# Guest User & Experience Cloud Configuration #### Why? By default, Salesforce Guest Users (unauthenticated users on a public site) have highly restricted permissions. They cannot "run" standard Apex that interacts with records they don't own. The S-Docs SDK provides a System Mode override. This allows the document engine to run "above" the Guest User’s limited permissions, using System-level authority to query templates and generate files safely. #### What: The Security Model When a Guest User triggers the SDK (via a Flow or LWC), Salesforce typically blocks the transaction due to "Insufficient Privileges." By enabling System Mode, you are telling S-Docs to execute the generation logic as a System Administrator while still attaching the final file to the correct record. *** #### Solve: Implementation Steps **1. Configure the Invocable Action (Flow)** If you are using a Flow to trigger the SDK for a Guest User: 1. Open your Flow and select the S-Docs: Generate Document action. 2. Look for the input parameter: System Mode Generation (Experience Cloud). 3. Toggle this to Include and set the value to `{!GlobalConstant.True}`. **2. Configure the LWC (Custom UI)** If you are calling the SDK from a custom Lightning Web Component: 1. Ensure your Apex Controller is defined with `without sharing` to bypass initial record visibility checks. 2. In the LWC property editor (within Experience Builder), check the box for System Mode Generation. **3. Set Site Permissions** Even with System Mode enabled, the Guest User Profile needs basic access to the S-Docs objects: 1. Navigate to Experience Builder > Settings > General and click on the Guest User Profile. 2. Grant Read access to: * `S-Docs Templates` * `S-Docs` * `S-Docs Signatures` (if using S-Sign) 3. Ensure the Guest User has Create access to the `S-Docs` object so the record can be inserted. *** #### Technical Behavior * Ownership: The resulting S-Doc and ContentVersion will typically be owned by the "Site Guest User" or a designated "Default Workflow User," depending on your Org's automation settings. * NetworkId: S-Docs automatically detects the `NetworkId` (the ID of the Experience Cloud site) to ensure the document is associated with the correct community workspace. *** #### ⚠️ Constraints & Best Practices * Internal Org Restriction: System Mode is only for Experience Cloud Guest Users. Enabling it within your internal Salesforce org (for logged-in employees) will result in a generation failure. * Security Risk: Because System Mode bypasses sharing rules, ensure your Flow or LWC has its own validation logic (e.g., verifying an Email or Access Code) to prevent unauthorized users from "guessing" record IDs and generating sensitive data. * Files Access: Ensure "Users can't see files they don't own" is not strictly enforced in a way that prevents the Guest User from seeing the *Preview* of the file they just created. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sdocs.com/developer-hub/document-generation-workflows/apex-and-programmatic-automation/software-development-kit/implementation-solves/guest-user-and-experience-cloud-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.