Experience Cloud Consultant Sharing, Visibility, and Licensing

Sharing, Visibility, and Licensing Detailed Explanation

Core Definition

In any community built on Experience Cloud, it's essential to manage:

1. Data Sharing: Who can access what data within the community.
2. Visibility: What external users (customers, partners, or guest users) are allowed to see or do.
3. Licensing: Assigning the correct licenses to external users to enable the appropriate functionality.

Why is this important?

• Sharing and visibility ensure data security and compliance.
• Proper licensing ensures users have the right access levels without exceeding costs.

1. Data Sharing Model

Salesforce uses a layered sharing model to control access to data.

1.1 Sharing Hierarchy

This hierarchy governs how data is shared within the community:

1. Organization-Wide Defaults (OWD):

   • This is the baseline level of access to an object’s data for all users.
   • Examples:
     • Public Read/Write: Everyone can see and edit data.
     • Private: Only record owners can see their records unless shared explicitly.
   • Practical Example:
     • In a Customer Portal, you set Cases to "Private" so that customers only see their own support tickets.

2. Role Hierarchy:

   • Data is shared upwards based on a hierarchy.
   • Example:
     • A sales manager can see the records of their team members.

3. Sharing Rules:

   • These provide exception-based access to groups of users.
   • Example:
     • In a Partner Portal, create a sharing rule to let all partner users access sales opportunities related to their region.

4. Manual Sharing:

   • Record owners or administrators can share records manually with specific users.
   • Example:
     • A partner manager manually shares a deal with another partner for collaboration.

1.2 Visibility in Communities

Communities often include external users with varying access levels, so understanding how visibility works is crucial.

1. Community User Access:

   • Community users are assigned external sharing settings:
     • Example: If OWD is "Private," external users only see records explicitly shared with them.

2. Guest Users:

   • These are unauthenticated users (not logged in).
   • They can:
     • Access public pages.
     • View specific records or files explicitly made public.
   • Limitations:
     • Cannot perform operations like submitting a case unless configured.

3. File Sharing:

   • Control file access via library permissions.
   • Example: Share knowledge base articles with external users while restricting internal files.

2. User Licensing

Salesforce licenses determine what features and capabilities a user can access. Here’s a breakdown:

2.1 License Types

1. Customer Community License:

   • Purpose: For customers who need basic functionality.
   • Key Features:
     • View knowledge articles.
     • Submit cases.
     • Track their cases.
   • Example Use Case:
     • A retail customer portal where users can log in to track orders and submit complaints.

2. Partner Community License:

   • Purpose: For external partners who require access to advanced functionality.
   • Key Features:
     • Manage leads, accounts, and opportunities.
     • Collaborate with internal sales teams.
   • Example Use Case:
     • A partner distributor managing sales opportunities in a partner portal.

3. Lightning External Apps License:

   • Purpose: For broader external users who need flexible functionality, such as access to custom applications.
   • Key Features:
     • Access to custom objects and applications.
     • Restricted access to core Salesforce objects.
   • Example Use Case:
     • External vendors logging into a custom application to manage their contracts.

2.2 License Allocation

1. Linking Licenses to Communities:
   • Each community user must be assigned a license.
   • License type determines the user’s access scope and permissions.
2. Optimizing Licensing Costs:
   • Assign Customer Community Licenses for basic needs.
   • Reserve Partner Community Licenses for users requiring advanced capabilities.

3. Practical Application

Let’s see how you would apply these concepts in real-world scenarios:

Scenario 1: Configuring Sharing Rules

Goal: Allow partners to view opportunities related to their region.

1. Set OWD for Opportunities to Private.
2. Create a Partner Role in the Role Hierarchy.
3. Configure a Sharing Rule:
   • Share opportunities with users in the "Partner Role."
   • Define criteria, such as sharing only opportunities where the region matches the partner’s assigned region.

Scenario 2: Setting Up External User Roles

Goal: Restrict access to customer support cases for authenticated users.

1. Set OWD for Cases to Private.
2. Assign external users to a specific role (e.g., "Customer Role").
3. Use profiles and permission sets:
   • Allow only "Read" and "Create" access to Cases.
   • Restrict access to other Salesforce objects.

