https://agentforceaccess.com/blog Practical guides on Salesforce record and file access. en-us https://agentforceaccess.com/blog/files-and-guest-experience-cloud-users-exposure https://agentforceaccess.com/blog/files-and-guest-experience-cloud-users-exposure How files become visible to guest and Experience Cloud users in Salesforce — the Visibility field, Set by Record sharing, and the misconfigurations that leak data. Wed, 17 Jun 2026 00:00:00 GMT https://agentforceaccess.com/blog/salesforce-public-file-links-security https://agentforceaccess.com/blog/salesforce-public-file-links-security Public links let anyone with the URL view a Salesforce file — no login. How they work, the expiry and password controls, and how to keep them from leaking data. Sat, 13 Jun 2026 00:00:00 GMT https://agentforceaccess.com/blog/how-file-sharing-works-on-records-contentdocumentlink https://agentforceaccess.com/blog/how-file-sharing-works-on-records-contentdocumentlink The data model behind Salesforce Files: ContentDocument, ContentVersion and ContentDocumentLink — and how ShareType and Visibility decide who can see a file. Tue, 09 Jun 2026 00:00:00 GMT https://agentforceaccess.com/blog/view-all-modify-all-salesforce-bypass https://agentforceaccess.com/blog/view-all-modify-all-salesforce-bypass View All and Modify All quietly bypass the Salesforce sharing model. What they do, where they come from, who to check, and why they matter for AI agents. Fri, 05 Jun 2026 00:00:00 GMT https://agentforceaccess.com/blog/profiles-vs-permission-sets-vs-sharing-rules-salesforce https://agentforceaccess.com/blog/profiles-vs-permission-sets-vs-sharing-rules-salesforce Profiles and permission sets control object and field access; sharing rules control which records. How the two-check model decides what a user can actually do. Mon, 01 Jun 2026 00:00:00 GMT https://agentforceaccess.com/blog/user-cant-see-a-record-they-should https://agentforceaccess.com/blog/user-cant-see-a-record-they-should Why a Salesforce user can't see a record they should — a checklist across object permissions, field-level security, sharing and restriction rules. Wed, 27 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/auditing-record-access-before-deploying-ai-agent https://agentforceaccess.com/blog/auditing-record-access-before-deploying-ai-agent A practical pre-deployment playbook to audit what an Agentforce agent's user can actually see — object and record level — so it can't surface data it shouldn't. Sat, 23 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/implicit-sharing-in-salesforce-explained https://agentforceaccess.com/blog/implicit-sharing-in-salesforce-explained Implicit sharing is the automatic, built-in access between accounts and their child records (and portal users) that no one configures — and the access people forget. Tue, 19 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/restriction-rules-vs-scoping-rules-vs-sharing-rules https://agentforceaccess.com/blog/restriction-rules-vs-scoping-rules-vs-sharing-rules Sharing rules open access, restriction rules reduce it, scoping rules just set the default view. How the three differ and when to use each. Thu, 14 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/organization-wide-defaults-salesforce-explained https://agentforceaccess.com/blog/organization-wide-defaults-salesforce-explained What org-wide defaults are, the access levels, internal vs external defaults, and why every other sharing mechanism can only open access above the OWD baseline. Sat, 09 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/sharing-rules-vs-role-hierarchy https://agentforceaccess.com/blog/sharing-rules-vs-role-hierarchy Role hierarchy grants access automatically up the org chart; sharing rules extend access sideways by criteria or ownership. When to use each, with examples. Mon, 04 May 2026 00:00:00 GMT https://agentforceaccess.com/blog/user-can-see-a-record-they-shouldnt https://agentforceaccess.com/blog/user-can-see-a-record-they-shouldnt A step-by-step way to diagnose why a Salesforce user can see a record they should not, across org-wide defaults, role hierarchy, sharing rules and shares. Tue, 28 Apr 2026 00:00:00 GMT https://agentforceaccess.com/blog/do-agentforce-agents-bypass-salesforce-sharing https://agentforceaccess.com/blog/do-agentforce-agents-bypass-salesforce-sharing No — Agentforce agents run as a Salesforce user and inherit that user's permissions and sharing. Here is what that means for data exposure and how to stay safe. Tue, 21 Apr 2026 00:00:00 GMT https://agentforceaccess.com/blog/who-can-see-a-file-in-salesforce https://agentforceaccess.com/blog/who-can-see-a-file-in-salesforce How Salesforce decides who can see a file: private shares, files attached to records, library files, public links and guest users — and how to check access. Tue, 14 Apr 2026 00:00:00 GMT https://agentforceaccess.com/blog/insufficient-access-rights-on-cross-reference-id https://agentforceaccess.com/blog/insufficient-access-rights-on-cross-reference-id What the Salesforce "insufficient access rights on cross-reference id" error means, the five things that cause it, and a step-by-step way to fix it. Wed, 08 Apr 2026 00:00:00 GMT https://agentforceaccess.com/blog/who-can-see-a-record-in-salesforce https://agentforceaccess.com/blog/who-can-see-a-record-in-salesforce A practical guide to how Salesforce decides who can see a record — org-wide defaults, role hierarchy, sharing rules, manual shares, teams and territories. Thu, 02 Apr 2026 00:00:00 GMT