Secure Guest User Record Access Guidelines

In the upcoming releases of Salesforce (Summer ’20 / Winter ’21), there is a setting called Secure guest user record access that is enabled by default. When this setting is enabled, the online payment link will stop working.

To ensure that the online payment link continues to work, we have upgraded your version of Payment Center. The new upgrade is now deployed into your Salesforce organization.

There are however other settings that you need to perform/verify to ensure proper operation. Please review the guidelines outlined below.


1. Assign Permission Sets

1.1. Ensure that your users are assigned this permission set (or at a minimum, they should have Payment Center Upgrade Permissions).

1.2. If you are using Payment Center with Accounting Seed, ensure that the Site Guest User is assigned the permission set Payment Center + Accounting Seed Permissions. More info here.


2. Edit Receipt Template

Click on the App Launcher and search for Payment Center Settings. Go to  Payment Center Settings | Payment Receipt button:

On the page that comes up, click Edit Template:

Scroll all the way to the first line of the template and add the following:


For example:

<messaging:emailTemplate subject="{!Relatedto.fw1__Payment_Receipt_Email_Subject__c}" recipientType="Contact" relatedToType="fw1__Payment__c" renderUsingSystemContextWithoutSharing="true">

Save your template.

If you have two templates, please edit both of them.


3. Add Sharing Rule/s

You will only need to perform this step if you have custom automation that gets triggered after a payment is made, especially if the automation was written in Apex Classes or Flows.

For example, let’s say you have an automation that reads GL Account records in order to create journal entries after a payment is made. To ensure that the automation is able to read the records, you will need to create a Sharing Rule on GL Accounts.

To create a Sharing Rule, go to Setup | Security | Sharing Settings. Under your object’s Sharing Rule, click New:

Populate the appropriate fields as follows:

Save your Sharing Rule.

Depending on what your automation needs, you may have to add sharing rules to multiple objects.

NOTE: If your automation was created to run in “system mode”, you may not have to perform this step. Please consult with the author of the automation to review.

If you need some time to review, you can disable Secure guest user record access for the time being. This will allow you to continue accepting online payments while you review your automation.

To disable the setting, go to Setup | Security Controls | Sharing Settings. Edit and uncheck Secure guest user record access. You may have to delete the sharing rule you’ve created in order to disable the setting.


4. AscentERP Extension

If you are using Payment Center with AscentERP, upgrade the extension package called Ascent2Kult if you have it installed in your Salesforce organization. Please use the following link to install:

Follow onscreen instructions to complete installation.