Hide First and Last Name Fields in the SOAP API Is Being Retired

The Hide first and last name fields in the SOAP API for site users when making API calls from within a site with nicknames setting is now retired. To secure the first and last name fields when your users make API calls, enable Enhanced Personal Information Management. Use the instructions at Manage Personal User Information Visibility for External Users to classify personal information fields.

Where: This change applies to Aura, LWR, and Visualforce sites accessed through Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Restrict Emails Sent from the Guest User (Release Update)

This update restricts organizations from sending emails from an unverified email address in the guest user record. Orgs with a verified organization-wide email address aren’t affected by this release update, since the “sent from” email address defaults to the org’s verified email address. This update is enforced with the Summer ‘23 release.

Where: This change applies to orgs that have a guest user in Lightning Experience or Salesforce Classic.

When: Salesforce enforces this update in Summer ’23. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.

How: When this update is enforced, emails sent from the org using a guest user’s unverified email address are blocked.

To review this update, from Setup, in the Quick Find box, enter Release Updates, and then select Release Updates. Follow the steps for Restrict Emails Sent from the Guest User.

Restrict Emails Sent from the Guest User (Release Update) (salesforce.com)

Manage Access to Personally Identifiable Information

The Hide Personal Information user management setting is now retired, but you can use Enhanced Personal Information Management to secure personally identifiable information (PII) fields. Customize the user fields that are concealed from external and guest users by adding them to or removing them from the PersonalInfo_EPIM field set.

Where: This change applies to Aura, LWR, and Visualforce sites accessed through Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

How: For customers who enabled the Hide Personal Information setting, but haven’t enabled the Enhanced Personal Information setting, Salesforce hides these personal information fields in user records from external users in Spring ‘23.

  • Alias
  • EmployeeNumber
  • FederationIdentifier
  • SenderEmail
  • Signature
  • Username
  • Division
  • Title
  • Department
  • Extension

When the Show Nicknames preference is enabled, these fields are also hidden.

  • Name
  • First Name (component of the Name field)
  • Last Name (component of the Name field)

Conceal a user field by adding it to a field set in the Object Manager. Drag the field into the PersonalInfo_EPIM field set. Classify only fields that contain user PII. Don’t classify fields that don’t contain PII, such as system fields.

Manage Access to Personally Identifiable Information (salesforce.com)

Apply and Automate Mass Access with User Access Policies (Beta)

Apply user access policies to declaratively grant or remove access to managed package licenses, permission set licenses, permission sets, permission set groups, queues, and groups. Use entitlement-based or user attribute-based criteria to identify users as you build your policies. Automatically apply access when users are created, updated, or both.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise and Unlimited editions.

Why: For example, you’re migrating a group of users from a profile to permission sets and permission set groups. Create filters to identify the users assigned to the profile. Create actions in the user access policy to add access to the appropriate permission sets and permission set groups. Add an action to assign the users to a minimum access profile and remove access to the current profile.

How: For access to the User Access Policies (beta), fill out this form.

Apply and Automate Mass Access with User Access Policies (Beta) (salesforce.com)

Choose the Permission Sets Display When Setting Field-Level Security (Beta)

Now when you set or change field-level security for a field on permission sets, you can view by permission sets with object permissions, or by all permission sets. The view is enhanced so the permission set API name and description displays and columns are sortable.

Where: This change applies to Lightning Experience and Salesforce Classic in all editions.

How: Enable Field-Level Security for Permission Sets During Field Creation (beta) in User Management Settings.

Choose the Permission Sets Display When Setting Field-Level Security (Beta) (salesforce.com)

Query Delegated Group Access via Tooling API

Run API queries on users granted delegated administrator roles to confirm access. With the available objects, you can run queries on members of a delegated group, permissions granted to the delegated group, and users who are members of the delegated group.

Where: This change applies to Lightning Experience and Salesforce Classic in Professional, Enterprise, Performance, Unlimited, and Developer editions.

Query Delegated Group Access via Tooling API (salesforce.com)

Permissions

Automatically or individually grant or remove access to collective users with the User Access Policy feature in beta. Query on delegate administrator access with Tooling API.

