Enable External Org-Wide Defaults in Orgs with Communities or Portals (Critical Update)

This update enables the External Sharing Model and provides admins with a list of objects whose default external access settings must be reviewed. This update helps you secure your data by letting you set more restrictive levels of access for external users. Before Spring ‘19, org-wide defaults gave internal and external users the same default access to objects. After activating this update, external org-wide defaults are enabled in all orgs with communities or portals.

Where: This change applies to all communities accessed through Lightning Experience and Salesforce Classic in Essentials, Enterprise, Performance, Unlimited, and Developer editions.

When: This critical update is enforced on June 17, 2019. Orgs that turn on communities after this date have these defaults enabled.

Why: When external org-wide defaults are first enabled, the external access levels are set to match the internal access levels. The default settings might give more data access to external users than you want. In the Critical Update Console, we provide a list of objects that don’t meet Salesforce’s security recommendations for external users.

How: From Setup, enter Critical Updates in the Quick Find box, then select Critical Updates. For Enable External Org-Wide Defaults in Orgs with Communities or Portals, click Activate.

After enabling external org-wide defaults, review your access levels for external users. From Setup, enter Sharing Settings in the Quick Find box, then select Sharing Settings. Under Organization-Wide Defaults, edit the default external access.