To prevent unintended access for external site users when digital experiences are enabled, Salesforce is securing access to records in sandbox orgs. The default sharing group available for roles and subordinates before digital experiences are enabled is now displayed as Roles and Internal Subordinates instead of Roles and Subordinates. To prepare for this change, update code and customizations that reference the old group name. Although Salesforce dynamically converts outdated references during a transition period, all code and customizations must be updated manually to prevent errors
When: Salesforce enforces this update in Summer ’25. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab. This release update is intended for sandbox orgs. Salesforce plans to provide a separate release update for these changes for production orgs in Summer ’25 and enforce it in Winter ’26
Why: Previously, when digital experiences were enabled, records shared with Roles and Subordinates were made available automatically to external site users. To secure access so that records were only available to internal users, it was necessary to use the Convert External User Access wizard and make manual updates. With this update, access to those records is limited to internal users by default
How: Use this release update to test these changes in a sandbox and identify necessary fixes for when this change is later enabled in production via a separate release update. Take caution if this release update is enabled by using the test run in a production org. If the code and customizations still reference the Roles and Subordinates value, users can experience issues
