Top 23 Salesforce Experience Cloud Interview Questions and Answers — Portals, LWC, Sharing & Guest Users Explained
☁️ Experience Cloud
Salesforce Experience Cloud Interview Questions — Portals, LWC, Sharing & Guest Users Explained
Licenses, ARO, Templates, SSO, Sharing Sets, Guest User Security & More — Real Scenarios for Interviews
Basic
Intermediate
Advanced
23 Questions
Questions Index
1What is Salesforce Experience Cloud?
2Common Use Cases of Experience Cloud
3Types of Experience Cloud Licenses
4Member-Based vs Login-Based Licenses
5What is Account Role Optimization (ARO)?
6Types of Templates in Experience Cloud
7Types of Workspaces Available
8Higher Than Usual Traffic on Your Site
9Single Sign-On vs Social Sign-On
10Sharing Sets vs Sharing Rules
11What are Share Groups?
12Process to Set Up Community Site Users
13How to Expose an LWC to Community
14Can't Get RecordId in Community LWC
15Configurable Components for Community
16Main Limitations of LWR Community
17What is Head Markup for a Community?
18Moderation and Gamification in Community
19What is External OWD in Experience Cloud?
20Guest User Can't View Data in LWC
21Provide Record Access to Guest Users
22What is the Guest User Profile?
23Guest User Can't Update Data in LWC
Q
Question 01 · 🟢 Basic
What is Salesforce Experience Cloud?
✅ Answer
Experience Cloud (formerly Community Cloud) is Salesforce's digital experience platform that lets you build branded portals, websites, and mobile apps for external users — customers, partners, and employees — connected directly to your Salesforce data. 🌐
📌 What Experience Cloud Actually Does
- ✅Exposes Salesforce data to external users via a portal or website
- ✅Allows external users to log in, view, and interact with records
- ✅Supports custom branding, themes, and page layouts
- ✅Supports LWC, Flows, Knowledge Articles, Cases, and more
- ❌Does NOT give external users access to the full Salesforce UI
- ❌NOT a replacement for internal Salesforce — it's a separate surface
📋 Key Facts
| Aspect | Detail |
|---|---|
| Previous Name | Community Cloud (rebranded 2021) |
| Frameworks | Aura (legacy) or LWR (Lightning Web Runtime) |
| Each Site Has | Its own URL, Guest User Profile, and configuration |
| Data Source | Tightly integrated with Salesforce CRM objects |
🌍 Real World Example
At XYZ Company, the customer-facing order tracking portal built on Experience Cloud lets buyers log in and check their order status — all powered by Salesforce data, without them ever seeing the internal org.
🎤 One-Line Answer for Interview
"Experience Cloud is Salesforce's platform to build external-facing portals and websites connected to Salesforce data, for customers, partners, and employees — formerly known as Community Cloud."
Q
Question 02 · 🟢 Basic
What are some common use cases of Experience Cloud?
✅ Answer
Experience Cloud is used wherever you need external users to interact with Salesforce data in a branded, controlled environment — the use case drives your template and license choice. 🎯
📋 Common Use Cases
| Use Case | Who It's For | Example |
|---|---|---|
| Customer Self-Service Portal | End customers | Raise & track support cases |
| Partner Portal | Resellers / distributors | Deal registration, MDF claims |
| Employee Portal | Internal staff (non-SF users) | HR requests, IT helpdesk |
| B2B Commerce | Buyers | Product catalog, order placement |
| Knowledge Base / Help Center | Anyone (public) | FAQs, product documentation |
| Event Portal | Attendees | Registration, schedules |
| Vendor / Supplier Portal | Vendors | Invoice submission, PO tracking |
🔑 Key Points for Interviewer
- 🔥Most orgs use it primarily for Customer Self-Service or Partner Portal
- 💡Use case drives which template and license type you choose
- 💡Can combine multiple use cases in one org with multiple sites
🎤 One-Line Answer for Interview
"Common use cases include customer self-service portals, partner portals, employee intranets, B2B commerce, and public knowledge bases — the use case determines the template and license type."
Q
Question 03 · 🟠 Intermediate
What are the different types of Experience Cloud licenses available in Salesforce?
✅ Answer
Salesforce offers several license types for Experience Cloud, each with different access levels, sharing model support, and pricing — choose based on volume, data access needs, and budget. 📋
📋 License Comparison
| License | Best For | Record Access | Roles? |
|---|---|---|---|
| Customer Community | High-volume B2C | Sharing Sets only | ❌ No |
| Customer Community Plus | B2C needing more access | Full sharing model | ✅ Yes |
| Partner Community | Resellers / distributors | Full CRM (opps, leads) | ✅ Yes |
| External Apps | Custom portals, non-CRM | Flexible | Optional |
| Channel Account | Large partner orgs | Similar to Partner | ✅ Yes |
✅❌ What License Type Controls
- ✅Customer Community — cheapest, ideal for millions of users, uses Sharing Sets (no roles)
- ✅Customer Community Plus — adds role hierarchy support, more sharing options
- ✅Partner Community — full CRM access for partners (opportunities, leads, quotes)
- ✅External Apps — most flexible, used for custom non-CRM portals
- ❌Customer Community does NOT support role-based sharing
- ❌Partner Community is NOT cost-effective for high-volume B2C scenarios
🌍 Real World Example
At XYZ Company, the customer portal uses Customer Community licenses since customers only need to view their orders — while distributor partners use Partner Community to access leads and opportunities.
