| Created | 09/29/2020 | Updated | 12/17/2021 |
| Description | The default access to the Inbound Form object is Public Read/Write, which allows any user within a given instance of Medical Information Cloud - Inquiry Management to view all Inbound Form records even if they are in a different region. This means that users have access to all PII contained within Inbound Form records. | | |
| Impacted Capabilities | None | Affected Apps | Medical Information Cloud - Classic Medical Information Cloud - Lightning |
| Affects Versions | None | Fix Version | MIC V11 |
| Steps to Reproduce | This issue is not immediately observable in the standard configuration as Inbound Forms are not easily accessible by Agents out of the box. Certain customizations may make Inbound Forms more accessible, which in turn would make this issue more observable. For those administrators looking to observe the issue, Inbound Forms can be enabled for Salesforce.com reporting and then accessed as a non-system administrator. For more details on how to enable objects and users for reporting, please refer to Salesforce.com documentation. | | |
| Workaround | Customers can change the default sharing model from Public Read/Write to Private without impacting the upgradability of the Medical Information Cloud - Inquiry Management application to V10. In the V11 release of Medical Information Cloud - Inquiry Management, Mavens is changing the Inbound Form object's default access to Private. For Customers whose users need access to Inbound Forms, Mavens recommends changing the sharing model to Private and adding sharing rules now so that users do not lose access to Inbound Forms in V10. To ensure users receive the appropriate access to Inbound Forms: 1. In the Quick Find box in Setup, search for and select Sharing Settings. 2. Change the Default Internal Access of the Inbound Form object from Public Read/Write to Private. 3. Create Inbound Form Sharing Rules that mirror the sharing rules on the Case and Request objects. | | |