  • Query Delegated Group Access via Tooling API
    Run API queries on users granted delegated administrator roles to confirm access. With the available objects, you can run queries on members of a delegated group, permissions granted to the delegated group, and users who are members of the delegated group.
  • Choose the Permission Sets Display When Setting Field-Level Security (Beta)
    Now when you set or change field-level security for a field on permission sets, you can view by permission sets with object permissions, or by all permission sets. The view is enhanced so the permission set API name and description displays and columns are sortable.
  • Apply and Automate Mass Access with User Access Policies (Beta)
    Apply user access policies to declaratively grant or remove access to managed package licenses, permission set licenses, permission sets, permission set groups, queues, and groups. Use entitlement-based or user attribute-based criteria to identify users as you build your policies. Automatically apply access when users are created, updated, or both.

Permissions (salesforce.com)

Recalculate Account Sharing Rules Faster

To improve performance, Salesforce is changing the way that automatic sharing calculation works behind the scenes for case and contact objects. We no longer store child implicit share records between accounts and their child case and contact records. Instead, the system dynamically determines whether users can access child case and contact records when they try to access them. Not storing the child implicit share records speeds up ownership and sharing rule recalculation for accounts.

Where: This change applies to Lightning Experience and Salesforce Classic in Professional, Enterprise, Performance, Unlimited, and Developer editions.

When: This functionality is available after January 10, 2023.

Why: Salesforce provides implicit sharing between a parent account and its child objects (cases, contacts, and opportunities). By no longer creating implicit child share records for cases and contacts, performance is improved when updating the following:

  • Org-Wide Defaults
  • Sharing Rules
  • Group Membership
  • Manual Sharing
  • Account Ownership
  • Role Hierarchy
  • Role Assignments

How: For information on enabling this functionality, contact Salesforce Customer Support.

Recalculate Account Sharing Rules Faster (salesforce.com)

Learn Who Can Access Records and Why

Understanding who can access a record is critical to securing record access in your organization. Check out a record’s sharing hierarchy to view who it’s shared with. You can also see the user’s reason for access and find out if a user’s access is blocked by a restriction rule.

Where: This change applies to Lightning Experience in Professional, Enterprise, Performance, Unlimited, and Developer editions.

How: To see a list of users who have access, click Sharing Hierarchy from the Action Menu on the desired record. To see why the user has access to the record or why access is blocked, click View next to the user’s name.

When you click View, all applicable sharing reasons appear, including the names of owner-based and criteria-based sharing rules.

Learn Who Can Access Records and Why (salesforce.com)

Enable Stronger Protection for Your Users’ Personal Information (Release Update)

Enable Enhanced Personal Information Management to prevent external users, such as portal or community users, from accessing other users’ personal information. This feature, which replaces the Hide Personal Information setting, secures more personally identifiable information (PII) user record fields. You can also decide which custom and standard user fields are considered PII. This release update was first available in Spring ’22 and was scheduled to be enforced in Winter ’23, but we postponed the enforcement date to Spring ’23.

Where: This change applies to Salesforce Classic (not available in all orgs) and Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions.

When: This release update was first available in Spring ’22 and was scheduled to be enforced in Winter ’23, but we postponed the enforcement date to Spring ’23. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.

How: From Setup, in the Quick Find box, enter User Management Settings, and then select User Management Settings. To view and modify fields that are concealed, click in this field set.

For customers who enabled the Hide Personal Information setting, but haven’t enabled the Enhanced Personal Information setting, Salesforce hides these personal information fields in user records from external users in Spring ‘23.

  • Alias
  • EmployeeNumber
  • FederationIdentifier
  • SenderEmail
  • Signature
  • Username
  • Division
  • Title
  • Department
  • Extension

When the Show Nicknames preference is enabled, these fields are also hidden.

  • Name
  • First Name (component of the Name field)
  • Last Name (component of the Name field)

Enable Stronger Protection for Your Users’ Personal Information (Release Update) (salesforce.com)