🔑 Key Points for Interviewer
- 🔥License type is assigned per user on their User record
- 💡License type determines what profiles you can assign to external users
- 💡Choose based on: volume of users, type of data access, and budget
🎤 One-Line Answer for Interview
"Experience Cloud licenses include Customer Community, Customer Community Plus, Partner Community, and External Apps — each differing in access level, sharing model support, and cost. Customer Community has no roles; Customer Community Plus and Partner Community do."
Q
Question 04 · 🟠 Intermediate
What is the difference between Member-Based licenses and Login-Based licenses?
✅ Answer
These are two billing models for Experience Cloud licenses — they determine how you pay, not what the user can access. Member = flat fee per user; Login = pay per session. ⚖️
📋 Side-by-Side Comparison
| Aspect | Member-Based | Login-Based |
|---|---|---|
| Billing Model | Flat monthly fee per named user | Pay per login session (credit) |
| Login Frequency | Unlimited logins | Each login consumes 1 credit |
| Best For | Frequent / daily users | Infrequent / occasional users |
| Cost Efficiency | Better for high-engagement portals | Better for seasonal / rare users |
| Session Duration | N/A | 1 login = 24-hour session |
✅❌ What This Actually Controls
- ✅Member-Based — better for partner portals and employee portals (daily use)
- ✅Login-Based — better for customers who log in twice a year
- ❌Login-Based is NOT always cheaper — if users log in frequently, costs add up fast
- ❌Login credits come in packs purchased from Salesforce — plan ahead
🌍 Real World Example
A distributor who logs in every day to check orders → Member-Based. A customer who logs in twice a year to raise a complaint → Login-Based.
🎤 One-Line Answer for Interview
"Member-based licenses charge a flat fee per named user with unlimited logins, while login-based licenses charge per login session — login-based is cost-effective for infrequent users; member-based for daily active users."
Q
Question 05 · 🔴 Advanced
What is Account Role Optimization (ARO)?
✅ Answer
ARO prevents role hierarchy bloat by creating account roles only when needed — instead of creating 3 roles upfront for every single Account in the org. 🚀
📌 The Problem ARO Solves
// Without ARO (default behaviour)
10,000 Accounts in org
→ Salesforce creates 3 roles per Account automatically
→ 10,000 × 3 = 30,000 roles created UPFRONT
→ Even if ZERO community users exist!
→ Causes: slow sharing recalculations, TooManyLockFailure errors
// With ARO enabled
10,000 Accounts in org
→ Roles created ONLY when a community user is actually enabled under that account
→ 500 active community users = only ~1,500 roles
→ Much faster, much cleaner ✅
📋 ARO Details
| Aspect | Detail |
|---|---|
| Where to Enable | Setup → Digital Experiences → Settings → Account Role Optimization |
| Applies To | Customer Community Plus & Partner Community (role-based licenses only) |
| Does NOT Apply To | Customer Community (no roles) |
| Salesforce Recommendation | Enable BEFORE creating external users at scale |
✅❌ What ARO Controls
- ✅Reduces total role count in the org drastically
- ✅Improves performance of sharing rule recalculations
- ✅Recommended for all orgs with Partner Community or Cust. Community Plus
- ❌Does NOT apply to Customer Community (high-volume) users — no roles involved
🌍 Real World Example
An org with 50,000 customer accounts was experiencing slow data loads and sharing recalculation timeouts. Enabling ARO reduced their role count from 150,000 down to a few thousand — resolving the performance issues entirely.
🎤 One-Line Answer for Interview
"ARO prevents role hierarchy bloat by creating account roles only when a community user is actually enabled under that account, rather than creating 3 roles for every account upfront — critical for orgs with large account volumes."
Q
Question 06 · 🟠 Intermediate
What are the different types of templates available in Experience Cloud?
✅ Answer
Experience Cloud offers pre-built templates that define the structure, framework (Aura or LWR), and use-case focus of your site — and the template choice is permanent after site creation. 🎨
📋 Template Comparison
| Template | Framework | Best For |
|---|---|---|
| Build Your Own (LWR) | LWR | Fully custom modern sites |
| Build Your Own (Aura) | Aura | Custom sites with legacy support |
| Customer Account Portal | Aura | Customer self-service |
| Customer Service | Aura | Case management, knowledge base |
| Partner Central | Aura | Partner portals (deals, leads) |
| Help Center | Aura | Public knowledge base (no login) |
| Microsites (LWR) | LWR | Lightweight marketing sites |
| Aloha | Aura | App launcher for internal/external |
✅❌ What Template Choice Controls
- ✅Determines the underlying framework (Aura vs LWR)
- ✅Sets up pre-built pages (Home, Login, Record Detail, etc.)
- ✅Influences which standard components are available in Builder
- ❌You CANNOT change the template after a site is created
- ❌LWR templates do NOT support Aura components
🌍 Real World Example
At XYZ Company, the customer order tracking portal was built using the Customer Account Portal template — it came with a pre-configured Home page, Login page, and Account detail pages out of the box.
🔑 Key Points for Interviewer
- 🔥LWR (Lightning Web Runtime) templates are the modern, recommended approach — better performance, SEO, and caching
- 🔥Template choice is permanent — plan carefully before creating the site
- 💡For new sites, always default to LWR unless you have specific Aura component dependencies
🎤 One-Line Answer for Interview
"Experience Cloud templates include Build Your Own (LWR/Aura), Customer Account Portal, Customer Service, Partner Central, Help Center, and Microsites — template choice determines the framework (Aura vs LWR) and is permanent after site creation."
