Does anyone have experience of masking sensitive data in a sandbox?
Our organisation holds lots of sensitive data, specifically in the Account/Contact objects. We alos use multi sandboxes for development, and as a security step, would like to mask (de-sensitise) selected fields once we have refreshed our sandboxes from production. This refresh task would likely take place at regular intervals.
On doing a few web searches, I can't find as much info on this type of work as I would have expected. The only two solutions I can see at the moment are :
- Informatica Cloud data masking
Any advice/guidance greatly appreciated, thanks.
Set the wrong IP address on the System Administrator Profile and now all the System Administrators are locked out - any suggestions?
We've opened a case with Salesforce in the hope that they can help, but I thought I'd see if anyone else has made a similar mistake before and, if so, has any suggestions on how to handle it?
Any advice would be very welcome!
I understand that Identity Verification when enabled requires Salesforce users to verify their identity via Text or Email when logging in from an unrecognized browser or device.
I'm wondering if it is possible to require a user to verify their identity every time they login, regardless of whether they have previously logged in from a particular device or browser before?
All the documentation I've been able to find has only referenced verification from unrecognized browsers, etc.
Thank in advance!
What you can do as an admin is create a permission set, and then under system permissions, choose the appropriate 2-Factor authentication preferences you want. This trailhead (https://trailhead.salesforce.com/en/modules/identity_login/units/identity_login_2fa)walked me through it really well.
I do know that even though you can select on the Salesforce Authenticator app, "Always Verify from here" (which should ideally mean no more 2-factor authentication from that certain location), it still always asks me to verify from locations where I've selected that option. So that might do exactly what you're looking for here in requiring that users authenticate even if it is a required browser.
I hope that answers your question!
-T. Kruse Collins
It just means that a user profile with API enabled access can make API requests to your Salesforce org. If this permission is not enabled then they won't be able to make API requests to your instance. When I say API request it basically means accessing the data in your org through a backend mechanism.
If this permission is not enabled then these users won't be able to hit or fetch your data through any of the backend mechanisms. They can still login through the standard interface.
I hope that answers your question !
Limiting access to specific Accounts, Contacts and Cases for Enhanced Handling / Special Practices requirements
If anyone has details on what has worked well/not worked, or creative solutions, I'm all ears!
You can acheive that via Sharing Settings/OWD, Roles and Profiles.
You can create a Group with all US Users.
1. To share ther records - You can make OWD for your Org as Private and with Sharing Rules: share the data between the group memebers
2. In case records needs to be shared with everyone and only certain fields needs to be hidden - With Field Level Security at Profile level you can hide certain fields and Usrs of that profile will not be able ot see those field data in records.
Hope it helps!!
Thanks and Regards,
I have allowed "edit" on email opt out check box at the profile level. I also created a permission set, to allow edit of this checkbox. I have a small subset of support desk and call center users that need access to this, so the permission set would be better. Currently neither of these changes are allowing them to do so. check box is still locked.
Any assistance would be helpful.
I have been researching this topic quite a while now but could not get a definite answer.
The situation is as follows:
We have two kinds of Opportunities currently distinguished by record types.
One Type of Opp is only for B2C Opps and the other is for B2B Opps.
The employees handling the B2C Opps should not have any access to the B2B Opps and vice versa.
I know that record types are basically only used as "themes" and can not be used to restrict access but how would it be possible in this scenario to limit the access as described above?
Thanks for the help.
You are right record types do not control data access.
Since you want to restrict the data based on the record types, you will have to do the below
First make the OWD for Opportunities to Private
secondly, you will need to look into the role hierarchy ( the users in the higher rolle hiearchy will always have access to Opportunities that are owned by the Subordinates)
finally, in order to share the Opportunities within the teams, you will need to create Criteria based sharing rules based on the record type.
Could anyone help or has an idea how to fix? Any suggestions would be great :)
Please ask your colleague to add his/her IP into Network Access using following steps.
Setup -> Security Controls -> Network Access -> Trusted IP Ranges and Add his/her IP.
Also refer below articles
Set Trusted IP Ranges for Your Organization (https://help.salesforce.com/articleView?id=security_networkaccess.htm&language=en_US&type=0" target="_blank)
https://help.salesforce.com/articleView?id=users_profiles_epui_login_ip_ranges_edit.htm&language=en_US&type=0 (https://help.salesforce.com/articleView?id=users_profiles_epui_login_ip_ranges_edit.htm&language=en_US&type=0" target="_blank)
Identity Verification Code prompt appears on every login attempt (https://help.salesforce.com/articleView?id=000232553&type=1" target="_blank)
Would like to know under what security context does Process Builder run? Is it possible for a user to create/edit a record that launches Process Builder that updates another record they don't have the right to update? If it is possible, what happens? Does the user get an error, the sys admin, or nobody is notified.
In other words, is it possible for a user ti launch a Process Builder process that updates some data they don't have the right to update?
Thanks a lot!
However, if a Process is launching a Flow (which runs in system mode), the whole automation will ru in the system mode.
Hope that makes sense.