Have you ever seen the screen shot below?
And wondered, “who is the Site Guest User?”
The Site Guest User is a special type of user that you use in conjunction with a Force.com site or any application that utilizes a Force.com site. Some examples of this are event management applications, donation applications, volunteer applications, etc. The Site Guest User allows for those external constituents who are registering for an event, making a donation, signing up to volunteer to commit data into your system, essentially making the “sync” of data possible. You can also selectively display data through this user, if desired.
The Site Guest User is no one and everyone at the same time.
Now, the tricky part is that you won’t see this user in your user list when you go to manage users or permissions. You can’t create a Site Guest User or the user profile for this special user the way you create and manage other users. You also can’t log in as this user. The Site Guest User has no password, no role, no session browsing, and no API access. They are similar to ghosts, but friendly ghosts that help your Salesforce system and third party applications work.
In order to allow guest users to view or submit data to a Salesforce object, you have to modify the object’s permission in the Site Guest User’s profile. Each site has a separate Guest User license, so you can control guest access to Salesforce objects on a per site basis. For example, if you have both a volunteer application and a donation application and each user a Force.com site, you would configure the volunteer site guest user to only see and commit data into the relevant volunteer objects and fields, while the donation site guest user would be configured to only see objects and fields related to donations. This is a best practice for system security.
To learn more about setting up a Force.com site, check-out this article. When someone visits your Force.com Site, they can view all of the pages that are part of that site. Through the Site Guest User settings, you can control the type of activities they are allowed to perform in addition to viewing pages. This is important because you want your constituents to be able to make donations, sign up to volunteer, or register for your upcoming event, and you want that data to go directly into Salesforce, instead of floating in cyberspace. Since your constituents do not have logins for your Salesforce instance (unless you are using Community features and licenses), they are automatically assigned the Guest User profile. But remember, the Guest User has no login credentials, so they cannot actually log into your Salesforce instance. They can only see or commit data to the objects and fields you have specified in the user profile.
Most of the applications that utilize Force.com sites and Site Guest Users have specific instructions for setting up the Site Guest User permissions. These instructions provide you with the specific objects and fields that the Site Guest User should have access to in order for the application to work as expected.
To access the Site Guest User Settings:
Navigate to Setup menu and then to the “Develop” section. This is where you will find “Sites”.
Once you navigated to your sites, select “Site Label.”
Then select “Public Access Settings.”
Now things should start to look familiar! You will notice the user license is “Guest.”
Managing the Site Guest User Profile works just like managing a standard profile with a few exceptions:
- You can only assign the permission to read/create on standard objects, but can assign full create-read-updated-delete (CRUD) on custom objects.
- By default, the Site Guest User does not have access to any objects, fields, or VisualForce pages. You need to enable permissions and page visibility that are applicable to your use case.
- Once you have set permissions for the object, check out field level security to make sure that the appropriate fields are available.
Now, it is important to remember that Site Guest Users can’t be used for any purposes other than Force.com Sites. You can create up to 25 sites (Enterprise edition), which means you can create up to 25 Guest Users. These users to do not count against your purchased user limits, but you do need to monitor the profiles for all of them. If you add a custom field on the contact record that your volunteer application needs to write data to, make sure your Site Guest User has access to that field!
If you liked this article, you might find these interesting:
Why a System Administrator Profile Is Not For Everyone
Security vs Convenience: Securing Your Salesforce Org
Improvements to Your Salesforce – Documenting Database Changes