Q
Question 07 · 🟠 Intermediate
What are the different types of Workspaces available in Experience Cloud?
✅ Answer
Workspaces are admin-only sections within Experience Builder that organize different management tools — design, members, content, moderation, analytics, and gamification are all separate workspaces. 🖥️
📋 All Workspaces
| Workspace | Purpose |
|---|---|
| Builder | Drag-and-drop page design, component placement, themes |
| Administration | Site settings, login config, emails, security, members |
| Content Management (CMS) | Manage CMS content (news, articles, banners) |
| Moderation | Review flagged content, set moderation rules |
| Analytics | View site usage, page performance, member activity |
| Gamification | Configure points, badges, reputation levels |
| Members | Add/remove members, manage member access |
✅❌ What Workspaces Actually Control
- ✅Builder — where all page design and component placement happens
- ✅Administration — login, email, security, URL, Guest User settings
- ✅Moderation workspace — only appears if moderation is enabled
- ❌Workspaces are NOT visible to end users — admin-only
- ❌Not all workspaces appear for every template type
🌍 Real World Example
When setting up a new partner portal, you'd use Administration to configure the login page and member profiles, Builder to design pages and place LWC components, and Analytics to monitor adoption after launch.
🎤 One-Line Answer for Interview
"Experience Cloud workspaces include Builder, Administration, Content Management, Moderation, Analytics, Gamification, and Members — each managing a different aspect of the site, all admin-only and not visible to end users."
Q
Question 08 · 🔴 Advanced
What happens when there is higher than usual traffic on your Experience Cloud site?
✅ Answer
Salesforce enforces bandwidth and request limits — if traffic spikes beyond your org's allocated limits, users may experience throttling, slow responses, or a 503 "Service Unavailable" page. ⚠️
📋 What Happens + How to Mitigate
| Situation | Impact | Solution |
|---|---|---|
| Bandwidth limit exceeded | Slow responses or 503 errors | Enable CDN caching |
| Too many Apex calls from LWC | Governor limit errors | Optimize queries, use caching |
| LWR site under high load | Better handled via built-in CDN | Use LWR over Aura for public sites |
| Aura site under high load | More vulnerable, no built-in CDN | Enable page caching in Builder |
✅❌ What This Actually Controls
- ✅LWR sites handle high traffic better due to built-in CDN and page-level caching
- ✅Enabling CDN in Administration workspace reduces origin server load significantly
- ✅Guest user pages (no login required) can be fully cached at CDN level
- ❌Authenticated pages CANNOT be fully cached — they contain user-specific data
- ❌Salesforce does NOT auto-scale compute for you — site design matters
🌍 Real World Example
A public-facing product catalog site saw 503 errors during a trade show campaign spike. Enabling LWR + CDN caching reduced origin calls by ~70% and resolved the issue completely without any code changes.
🔑 Key Points for Interviewer
- 🔥Salesforce recommends LWR + CDN for all high-traffic public sites
- 💡Page Caching can be configured per-page in Experience Builder settings
- 💡For very high traffic, consider Headless / Composable Storefront patterns
🎤 One-Line Answer for Interview
"During traffic spikes, Salesforce may throttle requests or return 503 errors. The mitigation is enabling CDN and page caching in the Administration workspace, and using LWR templates which have built-in CDN support — Aura sites are more vulnerable to traffic spikes."
Q
Question 09 · 🟠 Intermediate
What is the difference between Single Sign-On (SSO) and Social Sign-On?
✅ Answer
Both allow users to log in without a Salesforce-native password — but they use different identity providers and target different audiences. SSO = corporate identity; Social Sign-On = consumer identity. 🔐
📋 SSO vs Social Sign-On
| Aspect | Single Sign-On (SSO) | Social Sign-On |
|---|---|---|
| Protocol | SAML 2.0 or OAuth 2.0 | OAuth 2.0 (via social platform) |
| Identity Provider | Corporate IdP (Okta, Azure AD, ADFS) | Google, Facebook, LinkedIn, Twitter |
| Target Users | Employees, partners with corporate accounts | External customers / consumers |
| Use Case | Partner/Employee portal with corporate login | Customer portal with social login |
| Setup | Auth. Provider + SSO config in Salesforce | Auth. Provider (social) + Registration Handler |
✅❌ What This Actually Controls
- ✅SSO — best for partners/employees who have corporate identity systems (Okta, Azure AD)
- ✅Social Sign-On — best for B2C customers who prefer not to create new accounts
- ✅Both require an Authentication Provider configured in Salesforce Setup
- ✅Both use a Registration Handler Apex class to map external identity to a Salesforce user
- ❌Social Sign-On does NOT verify corporate identity
🌍 Real World Example
A pharma company uses SSO (Azure AD) for their internal employee portal — staff log in with their Microsoft credentials. Their public customer portal uses Social Sign-On (Google) so customers can log in with Gmail without creating a new account.
🔑 Key Points for Interviewer
- 🔥Both require an Auth. Provider and a Registration Handler Apex class
- 💡SSO can also be used for Just-In-Time (JIT) provisioning — auto-create users on first login
- 💡Registration Handler maps the external identity to a Salesforce User record
🎤 One-Line Answer for Interview
"SSO uses a corporate Identity Provider like Azure AD for authenticated employees and partners, while Social Sign-On uses platforms like Google or Facebook for consumer-facing portals — both require an Auth Provider and a Registration Handler Apex class in Salesforce."
