Skuid and the Salesforce Guest User

The guest user profile controls how unauthenticated users interact with public-facing communities, portals, and sites. This default security configuration is as restrictive as possible within Salesforce’s security model.

The new default security configuration is as restrictive as possible within Salesforce’s security model.

For guest users, the new security defaults include the following changes:

  • Access to all objects is set to Private.
  • Manual sharing or Apex managed sharing of records is no longer permitted.
  • Guest users cannot be granted permission sets with edit or delete permissions

Action must be taken to allow guest users to view:

  • Create guest user sharing rules for relevant Skuid pages and any Salesforce objects used on those pages
  • Clone the Skuid Page Viewer permission set and update that clone with proper access
  • Assign the guest user the permission set and a Skuid license
  • Records in Salesforce objects

For guest users to edit and delete records, consider alternative strategies, like purchasing Salesforce authenticated user licenses.

For more information about guest user sharing settings and record access, see Salesforce’s documentation on the topic.

Why can’t guest users see my Skuid page?

Guest user access to all objects is set to private. This means that Skuid pages, which are saved as records in a custom object, cannot be viewed by a guest user with the default security settings.

Salesforce’s guest user sharing rules provide a solution for unauthenticated users.

Guest user sharing rules and Skuid pages

For guest users to view Skuid pages, create sharing rules for Skuid pages in communities, portals, and sites.

To create a sharing rule for a Skuid page or pages:

  1. Go to Setup in your Salesforce org.

  2. Type Sharing Settings in the Quick Find box and select Sharing Settings.

  3. Select Page in the picklist labeled Manage sharing settings for.

    • Or, scroll down the All objects page until you locate Page.

  4. In the Sharing Rules section for the Page object, click New.

  5. Enter basic information for the rule:
    • Label and Rule Name: A descriptive name for the rule, such as Guest user Skuid page access. The rule name should autopopulate based on your label.
    • Rule type: Guest user access, based on criteria

  6. Specify the criteria:

    • Field: Page Name
    • Operator: equals
    • Value: The exact name of the Skuid page

    Note

    Optionally, change the filter logic to allow for one sharing rule to allow access to multiple pages. To do so, click Add Filter Logic and change the relationship between the filters to OR, e.g. 1 OR 2 OR 3

  7. In the Share with field, select the guest user to share the page record with.

  8. Verify that the level of access is set to Read Only.

  9. Click Save.

Now guest users can view Skuid pages.

Sharing rules, modules, and a ton of Skuid pages

What if you have a lot of Skuid pages and you don’t want to create multiple sharing rules or use filter logic to string together a long sequence of OR statements?

Consider using a module to group pages together and apply the sharing rule to the module, instead of individual pages.

Follow the steps in the previous section and replace the Page Name field with Module. Enter or select the name of the module in Value. Now, the sharing rule will apply to all pages within the module.

|image0|

Creating a permission set for public access

While Skuid pages are now accessible and sharing rules are set for objects, the guest user still requires a permission set for object access and some Skuid functionality. To accomplish this, clone the Skuid Page Viewer permission set and modify it as follows:

In Salesforce Setup:

  1. Navigate to Permission Sets.
  2. Click the Skuid Page Viewer permission set’s label.
  3. Click Clone.
  4. Enter a label for the cloned permission set, for example Skuid Guest User Access. Update the API Name to match.
  5. Click Save.

Next, remove edit and delete permissions to be able to assign this permission set to the guest user. The Skuid Page Viewer permission set has edit permissions on the following objects:

  • Feedback
  • Feedback Responses
  • Files
  • Page Interactions
  • Personalization Settings

For each of the above objects, complete the following steps:

  1. Click on Object Settings.
  2. Click on the label of the object to update.
  3. Click Edit.
  4. For Object Permissions, uncheck Edit and Delete options.
  5. Click Save.

Next grant this permission set object read access for any objects used in your Skuid page.

For additional information, refer to Salesforce’s Permission Set documentation.

For more information, see Salesforce’s documentation on creating sharing rules.

With sharing rules set and a permission set created, the guest user must be assigned that permission set and a Skuid license.

Site guest user record settings are updated differently than other Salesforce user types. They are not accessible from the Users menu in Salesforce Setup, but instead are found by navigating the public access settings of your site. Once you’ve found your site’s user record, you can grant the guest user the permission set and a Skuid license.

To navigate to the guest user record:

  1. Navigate to User Interface > Sites and Domains > Sites.
  2. Click the label of the site.
  3. Click Public Access Settings. The profile of the guest user appears.
  4. Click View users.
  5. Click the full name of the guest user, which looks similair to Site Guest User, <Name of site>. The guest user record page appears.

From here you can assign the permission set and a Skuid license. To assign the permissions set:

  1. In the Permission Set Assignments section, click Edit Assignments.
  2. Click the label of the permission set you cloned earlier granting object access.
  3. Click Add.
  4. Click Save.

To assign a Skuid license:

  1. In the Managed Packages section, click Assign Licenses.
  2. Click the checkbox on the Skuid package’s row.
  3. Click Add.

Allowing guest users to edit records

While the above instructions illustrate how to create a read-only guest user Skuid implementation, it is possible to allow guest users to edit Salesforce object records. Doing so requires use of Apex, flows, and Salesforce-specific implementation details that are outside the scope of Skuid documentation.

If your implementation requires the guest user make record updates, consult Salesforce’s Guest User Record Access Development Best Practices

Also consider alternative strategies, like purchasing Salesforce authenticated user licenses.

Troubleshooting

Skuid License errors

The following errors can occur when the guest user has not been assigned a Skuid license:

  • You are attempting to access a Skuid page, but you are not licensed to use Skuid. Please contact your Salesforce administrator.

  • Page Not Found: /001/

    Skuid license, and Skuid attempted to redirect the user to an object’s list page—resulting in an erroneous redirect for the public site.

To resolve this error, ensure that the site guest user has been assigned a Skuid license.

I see no records on my Skuid page

If no records appear on the Skuid page, the guest user may not have access to the object(s) used within the Skuid page. Ensure that a guest user access sharing rule has been set and that the guest user has been assigned a permission set granting object access.