Digital Commerce application follows Salesforce security model and can be accessed using generic APIs. As a logged in and a guest user, you can only see records and data created by you. You must ensure a user should not access records created by other users.

As a guest user, to access a record you need to pass the record ID. For example, /orders/:orderId.

To achieve this:

Important

In case of new custom objects created by you for your implementation, you must explicitly whitelist the custom objects in the Storefront object.

To update the default external access

  1. Go to Setup > in the Quick Find box, search and select Sharing Settings.
  2. Click Edit.
  3. Update the default external access for a list of objects as shown in the table below:

    ObjectsDefault Internal AccessDefault External AccessGrant Access Using Hierarchies
    LeadPublic Read/Write/TransferPublic Read/Write/TransferChecked
    CampaignPublic Full AccessPublic Full AccessChecked
    Price BookPublic Read/WritePublic Read/WriteChecked
    IndividualPublic Read/WritePublic Read/WriteChecked
    Api CachePublic Read/WritePublic Read/WriteChecked
    Attribute Value MatrixPublic Read/WritePublic Read/WriteChecked
    Batch Job (CPQ)Public Read/WritePublic Read/WriteChecked
    Billing PreferencePublic Read/WritePublic Read OnlyChecked
    CategoryPublic Read/WritePublic Read/WriteChecked
    CategoryTranslationPublic Read/WritePublic Read/WriteChecked
    Charge GroupPublic Read/WritePublic Read/WriteChecked
    Charge TypePublic Read/WritePublic Read/WriteChecked
    Clause ApprovalPublic Read/WritePublic Read/WriteChecked
    Collaboration RequestPublic Read/WritePublic Read/WriteChecked
    Config SettingsPublic Read/WritePublic Read/WriteChecked
    Constraint RulePublic Read/WritePublic Read OnlyChecked
    Custom MessagePublic Read/WritePublic Read OnlyChecked
    Guided Selling RulePublic Read/WritePublic Read/WriteChecked
    Help DocPublic Read/WritePublic Read/WriteChecked
    IDE ProvisionPublic Read/WritePublic Read/WriteChecked
    IncentivePublic Read/WritePublic Read/WriteChecked
    Incentive ExclusionPublic Read/WritePublic Read/WriteChecked
    Incentive GroupPublic Read/WritePublic Read/WriteChecked
    PaymentPublic Read/WritePublic Read/WriteChecked
    Payment TermPublic Read/WritePublic Read/WriteChecked
    PentestExPublic Read/WritePublic Read/WriteChecked
    Permission Set RelationshipPublic Read/WritePublic Read/WriteChecked
    Price DimensionPublic Read/WritePublic Read/WriteChecked
    Price ListPublic Read/WritePublic Read/WriteChecked
    Price RulesetPublic Read/WritePublic Read/WriteChecked
    Product Attribute GroupPublic Read/WritePublic Read/WriteChecked
    Product Attribute Matrix ViewPublic Read/WritePublic Read/WriteChecked
    Product Attribute RulePublic Read/WritePublic Read/WriteChecked
    Product Attribute Rule ViewPublic Read/WritePublic Read/WriteChecked
    Product ConstraintPublic Read/WritePublic Read/WriteChecked
    Product Constraint ViewPublic Read/WritePublic Read/WriteChecked
    Product Default RulePublic Read/WritePublic Read/WriteChecked
    Product Filter ViewPublic Read/WritePublic Read/WriteChecked
    Product FootnotePublic Read/WritePublic Read/WriteChecked
    Product GroupPublic Read/WritePublic Read/WriteChecked
    Product InformationPublic Read/WritePublic Read/WriteChecked
    Product Option ComponentPublic Read/WritePublic Read/WriteChecked
    Product TranslationPublic Read/WritePublic Read/WriteChecked
    Proposal Document Output FormatPublic Read/WritePublic Read/WriteChecked
    StorefrontPublic Read/WritePublic Read/WriteChecked
    Tax CertificatePublic Read/WritePublic Read OnlyChecked
    Tax CodePublic Read/WritePublic Read OnlyChecked
    TemplatePublic Read/WritePublic Read OnlyChecked
    Template LocalePublic Read/WritePublic Read OnlyChecked
    Temp Object (Comply)Public Read/WritePublic Read/WriteChecked
    Temp Object (CPQ)Public Read/WritePublic Read/WriteChecked
    Temp RenewPublic Read/WritePublic Read/WriteChecked
    Temp Renew Asset GroupPublic Read/WritePublic Read/WriteChecked
    Temp Renew Asset Line ItemPublic Read/WritePublic Read/WriteChecked
    Term ExceptionPublic Read/WritePublic Read/WriteChecked
    User ViewPublic Read/WritePublic Read/WriteChecked
  4. Click Save.

To whitelist custom objects in the storefront

  1. Click All tabs and click Storefronts.

  2. From the list of storefronts, select your Storefront.

  3. Enter all the custom objects API names in the API Objects field with coma separated values.

  4. Click Save

To ensure the user visibility settings is disabled

  1. Go to Setup > in the Quick Find box, search and select Sharing Settings.
  2. Click Edit.
  3. Scroll down to the User Visibility Settings related list and uncheck the following:

    • Portal User Visibility
    • Site User Visibility
  4. Click Save.

To create sharing sets

  1. Go to Setup > in the Quick Find box, search and select Digital Experiences > Settings.
  2. In the Sharing Sets related list, click New to create a sharing set, or click Edit to edit a sharing set.
  3. In the Sharing Set Edit page, fill in the Label and Sharing Set Name fields. Label is the sharing set label as it appears on the user interface. Sharing Set Name is the unique name used by the API.
  4. Enter a description.
  5. Select the following profiles to provide access.

    • Customer Community User
    • Partner Community User

      You can have one sharing set per profile only.


  6. Search and select Opportunity from the list of available objects.
  7. In the Configure Access section, click Set Up to configure access for the selected profiles.
  8. Grant access based on an account lookup:
    • To determine the account lookup on the user, select a value in the User dropdown list.
    • To determine the account lookup on the target object, select a value in the Target Object field.
  9. From Access Level, select Read Only.
  10. Click Update, then click Save.