Q
Question 10 · 🔴 Advanced
What are Sharing Sets and how are they different from Sharing Rules in Salesforce?
✅ Answer
Sharing Sets are for high-volume portal users who have no roles — they grant access to records related to the user's Account/Contact. Sharing Rules work via role hierarchy for internal users. 🔑
📋 Sharing Sets vs Sharing Rules
| Aspect | Sharing Sets | Sharing Rules |
|---|---|---|
| For Whom | External/community users (no roles) | Internal users (with roles) |
| Based On | Account/Contact field match | Role, group, or criteria |
| Mechanism | Match user's Account/Contact → grant access | Extend access to roles/groups |
| Location | Setup → Digital Experiences → Sharing Sets | Setup → Sharing Settings |
| License | Customer Community (no-role) users only | All internal users |
| Object Requirement | Object must have Account or Contact lookup | Any object |
✅❌ What Sharing Sets Actually Control
- ✅Give community users access to records related to their Account or Contact
- ✅Example: User's Account = "ABC Corp" → sees all Cases where Account = "ABC Corp"
- ❌Do NOT work for Customer Community Plus or Partner Community (they have roles)
- ❌CANNOT grant access to records unrelated to the user's Account/Contact
- ❌Sharing Rules do NOT work for high-volume portal users (no roles to target)
🌍 Real World Example
At XYZ Company, Customer Community users can view all Orders linked to their Account using a Sharing Set — without any manual record sharing or role configuration.
🔑 Key Points for Interviewer
- 🔥Sharing Sets work only on objects with a direct lookup to Account or Contact
- 💡For objects without that lookup, use Share Groups (see Q11)
- 💡Customer Community Plus and Partner Community users use standard Sharing Rules — they have roles
🎤 One-Line Answer for Interview
"Sharing Sets grant Community (no-role) users access to records related to their Account or Contact, while Sharing Rules extend access via role hierarchy for internal users — Sharing Sets are the only sharing mechanism for high-volume Customer Community users."
Q
Question 11 · 🔴 Advanced
What are Share Groups?
✅ Answer
Share Groups allow internal users to see records owned by high-volume portal users — the reverse of Sharing Sets. Sharing Sets give portal users access to records; Share Groups give internal users access to portal-user-owned records. 👥
📌 Key Concept — Direction of Sharing
| Feature | Direction of Sharing | Who Benefits |
|---|---|---|
| Sharing Sets | Org records → Community User | Portal users get access to records |
| Share Groups | Portal User's records → Internal Users | Internal users see portal-owned records |
✅❌ What Share Groups Actually Control
- ✅Allow internal users/groups to see records owned by portal users
- ✅Used when a community user creates a record and an internal agent needs to see it
- ✅Configured per portal user profile under Sharing Settings
- ❌Share Groups do NOT give portal users access to more records (that's Sharing Sets)
- ❌NOT available for Customer Community Plus or Partner Community (they have roles)
🌍 Real World Example
A customer submits a quality complaint via the portal (creating a Case owned by their community user profile). Without Share Groups, the internal support team cannot see this Case. A Share Group on the portal profile makes it visible to internal agents immediately.
🔑 Key Points for Interviewer
- 🔥Share Groups are found under Setup → Sharing Settings → Share Groups (per portal profile)
- 💡Only apply to high-volume portal users (Customer Community license)
- 💡Sharing Sets = inbound access for portal users; Share Groups = outbound visibility for internal users
🎤 One-Line Answer for Interview
"Share Groups allow internal users to see records owned by high-volume portal users who don't have roles — it's the reverse of Sharing Sets. Sharing Sets give portal users access to org records; Share Groups give internal users access to portal-user-owned records."
Q
Question 12 · 🟠 Intermediate
What is the process to set up users for community sites?
✅ Answer
Setting up a community user requires steps across both the Experience Cloud site setup and the CRM record level — a Contact linked to an Account is mandatory. 🔧
📋 Step-by-Step Process
| Step | Action | Where |
|---|---|---|
| 1 | Enable Experience Cloud | Setup → Digital Experiences → Settings |
| 2 | Create & publish the site | Digital Experiences → New |
| 3 | Enable the profile for the site | Administration → Members → Add Profile |
| 4 | Ensure Contact exists with an Account | CRM — Account & Contact records |
| 5 | Enable Contact as community user | Contact record → Enable Customer/Partner User button |
| 6 | Assign license, profile, and role (if applicable) | User record |
| 7 | User receives welcome email with login link | Auto-sent by Salesforce |
✅❌ What This Actually Controls
- ✅Contact must be linked to an Account — required for community user creation
- ✅Profile must be added to the site's member list before you can assign it
- ✅Partner users are enabled via Enable Partner User; customers via Enable Customer User
- ❌You CANNOT create a community user without a Contact record
- ❌You CANNOT use a standard internal Salesforce profile for external users
🌍 Real World Example
When onboarding a new distributor to the partner portal at XYZ Company, the sales team creates an Account + Contact in Salesforce, then clicks Enable Partner User on the Contact to create their login credentials automatically.
