[SalesForce] How do guest communities allow access to detail pages

Do communities evaluate the Record requested when determining if a page should be accessible?

So we have a guest community, which we share some accounts to, for varying purposes. For some childA and ChildB must be visible, and for others it must not, but Account -> ChildA -> ChildB have a master detail, and are Controlled-by-parent. OWD for external access on Account has been set to private, so we have to share accounts to make them visible. Guest user has READ on the objects in question.

We are using custom lightning components to control how people can dig through the schema hierarchy, but it seems someone has been messing with URLs to find records they shouldn't.

We have decided to set the community global default to private, and then make the pages we want to display public in their page settings, but for the pages with master-detail relationships, we cannot set that setting. The message is

Page Access:
Your community-wide access level is set to Requires Login.
However, access to this object page depends on your Salesforce
security settings. Not sure who can see what? Ask your Salesforce
admin.

Right now, if someone tries to access ChildA when they should be able to, and the account is shared, the user is directed to login.

Do communities evaluate the Record requested when determining if a page should be accessible, or do they just reads the OWD and decides ALL records are inaccessible, despite the sharing?

Best Answer

Do communities evaluate the Record requested when determining if a page should be accessible?

Yes they evaluate access based on the user/guest user. check documentation here on how they check page/record access.Below is how the hierarchy of access works.

enter image description here

We have decided to set the community global default to private, and then make the pages we want to display public in their page settings, but for the pages with master-detail relationships, we cannot set that setting. The message is Page Access: Your community-wide access level is set to Requires Login. However, access to this object page depends on your Salesforce security settings. Not sure who can see what? Ask your Salesforce admin.

For you to allow guess users to access object pages you need to enable this check box in community builder settings.Once you do this and if you have opened up guest user access to the record in question they will be able to see the information.

What you have done is the right way to do Make external sharing settings private and allow access to the specific records for the guest user.

Final Note: Do Publish the community before testing out these changes.

enter image description here