Salesforce Experience Cloud & Sites

Owned by William Boyd
Feb 01, 2024
3 min read

Profiles & Permission Sets

Salesforce Experience Cloud, earlier known as Salesforce Community Cloud, is a digital experience platform in Salesforce that aids companies in building a digital space for all their customers, partners, and employees for seamless communication.

When a user has access to the portal, they have been assigned one of the many Salesforce external user licenses.
i.e. The portal user will not have the same Salesforce license or permissions that a normal Salesforce user or Admin has when they authenticate and log into Salesforce.

If there are any features or operations within the portal that require T4S custom code functionality, a special Salesforce Permission Set or Profile will need to be created and assigned to the portal user so that T4S can be accessed.
This is the same requirement for any other managed package that a portal user may need to access within your Salesforce Organisation.
If no T4S custom code is called or referenced within the portal, then you may not need to create any custom Portal User Permission Set.

When a portal is used, it is recomended that T4S Server web.config configuration is configured to use the “SalesforceApiUserOnly“ = TRUE setting, so that the configured Integration API user is only ever used to update Salesforce records, rather than T4S trying to use the calling Salesforce user context to respond and update the Salesforce Records.

Salesforce by default restricts certain permissions that can be assigned to portal users.
i.e. A portal user Permission Set cannot have “View All“ or “Modify All” permissions on any sObjects, as well as “Edit“ or “Delete“ permissions.

T4S Salesforce package is installed with an example Permission Set that can be used as a base to create your own custom cloned T4S Permission Sets.

Due to the restrictions placed on the Portal User's allowed permissions, a cloned copy of the permission set for the portal user will require many of the provided sObject permissions to be edited and restricted.
i.e. By removing “View All“, “Modify All“ and “Edit“ from each sObject within the portal user permission set.

Testing will be required to make sure your portal users have the correct permissions assigned to them to call any T4S-related custom code.

A common example would be where a portal user is required to upload a document.
When the document is uploaded, T4S creates a Trim Record pointer and schedules the document to be sent to Content Manager.
The creation of the Trim Record pointer from the uploaded document requires the portal user to have a profile or permission set to “create“ a Trim Record.

The sending of the document to Content Manager can be handled by a scheduled process that runs outside of the portal user's context.

Accessing Records within Content Manager

By default, a portal user will not be able to access any files stored within the Content Manager through T4S.

If a Salesforce File that has been saved into Content Manager through T4S, and still exists within Salesforce.
Then the Salesforce version of the file will still be available to the portal user.

If the file has been removed from Salesforce when T4S saved it into Content Manager, then there are several options using the T4S public API to retrieve the file for the porta user.

  • If the file in Content Manager is less than 3Mb in size, then a custom script could be created to have T4S download the file from Content Manager and send it to the portal user's browser.

  • Another option if the file is less than 3Mb is for T4S to download the file, and email the file to the user as an email attachment.

  • When a file is larger than 3Mb and the file no longer exists within Salesforce, then T4S can save the file back into Salesforce, making it once again available to the portal user.