🔑 Key Points for Interviewer
- 🔥The Contact → User relationship is mandatory — no Contact = no community user
- 💡The profile must be an external/community profile, not a standard internal one
- 💡For automation at scale, use Flow or Apex to auto-enable contacts as users
🎤 One-Line Answer for Interview
"Setting up community users requires enabling the site, creating a Contact under an Account, adding the profile to the site's member list, and clicking Enable Customer/Partner User on the Contact record — no Contact means no community user."
Q
Question 13 · 🟠 Intermediate
How can you expose an LWC to a community?
✅ Answer
By setting
isExposed: true and adding lightningCommunity__Page as a target in the component's .js-meta.xml file — this makes it drag-and-droppable in Experience Builder. ✅📌 The Meta XML Configuration
<!-- myComponent.js-meta.xml -->
<LightningComponentBundle xmlns="http://soap.sforce.com/2006/04/metadata">
<apiVersion>59.0</apiVersion>
<isExposed>true</isExposed>
<targets>
<target>lightningCommunity__Page</target> <!-- Makes it draggable in Builder -->
<target>lightningCommunity__Default</target> <!-- Enables config panel in Builder -->
</targets>
<targetConfigs>
<targetConfig targets="lightningCommunity__Default">
<!-- custom properties go here -->
</targetConfig>
</targetConfigs>
</LightningComponentBundle>
📋 Target Reference
| Target | Purpose |
|---|---|
| lightningCommunity__Page | Makes it available on Experience Builder pages |
| lightningCommunity__Default | Enables property configuration in Builder right panel |
| lightningCommunity__Theme_Layout | For custom theme layout components |
✅❌ What This Actually Controls
- ✅
isExposed: true— required for component to appear anywhere in Builder - ✅
lightningCommunity__Page— makes it drag-and-droppable on pages - ✅For LWR sites — component must also be LWR-compatible (no Aura dependencies)
- ❌Without these targets, the component will NOT appear in Experience Builder at all
- ❌Re-deploying the meta XML is enough — no additional clicks needed in Setup
🌍 Real World Example
The Order Tracking LWC at XYZ Company was exposed to the customer portal by simply adding lightningCommunity__Page to its meta XML and deploying — the admin could then drag it onto any page in Experience Builder.
🎤 One-Line Answer for Interview
"To expose an LWC to a community, set isExposed to true and add lightningCommunity__Page as a target in the component's .js-meta.xml file — this makes it drag-and-droppable in Experience Builder with no other configuration needed."
Q
Question 14 · 🔴 Advanced
I have a Lightning Web Component placed on a record page in the community. I am not able to get the recordId in the LWC. What could be the issue?
✅ Answer
Most likely the component is missing the
@api recordId declaration, OR it is placed on a generic content page rather than an object-specific Record Detail page in Experience Builder. ⚠️📋 Possible Causes & Fixes
| Issue | Cause | Fix |
|---|---|---|
| recordId is undefined | @api recordId not declared in JS | Add @api recordId; to the component |
| Component not receiving context | Wrong target in meta XML | Add lightningCommunity__Page target |
| Page isn't a record page | Generic page used instead of Record Detail | Place on object-specific Record Detail page in Builder |
| LWR site context issue | LWR URL-based routing | Use @wire(CurrentPageReference) to extract recordId from URL |
✅❌ What This Actually Controls
- ✅
@api recordId;must be declared as a public property — it receives the Id from page context - ✅Page must be an object-specific Record Detail page, not a generic home or content page
- ✅For LWR sites — use
@wire(CurrentPageReference)to read recordId from the page URL state - ❌Placing on a generic page = no recordId passed by the framework ever
- ❌Missing
@api recordId;= prop ignored even if the page tries to pass it
🌍 Real World Example
An Order tracking LWC was placed on a generic community content page — recordId was always null. Fix: moved it to the Order Record Detail page in Experience Builder and added @api recordId; in the JS — worked immediately.
🔑 Key Points for Interviewer
- 🔥Always verify the page type in Experience Builder — record pages show the object name in the page list
- 💡In LWR,
@api recordIdworks the same IF on a proper record detail page - 💡This is a very common real-world bug — know it cold for interviews
🎤 One-Line Answer for Interview
"The issue is either a missing @api recordId declaration in the component JS, or the component is placed on a generic content page rather than an object-specific Record Detail page in Experience Builder — both are equally common causes."
Q
Question 15 · 🔴 Advanced
How can you create configurable components for the community?
✅ Answer
Using
targetConfigs and <property> elements in the meta XML — these expose an admin-friendly config panel on the right side of Experience Builder with no-code property editing. ✅📌 The Meta XML Configuration
<targetConfigs>
<targetConfig targets="lightningCommunity__Default">
<property name="title" type="String" label="Card Title" default="Welcome" />
<property name="recordLimit" type="Integer" label="Records to Show" default="5" />
<property name="showHeader" type="Boolean" label="Show Header" default="true" />
</targetConfig>
</targetConfigs>
📌 And in the JS File
import { LightningElement, api } from 'lwc';
export default class MyComponent extends LightningElement {
@api title;
@api recordLimit;
@api showHeader;
}
📋 Property Types Available
| Property Type | Use Case |
|---|---|
| String | Labels, titles, custom text inputs |
| Integer | Limits, counts, thresholds |
| Boolean | Toggle features on/off |
| ContentReference | Link to a Salesforce CMS content item |
| SalesforceContentResource | Link to a static resource |
✅❌ What This Actually Controls
- ✅Each
<property>appears as an input field in Builder's right-hand config panel - ✅Admin can configure values without touching code — changes saved to page layout
- ✅You can also use
datasourceto populate a dropdown from an Apex method - ❌Without
targetConfigs, no config panel appears in Builder for that component - ❌Properties MUST also be declared with
@apiin JS to receive the value
🌍 Real World Example
The Order List LWC at XYZ Company has a configurable recordLimit property — the admin changes how many orders display per page directly in Experience Builder without involving a developer.
