (added/updated/deleted), we need to send this to another system. 
How can this be achieved? 
I came to undersand custom metadata typesdo not suport platform events (unlike other customer object/table).
Is there any other way to trigger a processing, whenever a custom metadata type is updated/deleted? 

Logically a batch process is last resort. But I would prefer a (near) real-time event-driven approach, if possible. 

Tanks in advance for pointers, suggestions.

Regards.
sibendu
  


 
SOLVED
1 replies

Experience cloud: how to embed external UI

Dear Experts,
What are the ways to embed screens from another application inside an Experience cloud site? 
What are best practices to be followed for such direct UI level integration?  
Regards.
sibendu 
 
3 replies

Restrict guest users in Experience cloud site from accessing getConfig or getObjectInfo

Dear Experts,

I am exploring vulnerabilties in Experience Cloud sites as per following article:
https://www.varonis.com/blog/abusing-salesforce-communities

My guest user profile does not have any permisison to any objects, APIs or anything else.

In Sharing setting setup, "Secure guest user record access" checkbox s selected. 

Even after that the guest user profile and guest user settings, it still allows guest user to access site configuration data (aura://HostConfigController/ACTION$getConfig
Data), and object details (aura://RecordUiController/ACTION$getObjectInfo)

It is only applying recod level access i.e. guest user cannot access any records, other than its own user record. 

Is it possible to restrict guest users further from  accessing site configuration?

Thanks in advance. 

Regards
Das



  


 
SOLVED
6 replies

Embed React JS in Lightning Web Component

How to use React JS in Light Web Component?
my customer wants to Develope Custom Page by using React JS in Salesforce, So could any one suggest best way?

Thanks you very much for your valuable input!
  • March 02, 2020
  • Like
  • 0