How do I remove the March 2020 Security Updates
Introduction
In March 1st, 2020, Salesforce is performing a security update that phases our the guest security access on public sites. You can learn more about the rollout plans at Securing Community Cloud community group.
For Payments2Us, this means that the update will stop our online forms from being able to perform crucial updates.
We have been aware of this since November 2019 and made a release available in January 2020 that addresses this. All customers have been notified multiple times starting from November, again in January and also in February.
Our latest release has updates that work well with the Salesforce security updates. Our recommended approach is to install the updates as per the procedure 7.6 Security Improvements Testing
This procedure is for those organisations that have implemented the latest release by the due date, or have performed the release, but have found other Apps installed in their instance do not work
1. Turn off "Enforce New Public Sites Security"
The below steps only apply if you've previously gone through enable Payments2Us to work with the new security updates. If this has never been done, you can continue to step 2.
1.1. Navigate to Merchant Facility
Click the 9 dots in the top right corner. Then search for "Merchant Facility"
1.2. Select All Merchant Facilities Filter and Click into the Primary Active one.
1.3. Remove "Enforce New Public Sits Security"
2. Disable Sites Security Setting
Note, it is Salesforce's intention to not allow this step being performed from approximately May 2020. You'll need to be on the latest version of Payments2Us by then and to have completed all of the post install steps as as per the procedure 7.6 Security Improvements Testing
2.1. Navigate to Setup
From the top right, select setup cog.
2.2. Search for Sharing Settings
Search for Sharing Settings and then click into Sharing Settings.
2.3. Untick "Site guest user record access"
Click Edit and scroll towards the bottom of the screen
Unselect "Site guest user record access" and save.
NOTE: If the "Sites guest user record access" field is greyed out and not selectable, then you'll need to first remove ALL criteria based sharing that has been setup. To do this, cancel this screen, then scroll down and see the related criteria based sharing rules. If Payments2Us sharing rules install procedure had previously been completed, you'll need to delete all of those.
It is only those sharing rules that have been previously setup with "Guest user access, based on criteria" set. Other types of sharing should not impact. If having issues, please contact Salesforce Support.
