Organization-Wide Default Settings
Digital Commerce application follows Salesforce security model and can be accessed using generic APIs. As a logged in and a guest user, you can only see records and data created by you. You must ensure a user should not access records created by other users.
As a guest user, to access a record you need to pass the record ID. For example, /orders/:orderId.
To achieve this:
- Update the organization-wide default (OWD) external access settings for the listed objects. For all other objects not listed in the table below set the default external access to Private.
- Ensure the User Visibility Settings are disabled
- Create Sharing Sets
In case of new custom objects created by you for your implementation, you must explicitly whitelist the custom objects in the Storefront object.
To update the default external access
- Go to Setup > in the Quick Find box, search and select Sharing Settings.
- Click Edit.
-
Update the default external access for a list of objects as shown in the table below:
Objects
Default Internal Access
Default External Access
Grant Access Using Hierarchies
Lead
Public Read/Write/Transfer
Public Read/Write/Transfer
Checked
Campaign
Public Full Access
Public Full Access
Checked
Price Book
Public Read/Write
Public Read/Write
Checked
Individual
Public Read/Write
Public Read/Write
Checked
Api Cache
Public Read/Write
Public Read/Write
Checked
Attribute Value Matrix
Public Read/Write
Public Read/Write
Checked
Batch Job (CPQ)
Public Read/Write
Public Read/Write
Checked
Billing Preference
Public Read/Write
Public Read Only
Checked
Category
Public Read/Write
Public Read/Write
Checked
CategoryTranslation
Public Read/Write
Public Read/Write
Checked
Charge Group
Public Read/Write
Public Read/Write
Checked
Charge Type
Public Read/Write
Public Read/Write
Checked
Clause Approval
Public Read/Write
Public Read/Write
Checked
Collaboration Request
Public Read/Write
Public Read/Write
Checked
Config Settings
Public Read/Write
Public Read/Write
Checked
Constraint Rule
Public Read/Write
Public Read Only
Checked
Custom Message
Public Read/Write
Public Read Only
Checked
Guided Selling Rule
Public Read/Write
Public Read/Write
Checked
Help Doc
Public Read/Write
Public Read/Write
Checked
IDE Provision
Public Read/Write
Public Read/Write
Checked
Incentive
Public Read/Write
Public Read/Write
Checked
Incentive Exclusion
Public Read/Write
Public Read/Write
Checked
Incentive Group
Public Read/Write
Public Read/Write
Checked
Payment
Public Read/Write
Public Read/Write
Checked
Payment Term
Public Read/Write
Public Read/Write
Checked
PentestEx
Public Read/Write
Public Read/Write
Checked
Permission Set Relationship
Public Read/Write
Public Read/Write
Checked
Price Dimension
Public Read/Write
Public Read/Write
Checked
Price List
Public Read/Write
Public Read/Write
Checked
Price Ruleset
Public Read/Write
Public Read/Write
Checked
Product Attribute Group
Public Read/Write
Public Read/Write
Checked
Product Attribute Matrix View
Public Read/Write
Public Read/Write
Checked
Product Attribute Rule
Public Read/Write
Public Read/Write
Checked
Product Attribute Rule View
Public Read/Write
Public Read/Write
Checked
Product Constraint
Public Read/Write
Public Read/Write
Checked
Product Constraint View
Public Read/Write
Public Read/Write
Checked
Product Default Rule
Public Read/Write
Public Read/Write
Checked
Product Filter View
Public Read/Write
Public Read/Write
Checked
Product Footnote
Public Read/Write
Public Read/Write
Checked
Product Group
Public Read/Write
Public Read/Write
Checked
Product Information
Public Read/Write
Public Read/Write
Checked
Product Option Component
Public Read/Write
Public Read/Write
Checked
Product Translation
Public Read/Write
Public Read/Write
Checked
Proposal Document Output Format
Public Read/Write
Public Read/Write
Checked
Storefront
Public Read/Write
Public Read/Write
Checked
Tax Certificate
Public Read/Write
Public Read Only
Checked
Tax Code
Public Read/Write
Public Read Only
Checked
Template
Public Read/Write
Public Read Only
Checked
Template Locale
Public Read/Write
Public Read Only
Checked
Temp Object (Comply)
Public Read/Write
Public Read/Write
Checked
Temp Object (CPQ)
Public Read/Write
Public Read/Write
Checked
Temp Renew
Public Read/Write
Public Read/Write
Checked
Temp Renew Asset Group
Public Read/Write
Public Read/Write
Checked
Temp Renew Asset Line Item
Public Read/Write
Public Read/Write
Checked
Term Exception
Public Read/Write
Public Read/Write
Checked
User View
Public Read/Write
Public Read/Write
Checked
- Click Save.
To whitelist custom objects in the storefront
- Click All tabs and click Storefronts.
- From the list of storefronts, select your Storefront.
-
Enter all the custom objects API names in the API Objects field with coma separated values.
- Click Save.
To ensure the user visibility settings is disabled
- Go to Setup > in the Quick Find box, search and select Sharing Settings.
- Click Edit.
-
Scroll down to the User Visibility Settings related list and uncheck the following:
- Portal User Visibility
- Site User Visibility
- Click Save.
To create sharing sets
- Go to Setup > in the Quick Find box, search and select Digital Experiences > Settings.
- In the Sharing Sets related list, click New to create a sharing set, or click Edit to edit a sharing set.
- In the Sharing Set Edit page, fill in the Label and Sharing Set Name fields. Label is the sharing set label as it appears on the user interface. Sharing Set Name is the unique name used by the API.
- Enter a description.
-
Select the following profiles to provide access.
- Customer Community User
- Partner Community UserNote:
You can have one sharing set per profile only.
- Search and select Opportunity from the list of available objects.
- In the Configure Access section, click Set Up to configure access for the selected profiles.
-
Grant access based on an account lookup:
- To determine the account lookup on the user, select a value in the User dropdown list.
- To determine the account lookup on the target object, select a value in the Target Object field.
- From Access Level, select Read Only.
- Click Update, then click Save.
