Security overview
You can enhance the security of your Candidate Portal by adding to the Registration page:
- An I am not a robot checkbox
- An I'm not a robot checkbox with additional validation provided through Google reCAPTCHA.
- In addition, the Salesforce Summer 20 release introduced enhanced security for the Guest User profile to prevent inappropriate access to data. These changes impact Recruit Candidate and Agency portals:
- Sharing Settings for all orgs now have Secure guest user record access selected by default.
Secure guest user record access sets the guest user org-wide access level to Private for all objects, with Read and Create as the only available permissions. With effect from the Salesforce Winter 21 release, Update, Delete, View All, and Modify All permissions are no longer available.
- Sites Settings affecting all sites now have Assign new records created by Salesforce Sites guest users to a default owner in the org selected by default.
This setting ensures the guest user is no longer automatically the owner of records they create. To support this setting the Sites Detail page includes a Default Record Owner field enabling you to nominate a record owner for each Site.
- Email templates of type Visualforce used for sending emails through Recruit portals must have the attribute:
renderUsingSystemContextWithoutSharing set TRUE
If the attribute is not set to TRUE, emails sent through the portals using the Visualforce templates will not be received by the recipient.
All email templates released by Sage People are either Text or HTML and are not affected by the security change.
- Recruit Noticeboard Images embedded in Rich Text fields require a sharing rule to enable display on the Candidate and Agency portals.