Overview:
The Guest User permissions are being restricted to read and create. Regardless of what the Sharing Settings say, if the org is updated to Salesforce's Winter '21 package then the Guest User has been restricted. We have a few recognized issues that have come up but has been intermittent across the board with instances that have been updated. The below detail will help in troubleshooting the necessary Guest User permissions and the sharing rules needed to give the necessary access.
Best Practice:
It is a system Best Practice to setup all Four of the Sharing Rules shown below.
Login as the System Administrator User
Navigate to Setup
In the Company Profile section, click on Company Information
Make note of the Instance in the bottom right-hand corner
2) Go to the Salesforce Trust Site and search for the Instance found in Step 1.
https://status.salesforce.com/
Upon finding the instance you switch over the maintenance tab and you'll be able to see if the instance has been upgraded with the Winter '21 Major Release.
Recognized Issues:
1) The eLead automation was changed by removing the 'with sharing' clause. This allows the running user to be another user other than the Guest User. If the Guest User cannot see any other user then the eLead may not get created or converted. (Resolution 1.1)
2) When eLeads are converted the code will create a Lead Source and will look for matching Sources to link to the Lead Source. If the Guest User cannot see the Source object and its records then the conversion process will keep creating duplicate Source records. (Resolution 2.1)
3) The eLead can be related to a Vendor (Account) and when the conversion process takes place the Lead Source is also related to that Vendor (Account). If the Guest user does not have access to read Accounts then the eLead and/or Lead Source may not be related to that Account. (Resolution 3.1)
4) The eLead conversion process does look to convert a Lead Source and Marketing Opportunity onto an already existing Prospect. If the Guest User does not have read access to already existing Prospect a new one may be created every time instead of merged onto an existing one matching criteria. (Resolution 4.1)
Permissions Needed:
- Read (will need a sharing rule to grant if object is private)
Prospect, Lead Source, Marketing Opportunity, Source, Interest, Appointment, Account
-Create (cannot write a sharing rule, just know the Guest User has this permission if needed)
Prospect, Lead Source, Marketing Opportunity, Source, Interest, Appointment, Account
Resolutions:
1.1 - Granting Read Permissions to the Guest User Profile on User
Go to Setup > Sharing Settings and Select the User Object. Click New Sharing Rule.
When creating the Sharing Rule select 'Guest user access, based on criteria'. The criteria is Active = True. Share with select the guest user that is having issues. Grant Read Only access.
2.1- Granting Read Permissions to the Guest User Profile on Source
Go to Setup > Sharing Settings and Select the Source Object. Click New Sharing Rule.
When creating the Sharing Rule select 'Guest user access, based on criteria'. The criteria is Source Name not equal to BLANK. Share with select the guest user that is having issues. Grant Read Only access.
3.1- Granting Read Permissions to the Guest User Profile on Account
Go to Setup > Sharing Settings and Select the Account Object. Click New Sharing Rule.
When creating the Sharing Rule select 'Guest user access, based on criteria'. The criteria is Type equal to Vendor. Share with select the guest user that is having issues. Grant Read Only access.
4.1 Granting Read Permissions to the Guest User on Prospect.
Go to Setup > Sharing Settings and Select the Prospect Object. Click New Sharing Rule.
When creating the Sharing Rule select 'Guest user access, based on criteria'. The criteria is Primary Last Name not equal to BLANK. Share with select the guest user that is having issues. Grant Read Only access.