🎤 One-Line Answer for Interview
"Configurable community components are created using targetConfigs and property elements in the meta XML, combined with @api decorated properties in the JS — these appear as a config panel in Experience Builder allowing admins to customize the component without code."
Q
Question 16 · 🔴 Advanced
What are the main limitations of using an LWR community?
✅ Answer
LWR communities are more modern and performant, but they are LWC-only — no Aura components, no Visualforce, no Lightning Out, and fewer standard components compared to Aura sites. ⚠️
📋 Key Limitations
| Limitation | Detail |
|---|---|
| ❌ No Aura Components | LWR only supports LWC — all Aura must be rebuilt |
| ❌ No Visualforce Pages | VF cannot be embedded in LWR sites |
| ❌ No Lightning Out | Cannot embed Aura apps in LWR |
| ❌ Limited Standard Components | Fewer out-of-box components vs Aura sites |
| ❌ Partial Flow Support | Standard Flow screens work; some actions limited |
| ⚠️ Strict CSS Isolation | Shadow DOM enforcement, harder global styling |
| ⚠️ Complex Theming | Design Tokens required — no simple CSS overrides |
✅ Where LWR Excels
- ✅Page load performance — significantly faster than Aura
- ✅Built-in CDN and page-level caching for public pages
- ✅SEO-friendly — better server-side rendering support
- ✅PWA (Progressive Web App) support
- ✅Salesforce's strategic direction — new features land here first
🌍 Real World Example
When XYZ Company considered migrating the customer portal to LWR, the blocker was an existing Aura-based product catalog component — it would need to be fully rewritten as LWC before migration could proceed.
🔑 Key Points for Interviewer
- 🔥LWR is the future direction — Aura sites still supported but no major new features
- 💡For new sites, always default to LWR unless you have specific Aura dependencies
- 💡The migration cost from Aura to LWR is the main blocker for existing orgs
🎤 One-Line Answer for Interview
"LWR communities don't support Aura components, Visualforce pages, or Lightning Out — they are LWC-only, which is a significant migration challenge for orgs with legacy Aura investments, despite LWR's superior performance and CDN caching."
Q
Question 17 · 🟠 Intermediate
What is the Head Markup for a community?
✅ Answer
Head Markup allows you to inject custom HTML into the <head> tag of every page on your Experience Cloud site globally — without modifying any individual page template. 🧩
📌 Where to Find It
Experience Builder → Administration Workspace → Advanced → Head Markup
📋 Common Uses
| Use Case | Example |
|---|---|
| Analytics Tracking | Google Analytics / GTM script tag |
| Custom Fonts | Google Fonts <link> tag |
| SEO Meta Tags | Description, Open Graph, Twitter Card tags |
| Custom CSS | Global styles not supported by site theme |
| Third-Party Chat / Widget | Intercom, Drift, Zendesk widget script |
✅❌ What Head Markup Actually Controls
- ✅Applies to all pages of the site — site-wide scope
- ✅Supports
<script>,<link>,<meta>,<style>tags - ✅Renders in the HTML
<head>before page content loads - ❌CANNOT be configured per-page — it applies to every page of the site
- ❌Scripts injected here run for both authenticated and guest users equally
🌍 Real World Example
At XYZ Company's customer portal, Google Analytics tracking was added via Head Markup — a single <script> tag that tracks all page views across the entire site without modifying any individual page.
🔑 Key Points for Interviewer
- 🔥Head Markup is site-wide — for per-page scripts, you'd need a custom LWC component on that page
- 💡Large scripts in Head Markup impact page load performance for every page — use carefully
- 💡CSP (Content Security Policy) settings may block some third-party scripts in LWR sites
🎤 One-Line Answer for Interview
"Head Markup lets you inject custom HTML into the site's head tag globally for all pages — commonly used for analytics scripts like GTM, custom fonts, and third-party chat widgets. It's configured in the Administration workspace under Advanced settings."
Q
Question 18 · 🟠 Intermediate
What is Moderation and Gamification in a community site?
✅ Answer
Moderation manages and controls user-generated content for safety. Gamification drives community engagement through points, badges, and reputation levels. Both are configured in dedicated Experience Builder workspaces. 🛡️🎮
🛡️ Moderation — Content Safety
| Feature | Details |
|---|---|
| Flagging | Users/admins can flag inappropriate content for review |
| Moderation Rules | Auto-flag/block/replace content with specific keywords |
| Criteria | Based on keywords, URLs, content type |
| Actions | Flag for review, block, replace text, freeze user account |
| Moderation Queue | Admin reviews flagged content before it's published |
🎮 Gamification — User Engagement
| Feature | Details |
|---|---|
| Points | Earn points for posting, answering, liking, sharing |
| Badges | Custom badges awarded manually or via automated rules |
| Reputation Levels | Thresholds (e.g. 100 pts = Contributor, 500 = Expert) |
| Leaderboard | Ranks most active members publicly |
✅❌ What Each Controls
- ✅Moderation — auto-flag posts with banned keywords, block content until reviewed
- ✅Gamification — drives peer-to-peer help, reducing load on support agents
- ❌Moderation does NOT proactively scan historical content — only new content
- ❌Gamification does NOT directly integrate with standard CRM objects like Opportunity
🌍 Real World Example
A medical device company's customer community uses Gamification — top contributors who answer questions about product usage earn "Expert" badges, reducing the load on paid support agents significantly.
