Organization-Wide Default Settings

Digital Commerce application follows Salesforce security model and can be accessed using generic APIs. As a logged in and a guest user, you can only see records and data created by you. You must ensure a user should not access records created by other users.

As a guest user, to access a record you need to pass the record ID. For example, /orders/:orderId.

To achieve this:

Update the organization-wide default (OWD) external access settings for the listed objects. For all other objects not listed in the table below set the default external access to Private.
Ensure the User Visibility Settings are disabled
Create Sharing Sets

Important

In case of new custom objects created by you for your implementation, you must explicitly whitelist the custom objects in the Storefront object.

To update the default external access

Go to Setup > in the Quick Find box, search and select Sharing Settings.
Click Edit.

Update the default external access for a list of objects as shown in the table below:

Objects	Default Internal Access	Default External Access	Grant Access Using Hierarchies
Lead	Public Read/Write/Transfer	Public Read/Write/Transfer	Checked
Campaign	Public Full Access	Public Full Access	Checked
Price Book	Public Read/Write	Public Read/Write	Checked
Individual	Public Read/Write	Public Read/Write	Checked
Api Cache	Public Read/Write	Public Read/Write	Checked
Attribute Value Matrix	Public Read/Write	Public Read/Write	Checked
Batch Job (CPQ)	Public Read/Write	Public Read/Write	Checked
Billing Preference	Public Read/Write	Public Read Only	Checked
Category	Public Read/Write	Public Read/Write	Checked
CategoryTranslation	Public Read/Write	Public Read/Write	Checked
Charge Group	Public Read/Write	Public Read/Write	Checked
Charge Type	Public Read/Write	Public Read/Write	Checked
Clause Approval	Public Read/Write	Public Read/Write	Checked
Collaboration Request	Public Read/Write	Public Read/Write	Checked
Config Settings	Public Read/Write	Public Read/Write	Checked
Constraint Rule	Public Read/Write	Public Read Only	Checked
Custom Message	Public Read/Write	Public Read Only	Checked
Guided Selling Rule	Public Read/Write	Public Read/Write	Checked
Help Doc	Public Read/Write	Public Read/Write	Checked
IDE Provision	Public Read/Write	Public Read/Write	Checked
Incentive	Public Read/Write	Public Read/Write	Checked
Incentive Exclusion	Public Read/Write	Public Read/Write	Checked
Incentive Group	Public Read/Write	Public Read/Write	Checked
Payment	Public Read/Write	Public Read/Write	Checked
Payment Term	Public Read/Write	Public Read/Write	Checked
PentestEx	Public Read/Write	Public Read/Write	Checked
Permission Set Relationship	Public Read/Write	Public Read/Write	Checked
Price Dimension	Public Read/Write	Public Read/Write	Checked
Price List	Public Read/Write	Public Read/Write	Checked
Price Ruleset	Public Read/Write	Public Read/Write	Checked
Product Attribute Group	Public Read/Write	Public Read/Write	Checked
Product Attribute Matrix View	Public Read/Write	Public Read/Write	Checked
Product Attribute Rule	Public Read/Write	Public Read/Write	Checked
Product Attribute Rule View	Public Read/Write	Public Read/Write	Checked
Product Constraint	Public Read/Write	Public Read/Write	Checked
Product Constraint View	Public Read/Write	Public Read/Write	Checked
Product Default Rule	Public Read/Write	Public Read/Write	Checked
Product Filter View	Public Read/Write	Public Read/Write	Checked
Product Footnote	Public Read/Write	Public Read/Write	Checked
Product Group	Public Read/Write	Public Read/Write	Checked
Product Information	Public Read/Write	Public Read/Write	Checked
Product Option Component	Public Read/Write	Public Read/Write	Checked
Product Translation	Public Read/Write	Public Read/Write	Checked
Proposal Document Output Format	Public Read/Write	Public Read/Write	Checked
Storefront	Public Read/Write	Public Read/Write	Checked
Tax Certificate	Public Read/Write	Public Read Only	Checked
Tax Code	Public Read/Write	Public Read Only	Checked
Template	Public Read/Write	Public Read Only	Checked
Template Locale	Public Read/Write	Public Read Only	Checked
Temp Object (Comply)	Public Read/Write	Public Read/Write	Checked
Temp Object (CPQ)	Public Read/Write	Public Read/Write	Checked
Temp Renew	Public Read/Write	Public Read/Write	Checked
Temp Renew Asset Group	Public Read/Write	Public Read/Write	Checked
Temp Renew Asset Line Item	Public Read/Write	Public Read/Write	Checked
Term Exception	Public Read/Write	Public Read/Write	Checked
User View	Public Read/Write	Public Read/Write	Checked

Click Save.

To whitelist custom objects in the storefront

Click All tabs and click Storefronts.
From the list of storefronts, select your Storefront.
Enter all the custom objects API names in the API Objects field with coma separated values.
Click Save.

To ensure the user visibility settings is disabled

Go to Setup > in the Quick Find box, search and select Sharing Settings.
Click Edit.
Scroll down to the User Visibility Settings related list and uncheck the following:
- Portal User Visibility
- Site User Visibility
Click Save.

To create sharing sets

Go to Setup > in the Quick Find box, search and select Digital Experiences > Settings.
In the Sharing Sets related list, click New to create a sharing set, or click Edit to edit a sharing set.
In the Sharing Set Edit page, fill in the Label and Sharing Set Name fields. Label is the sharing set label as it appears on the user interface. Sharing Set Name is the unique name used by the API.
Enter a description.
Select the following profiles to provide access.
- Customer Community User
- Partner Community User
  
  You can have one sharing set per profile only.
Search and select Opportunity from the list of available objects.
In the Configure Access section, click Set Up to configure access for the selected profiles.
Grant access based on an account lookup:
- To determine the account lookup on the user, select a value in the User dropdown list.
- To determine the account lookup on the target object, select a value in the Target Object field.
From Access Level, select Read Only.
Click Update, then click Save.