The blog covers how to expose OmniScripts to external users via Experience Cloud (Salesforce portals/communities), but it jumps around between concepts. Here's what you actually need to do, in simple terms as mentioned in omnistudiofacts
The Three-Layer Permission Model
To make an OmniScript accessible to external users (like customers or partners using your Salesforce portal), you need to configure three permission layers.
1. Org-Wide Defaults (OWD) - Set Baseline Visibility
This controls what external users can see by default across your entire org. You need to:
Go to Setup → Sharing Settings
Click Edit on Organization-Wide Defaults
Search for all Omni-related objects (OmniProcess, OmniScript, etc.) and Vlocity objects
Set Default External Access to Public Read Only (or Public Read/Write if they need to create data)
Why this matters: Without this, external users are completely blocked from seeing OmniStudio elements, even if you grant other permissions.
2. Sharing Rules - Grant Access to Specific Records
OWD sets the baseline, but sharing rules open up access to actual OmniScript records. You need to create sharing rules for these objects:
Omni Process
Saved OmniScript
Vlocity OmniScript
Omni Data Transformation
Omni UI Card
Plus several DataRaptor-related objects (about 12 total)
How to set them up:
Go to Setup → Sharing Settings
For each object listed above, click New under its Sharing Rules section
Choose Guest user access, based on criteria
Set criteria: OwnerId or CreatedById Does Not Equal Null (this includes all records)
Share with: Your Experience Cloud community name
Access level: Read Only
Why this matters: Even if OWD allows visibility, sharing rules determine which specific OmniScript records external users can actually access.
3. Profile Permissions - Enable OmniStudio Features
The external user's profile (like "Customer Community User") needs these permissions enabled:
Critical permission:
Under General User Permissions, enable: "Enables consumers and partners to execute OmniScripts, DRs, and Cards through a Community or off the platform"
Additional permissions to grant:
Apex Class Access: Add all OmniStudio-related Apex classes
Custom Metadata Type Access: Enable OmniStudio custom metadata types
Object Permissions: Grant Read (and Edit if needed) on Omni/Vlocity standard and custom objects
Why this matters: This is the final switch that actually allows external users to execute OmniScripts - without it, nothing works even if data visibility is correct.
Below are not required but is recommended.