🎤 One-Line Answer for Interview
"Moderation manages user-generated content through flagging and keyword-based auto-rules for safety; Gamification drives engagement through points, badges, and reputation levels — both are configured in dedicated workspaces in Experience Builder."
Q
Question 19 · 🔴 Advanced
What is External OWD in the Experience Cloud site?
✅ Answer
External OWD is a separate set of default sharing settings specifically for external/portal users — independent of internal OWD. It controls what community users see by default, and can only be equal to or more restrictive than internal OWD. 🔒
📋 How External OWD Works
| Object | Internal OWD | External OWD | Result |
|---|---|---|---|
| Account | Private | Private | Both: own records only |
| Case | Public Read/Write | Private | Internal: open; External: own cases only |
| Knowledge | Public Read Only | Public Read Only | Both: can see all articles |
✅❌ What External OWD Actually Controls
- ✅Controls what external/portal users see by default before any sharing rules apply
- ✅Applies to Customer Community Plus and Partner Community users (with roles)
- ✅External OWD can be equal to or more restrictive than internal OWD — never more permissive
- ❌Does NOT apply to Customer Community (high-volume) users — they rely on Sharing Sets
- ❌You CANNOT set External OWD more permissive than Internal OWD
📌 Where to Find It
Setup → Sharing Settings
→ (Only visible when Experience Cloud is enabled)
→ Default External Access column appears next to Default Internal Access
🔑 Key Points for Interviewer
- 🔥Most asked trap: "Can External OWD be more open than Internal OWD?" → Answer: No, it cannot
- 💡External OWD + Sharing Sets + Sharing Rules work together to build the complete external sharing model
- 💡External OWD column only appears in Setup when at least one Experience Cloud site exists
🎤 One-Line Answer for Interview
"External OWD is a separate set of default sharing settings for portal users, independent of internal OWD — it can be equal to or more restrictive than internal OWD but never more permissive, and it works alongside Sharing Sets and Sharing Rules to govern external user access."
Q
Question 20 · 🔴 Advanced
A guest user visits my site but is unable to view any data displayed via an LWC. What could be the possible reason?
✅ Answer
Multiple possible causes — guest users are unauthenticated and have the most restrictive access in Salesforce. Every layer — profile, FLS, OWD, sharing, and Apex — must be explicitly configured for them. ⚠️
📋 Possible Causes & Fixes
| Layer | Cause | Fix |
|---|---|---|
| Profile | No object permission on Guest User Profile | Add Read access to the object on Guest Profile |
| FLS | Fields not visible on Guest User Profile | Enable Read on required fields in Guest Profile |
| External OWD | Object OWD too restrictive for external | Change External OWD to Public Read Only |
| Sharing Rule | No Guest User Sharing Rule exists | Create a criteria-based Guest User Sharing Rule |
| Site Setting | Guest user visibility not enabled | Administration → Preferences → Enable guest visibility |
| Apex | Controller using with sharing | Use without sharing carefully for guest scenarios |
✅❌ What This Actually Controls
- ✅Guest User Profile must have Read on the object — first thing to check
- ✅FLS must be enabled for every field the LWC queries
- ✅Records must be accessible via OWD or a dedicated Guest User Sharing Rule
- ❌Guest users CANNOT see private records without explicit sharing configuration
- ❌Apex with
with sharingwill enforce sharing model — if guest has no access, query returns empty silently
🌍 Real World Example
A public product catalog LWC returned no data for guest users despite working fine for logged-in users internally. Fix: Added Read permission on the Product object to the Guest User Profile + changed Product External OWD to Public Read Only.
🔑 Key Points for Interviewer
- 🔥Start debugging by checking Guest User Profile permissions first — it's the most common cause
- 💡Then check FLS → External OWD → Sharing Rule → Apex sharing mode in that order
- 💡This is a layered security problem — all layers must be correctly configured
🎤 One-Line Answer for Interview
"Guest users can't view data if the Guest User Profile lacks object or field permissions, External OWD is too restrictive, or no Guest User Sharing Rule exists — it's a multi-layer security issue and all layers must be checked in sequence."
Q
Question 21 · 🔴 Advanced
How will you provide access to records to guest users for the community?
✅ Answer
Guest users can be given record access through a combination of External OWD settings, Guest User Sharing Rules, and profile permissions — they cannot use role-based or manual sharing mechanisms. 🔑
📋 Methods to Grant Guest User Record Access
| Method | How | Best For |
|---|---|---|
| External OWD = Public Read Only | Setup → Sharing Settings → change External OWD | Expose all records of an object publicly |
| Guest User Sharing Rules | Criteria-based sharing rule targeting Guest User group | Expose only specific records (e.g. Published = true) |
| Object Profile Permissions | Give Read/Create on object in Guest User Profile | Required alongside any of the above |
| Apex without sharing | Bypass sharing model in LWC controller | Dynamic data scenarios |
✅❌ What This Actually Controls
- ✅OWD = Public Read Only → all guest users can read all records of that object
- ✅Guest User Sharing Rules → expose only records where e.g.
