Enable External Org-Wide Defaults in Orgs with Communities or Portals (Critical Update)
Where: This change applies to all communities accessed through Lightning Experience and Salesforce Classic in Essentials, Enterprise, Performance, Unlimited, and Developer editions.
When: This critical update is enforced on June 17, 2019. Orgs that turn on communities after this date have these defaults enabled.
Why: When external org-wide defaults are first enabled, the external access levels are set to match the internal access levels. The default settings might give more data access to external users than you want. In the Critical Update Console, we provide a list of objects that don’t meet Salesforce’s security recommendations for external users.
How: From Setup, enter Critical Updates in the Quick Find box, then select Critical Updates. For Enable External Org-Wide Defaults in Orgs with Communities or Portals, click Activate.
After enabling external org-wide defaults, review your access levels for external users. From Setup, enter Sharing Settings in the Quick Find box, then select Sharing Settings. Under Organization-Wide Defaults, edit the default external access.