Can community user query internal users of salesforce
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nobody else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.