Status = 'Published' - ✅Profile permissions → mandatory regardless of which sharing method you use
- ❌Guest users CANNOT own records (unless explicitly enabled per object in site settings)
- ❌Guest users CANNOT be members of public groups or queues
🌍 Real World Example
A public knowledge base exposes Articles to guests via External OWD = Public Read Only on Knowledge object. A product catalog exposes only Published = true products using a Guest User Sharing Rule — giving fine-grained control without opening all products.
🔑 Key Points for Interviewer
- 🔥Guest User Sharing Rules were introduced specifically for Experience Cloud guest access — mention this
- 💡Salesforce has tightened guest user security in recent releases — some older workarounds no longer work
- 💡Always follow principle of least privilege for guest users — only expose what's needed
🎤 One-Line Answer for Interview
"Guest users get record access through External OWD set to Public Read Only for broad access, or via Guest User Sharing Rules for selective access — combined with profile-level object and field permissions which are always mandatory."
Q
Question 22 · 🟠 Intermediate
What is the profile of a guest user?
✅ Answer
Every Experience Cloud site automatically generates a dedicated Guest User Profile — it controls all permissions for unauthenticated visitors, has zero access by default, and must be explicitly configured. 👤
📋 Guest User Profile Characteristics
| Aspect | Detail |
|---|---|
| Auto-Generated | Created automatically when the site is created |
| Name Format | [Site Name] Guest User |
| One Per Site | Each site has its own unique guest profile |
| Cannot Be Shared | Profile is exclusive to that site — not reusable |
| Assigned Automatically | All unauthenticated visitors use this profile |
| Default Permissions | Zero — must be manually configured |
✅❌ What the Guest User Profile Controls
- ✅Object permissions (Read, Create) for guest-accessible objects
- ✅Field-Level Security (FLS) for fields visible to unauthenticated visitors
- ✅Apex class access (if LWC components use Apex controllers)
- ❌Cannot be cloned or repurposed for authenticated users
- ❌Cannot be deleted — it's tied to the site lifecycle permanently
📌 How to Edit
Experience Builder → Administration Workspace
→ Guest User Profile (link at the bottom)
→ Opens the profile directly in Setup
Note: Profile changes are IMMEDIATE — no site publish needed
🌍 Real World Example
XYZ Company's customer portal guest profile has Read access on Products and Knowledge — allowing unauthenticated visitors to browse the product catalog and FAQs without logging in.
🔑 Key Points for Interviewer
- 🔥Guest profile changes are immediate — no need to re-publish the site
- 💡Salesforce enforces strict defaults — you must explicitly enable every permission
- 💡Always test as a true guest user (incognito, logged out) — internal testing doesn't catch guest access issues
🎤 One-Line Answer for Interview
"Each Experience Cloud site has an auto-generated Guest User Profile that controls all permissions for unauthenticated visitors — it has zero access by default, must be explicitly configured, cannot be deleted, and its changes take effect immediately without re-publishing."
Q
Question 23 · 🔴 Advanced
We have an LWC which updates data based on user input. A guest user tries to update the data but is unable to do so. What could be the issue?
✅ Answer
Guest users have read-only access by default — write access requires explicit permission grants at multiple layers: profile, FLS, OWD, and a specific site-level setting to allow guest users to create/edit records. ⚠️
📋 Possible Causes & Fixes
| Layer | Issue | Fix |
|---|---|---|
| Profile | No Edit/Create permission on object | Enable Edit/Create on Guest User Profile |
| FLS | Fields not editable on Guest Profile | Enable Edit on required fields in Guest Profile |
| External OWD | Object set to Read Only for external | Set External OWD to Public Read/Write (use carefully) |
| Site Setting | Guest create/edit not enabled for object | Setup → Digital Experiences → [Site] → Allow Guest Users to Create Records |
| Sharing Rule | No write access via sharing rule | Update Guest User Sharing Rule to Read/Write |
| Apex | Controller uses with sharing | Use without sharing carefully for guest write ops |
✅❌ What This Actually Controls
- ✅Must enable: Setup → Digital Experiences → [Site] → Administration → Allow Guest Users to Create Records
- ✅AND: object-level Create/Edit permission on Guest Profile + FLS Edit on required fields
- ✅Salesforce tightened guest user write permissions from Summer '20 — this is a very common real-world issue
- ❌Even with all permissions, guest users CANNOT edit records they don't own without additional sharing
- ❌Guest users cannot update standard objects like Opportunity or Account in most configurations
🌍 Real World Example
A feedback form LWC allowed guest users to submit responses (insert a custom object record). The fix required enabling Create on the custom object in the Guest User Profile + enabling "Allow Guest Users to Create Records" for that object in site settings. Both were needed — neither alone was sufficient.
🔑 Key Points for Interviewer
- 🔥This is a multi-layer problem — Profile + FLS + OWD + site-level object settings must ALL align
- 🔥Salesforce Summer '20 introduced stricter guest user write permissions — mention this for credibility
- 💡Always test as a true guest user (incognito, logged out) — logged-in testing will never reproduce guest permission issues
🎤 One-Line Answer for Interview
"Guest user write failures are typically due to missing Edit/Create permission on the Guest User Profile, FLS restrictions on fields, or the 'Allow Guest Users to Create Records' site-level setting not being enabled — all layers must be checked since Salesforce tightened guest write permissions from Summer '20."