Definition
Guest User Sharing Rule Access Report is a Setup feature that generates a security report showing which records are accessible to unauthenticated guest users through sharing rules on Experience Cloud sites. This report helps administrators identify and remediate potential overexposure of sensitive data to anonymous visitors.
Real-World Example
The security admin at Apex Dynamics runs the Guest User Sharing Rule Access Report and discovers that a sharing rule is giving guest users on their public support site read access to all Account records instead of just the Knowledge Articles. She immediately restricts the sharing rule to prevent the unintended data exposure.
Why Guest User Sharing Rule Access Report Matters
The Guest User Sharing Rule Access Report is a security audit tool in Salesforce Setup that generates a comprehensive report showing exactly which records are accessible to unauthenticated Guest Users through sharing rules on Experience Cloud sites. This report reveals potential data overexposure by listing every sharing rule that grants Guest Users access to records across all objects. It was created in response to widespread security incidents where organizations inadvertently exposed sensitive CRM data to anonymous internet visitors through misconfigured sharing rules.
As organizations deploy more Experience Cloud sites for different audiences - partner portals, customer communities, public knowledge bases - the risk of sharing rule misconfiguration multiplies. Each site has its own Guest User context, and sharing rules created for one legitimate purpose might inadvertently grant broader access than intended. Running this report regularly is essential for maintaining a strong security posture, especially after any sharing rule changes. Organizations in regulated industries like healthcare and finance face particularly severe consequences if this report reveals that protected data (PHI, PII, financial records) is accessible to unauthenticated users, potentially triggering mandatory breach notification requirements.
How Organizations Use Guest User Sharing Rule Access Report
- Apex Dynamics Corporation — The security admin at Apex Dynamics ran the Guest User Sharing Rule Access Report and discovered a sharing rule giving guest users on their public support site read access to all Account records instead of just Knowledge Articles. She immediately restricted the sharing rule, preventing potential exposure of 15,000 customer Account records to anonymous visitors.
- Meridian Financial Services — Meridian Financial Services includes the Guest User Sharing Rule Access Report in their monthly security audit checklist as required by their SOC 2 compliance program. During one audit cycle, the report identified a newly created sharing rule that would have given Guest Users access to financial Contact records, which was corrected before any data was exposed.
- Pacific Health Network — Pacific Health Network runs the Guest User Sharing Rule Access Report after every deployment to production, integrating it into their CI/CD security gates. This practice caught a sharing rule in a recent release that would have exposed Patient Account records to anonymous visitors on their public symptom checker site, preventing a potential HIPAA violation.