This update restricts users’ access to navigation menus in the Experience Cloud sites that they’re a member of. This change improves site security by enforcing existing user access permissions when you use an Apex controller in a custom component to query the NavigationLinkSet or NavigationMenuItem objects. Navigation menus that are queried using Connect APIs already enforce user access permissions and are therefore unaffected by this change. This update was first available in Winter ’23.
Where: This change applies to Aura, LWR, and Visualforce sites accessed through Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.
When: Salesforce enforces this update in Spring ’23. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.
How: Before you enable this update in production, we recommend that you test your sites with this update enabled in a sandbox or Developer Edition org.
When this update is activated, only the NavigationLinkSet and the NavigationMenuItem objects from Experience Cloud sites that a user is a member of are returned when a custom component queries them using Apex controllers. After you enable the test run, ensure that custom navigation menus in your sites work as expected for all users. If they don’t, make relevant adjustments.
To activate this update, from Setup, in the Quick Find box, enter Release Updates, and then select Release Updates. For Apply User Access Permissions to Navigation Menus Retrieved by Apex in Experience Cloud Sites, follow the testing and activation steps.