Yep. I was pretty confused because I worked on a COVID scheduling app hosted on a Salesforce "Site" (guest user, public site, whatever terminology use for it nowadays). Salesforce recently then had pushed a guest user security update that restricted object permissions to read. The only way you could let an anonymous/guest user write/modify was to write explicit Apex (backend Java-like language for Salesforce) to do that logic.
Albeit, we had many Salesforce developers, but we were VERY focused on security. I was pretty happy with how it turned out, because other COVID vaccine providers in the area that were using Salesforce were struggling -- https://www.austinchronicle.com/news/2021-06-11/hellsite-aus...
If anyone is curious, the scheduler I worked on is https://vaccine.heb.com/scheduler . Don't work there anymore, but I love that team!
Albeit, we had many Salesforce developers, but we were VERY focused on security. I was pretty happy with how it turned out, because other COVID vaccine providers in the area that were using Salesforce were struggling -- https://www.austinchronicle.com/news/2021-06-11/hellsite-aus...
If anyone is curious, the scheduler I worked on is https://vaccine.heb.com/scheduler . Don't work there anymore, but I love that team!