4. Exam Focus

To excel in this section, focus on the following key areas:

4.1 Configuring Sharing Rules and Permissions

• Understand how to use:
  • OWD to set baseline data access.
  • Sharing rules for exception-based access.
  • Roles and role hierarchy for data visibility.
• Sample Exam Question:
  • "What should you configure to allow external users to view records in a Partner Portal while keeping them private for others?"
    • Answer: Create a Sharing Rule for the Partner Role.

4.2 License Types and Use Cases

• Be able to match the correct license type with a scenario:
  • Sample Exam Question:
    • "Which license should you use for users who need to track cases but not manage opportunities?"
      • Answer: Customer Community License.

Why This Topic Matters

Understanding Sharing, Visibility, and Licensing ensures you can:

1. Build secure communities that protect sensitive data.
2. Provide the right level of access to external users based on their roles.
3. Optimize licensing to balance costs and functionality.

This knowledge is critical for tailoring solutions that meet business requirements while adhering to best practices.

Sharing, Visibility, and Licensing (Additional Content)

1. Security for Guest and Authenticated Users

Key Security Considerations in Experience Cloud

Experience Cloud security ensures data protection and controlled access for guest users and authenticated users. It is crucial to prevent unauthorized access and manage data visibility correctly.

Guest User Security

• Guest users have very restricted access by default.
  • Cannot access most standard objects unless explicitly enabled (not recommended for sensitive data).
  • Can view public knowledge base articles and FAQs, but cannot submit cases unless configured with Experience Cloud Guest User Profile.
• Restrict guest user access to sensitive information:
  • Use Organization-Wide Defaults (OWD) to set guest user access to Private.
  • Disable API access for guest users to prevent data scraping.
  • Use Sharing Sets carefully to grant only necessary permissions.

Authenticated User Security

• Registered users have controlled access through:
  • Profiles & Permission Sets → Define user capabilities.
  • Sharing Sets & Sharing Rules → Grant data access securely.
• Prevent unauthorized access with:
  • Enforce Secure Record Access → Ensures proper security compliance.
  • Limit API access to prevent external data exposure.
  • Restrict external sharing of records using Sharing Rules instead of making data globally accessible.

2. Sharing Model Optimization: Sharing Sets vs. Sharing Rules

Sharing Sets (Specific to Experience Cloud)

• Used only for external users (Customer Community, Customer Community Plus).
• Grants access to records based on user profile.
• Common use cases:
  • Customers accessing only their own case records.
  • Members viewing only their associated contracts.

Sharing Rules (For All Salesforce Users)

• Applies to both internal and external users.
• Shares records based on roles, public groups, or role hierarchies.
• Common use cases:
  • Partners accessing sales records based on geographic region.
  • Employees sharing reports and dashboards with specific teams.

3. Licensing Limitations and Optimization

Choosing the Right License

Understanding Experience Cloud licensing is essential for optimizing costs and ensuring users have the required functionality.

License Type	Use Case	Limitations
Customer Community	Basic customer self-service, case submission, knowledge base access.	No access to Reports & Dashboards, role hierarchy.
Customer Community Plus	Enhanced customer collaboration, role-based data access.	No access to Campaigns, Opportunities, or Leads.
Partner Community	B2B partner relationship management, sales collaboration.	Full access to Leads, Opportunities, and Campaigns but higher cost.
Lightning External Apps	External users who need custom applications with limited CRM access.	Restricted access to Salesforce standard objects.

4. External User Security Policies

Key Security Configurations for External Users

1. Login IP Ranges

• Restricts users from accessing the Experience Cloud site from unauthorized locations.
• Prevents logins from untrusted networks.

2. Session Timeouts

• Automatically logs users out after a period of inactivity.
• Reduces the risk of unauthorized access if a user forgets to log out.

3. Multi-Factor Authentication (MFA)

• Adds an extra layer of security by requiring a second authentication factor (e.g., mobile app or SMS code).
• Mandatory for external users handling sensitive data.

4. Profile-Based API Access

• Restricts which users can make API calls, preventing external users from retrieving data programmatically.