Review access changes to Customization features that take effect with the Summer ’20 release.

Muting Permission Sets

• Access to muting permission sets is limited to authenticated users with the View Setup and Configuration, Manage Session Permission Set Activations, or Assign Permission Sets permission.

Object Settings, Assignments, and Permissions

– Users must have the View Setup and Configuration permission to access the following settings, assignments, and permissions for standard and custom objects in a specified profile or permission set:

• Client settings
• Field permissions
• Layout assignments
• Object permissions
• Permission dependencies
• Permission set tab settings
• Permission set group components
• Record types

Permission Dependencies

• Access to permission dependencies through the API is limited to authenticated users with the View Setup and Configuration permission.

Permission Set License Assignments

• Users must have the View Setup and Configuration or the Assign Permission Sets permission to access permission set license assignments through the API.

Profile Layouts and Record Visibility

• Users must have the View Setup and Configuration permission to access profile layouts, profile layout assignments, and the visibility of record types for users assigned to a profile.

Share Objects

• Access to sharing entries on the Account, Campaign, Case, Contact, Lead, Opportunity, and Order objects is limited to users with access to the object itself. Access to sharing entries on the User object is limited to standard users and users with the Customize Application permission.

User Roles

• Access to user roles is available for users with the View Roles and Role Hierarchy permission. Editing user roles is available for users with the Manage Roles permission.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_general_permissions.htm&release=226&type=5

To better protect your Salesforce org’s data, we restricted who can view record names in lookup fields. Users must have read access to these records or the View All Lookup Record Names permission to view this data. This update also applies to system fields, such as Created By and Last Modified By. This update, released in Spring ’20, was scheduled for auto-activation (enforcement) in Winter ’21, but was postponed in August 2020 to Spring ’21.

Where: This change applies to Lightning Experience and Salesforce Classic in all editions.

When: Salesforce enforces this update in the Spring ’21 release. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.

Why: Admins have more control over what users see on records. Currently, users can view record names in lookup fields without read access to those records.

After this update is enforced, users who don’t have read access or the View All Lookup Record Names permission see the lookup field labels, but not the data in the fields.

How: Admins can enable the View All Lookup Record Name permission in custom profiles or permission sets. Only enable this permission for users who must see record names in all lookup and system fields, regardless of sharing settings.

We recommend that you test this update in a sandbox or Developer Edition org before enabling it in your production org.

To apply this update, from Setup, in the Quick Find box, enter Release Updates, then select Release Updates. For Require Permission to View Record Names in Lookup Fields, click View Details or Get Started.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_general_lookup_field_postponed.htm&release=226&type=5

You can send up to 20,000 iOS and 10,000 Android push notifications per hour per org.

Where: This change applies to mobile apps installed from the AppExchange that send push notifications. Packages can be installed in Essentials, Group, Professional, Enterprise, Performance, Unlimited, and Developer editions.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_general_push_limits.htm&release=226&type=5

A profile or a permission set can have an entity, such as Account, with a master-detail relationship. A broken permission dependency exists if the child entity has permissions that the parent should have. Salesforce updates the parent entity for a broken permission dependency on the first save action for the profile or permission set.

Where: This change applies to Lightning Experience, Salesforce Classic, and all versions of the mobile app in all editions.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_general_self_healing.htm&release=226&type=5

Now you can assign a least-privilege profile to a user, and then add more permissions via permission sets and permission set groups. The Minimum Access – Salesforce profile includes Access Activities, Chatter Internal User, Lightning Console User, and View Help Link permissions.

Where: This change applies to Lightning Experience, Salesforce Classic, and all versions of the mobile app in all editions.

How: In Setup, enter Profiles in the Quick Find box, and click Profiles to see the new profile.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_general_new_profile.htm&release=226&type=5

To safeguard your Salesforce org’s data, we’re enabling the Secure guest user record access setting. This setting enforces private org-wide defaults for guest users and restricts the sharing mechanisms that you can use to grant record access to guest users. To prepare, follow the instructions in the Secure Guest Users’ Org-Wide Defaults and Sharing Model security alert on reviewing guest user sharing settings and creating guest user sharing rules.

Where: This change applies to orgs with active communities and sites in Enterprise, Essentials, Unlimited, Performance, and Developer editions.

When: The timelines for the rollout and enforcement of this setting are published in Guest User Security Policies and Timelines.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_sharing_guest_security_alert.htm&release=226&type=5

External account hierarchies take the complexity out of sharing data. Now partners and customers can easily share data with other external accounts in their hierarchy.

Where: This change applies to Lightning communities accessed through Lightning Experience and Salesforce Classic in Performance, Unlimited, and Developer editions.

Who: This feature is available to Partner and Customer users only.

What: Like Salesforce role hierarchies, data that belongs to accounts in an external account hierarchy is available to the parent in the hierarchy. As a result, external users don’t have to rely on sharing rules to access data from their child accounts.

How: Enable external account hierarchies in Communities Settings. After you enable the preference, the External Account Hierarchy object is available in your org.

https://help.salesforce.com/s/articleView?id=release-notes.rn_networks_external_account_hierarchy.htm&release=226&type=5

Configure Embedded Login to use the discoverable login page type or any other custom login page type already set up for your community.

Where: This change applies to Lightning communities accessed through Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Where: This change applies to Lightning communities accessed through Lightning Experience and Salesforce Classic in Essentials, Performance, Unlimited, and Developer editions.

https://help.salesforce.com/s/articleView?id=release-notes.rn_networks_2FA_external_identity_license.htm&release=226&type=5

Protect access to your company’s data when you send emails that use Visualforce Classic email templates to guest users. Review and update these templates so that they can still be used.

Where: This change applies to Salesforce orgs with active public communities, sites, and portals in Enterprise, Performance, Unlimited, and Developer editions.

When: This security policy was released in Spring ’20 and was immediately enforced.

Who: This change applies to Visualforce email templates that target guest users in communities.

Why: Emails that use Visualforce email templates send information based on a user’s access to Salesforce data. But because data access for guest users is limited in Salesforce, the template doesn’t work.

https://help.salesforce.com/s/articleView?id=release-notes.rn_networks_guest_visualforce_templates-226.htm&release=226&type=5