Introduction :
Salesforce Sites provide a powerful way to expose your organization’s functionality to the public, allowing guest users to interact with forms and submit data without requiring a login. However, security restrictions have always prevented guest users from having edit permissions on Salesforce objects, making it difficult for developers to use input fields in Visualforce pages for public-facing forms. To overcome this limitation, Salesforce introduced the `ignoreEditPermissionForRendering` attribute, which allows developers to render input fields for guest users without requiring edit permissions. This blog explains how this new feature works and how you can use it to enhance the guest user experience on Salesforce Sites.
Concept :
Previously, guest users accessing your Salesforce Sites were unable to interact with editable fields on Visualforce pages due to the inability to grant edit permissions. This posed challenges, particularly for forms like lead generation, event registration, or feedback submission, where users need to input data. Since guest profiles cannot have edit permissions for security reasons, the “ tags failed to render in edit mode for these users.
To solve this, Salesforce added the `ignoreEditPermissionForRendering` attribute to the “ tag. By setting this attribute to `true`, input fields will render for guest users without requiring them to have edit permissions. This enables you to build interactive forms while maintaining Salesforce’s strict security controls for guest users.
Code Example :
Let’s see how this can be applied to a Salesforce Site, such as a lead submission form, where guest users are allowed to fill in details and submit data.
Visualforce Page (Hosted on Salesforce Site):
<apex:outputLabel value=”First Name:” for=”firstName”/>
<apex:inputField value=”{!lead.FirstName}”ignoreEditPermissionForRendering=”true” id=”firstName” />
<apex:outputLabel value=”Last Name:”for=”lastName”/>
<apex:inputField value=”{!lead.LastName}”ignoreEditPermissionForRendering=”true”
id=”lastName” />
<apex:outputLabel value=”Email:” for=”email”/>
<apex:inputField value=”{!lead.Email}”ignoreEditPermissionForRendering=”true” id=”email” />
<apex:commandButton value=”Submit” action=”{!saveLead}” />
</apex:form>
</apex:page>
Custom Controller (GuestLeadController):
public class GuestLeadController {
public Lead lead { get;set; }
public void init() {
lead = newLead();
}
public PageReference saveLead() { try {
insert lead;
ApexPages.addMessage(new ApexPages.Message(ApexPages.Severity.CONFIRM, ‘Lead submitted successfully!’));
}
catch(Exception e) {
ApexPages.addMessage(new ApexPages.Message(ApexPages.Severity.ERROR, ‘Error: ‘ + e.getMessage()));
}
return null;
}
}
See how FieldAx can transform your Field Operations.
Try it today! Book Demo
You are one click away from your customized FieldAx Demo!
Conclusion:
Previously, guest users accessing your Salesforce Sites were unable to interact with editable fields on Visualforce pages due to the inability to grant edit permissions. This posed challenges, particularly for forms like lead generation, event registration, or feedback submission, where users need to input data. Since guest profiles cannot have edit permissions for security reasons, the <apex:inputField> tags failed to render in edit mode for these users.
To solve this, Salesforce added the ignoreEditPermissionForRendering attribute to the <apex:inputField> tag. By setting this attribute to true, input fields will render for guest users without requiring them to have edit permissions. This enables you to build interactive forms while maintaining Salesforce’s strict security controls for guest users.
Author Bio
