Ask Search:
Jen SmithJen Smith 
I have a small set of users who shouldn't have access to post on Chatter for compliance reasons. I would ideally like Chatter to be read-only for them but it seems like the options are basically On or Off with Chatter. My next best solution is to turn it off for them entirely and I thought I could turn it off at Profile level but when I went to do this, the Chatter Internal User checkbox under profile system permissions is on and not editable. Any suggestions please?
Best Answer chosen by Jen Smith
Amnon KruviAmnon Kruvi
Hi Jen,

Out of the box, there is no way to make Chatter read-only - just on or off, as you correctly identified.
However, since Chatter comments support triggers, you could block a user from posting to chatter using very basic code.
 
trigger ChatterCommentBlock on FeedComment (before insert) {
    if (UserInfo.getProfileId() == '<profile ID>') {
        throw new StringException('You do not have correct access to post to Chatter.');
    }
}

You could, of course, modify this piece of code to work with a custom permission or a field on the user, to allow you to easily make other types of users read-only - but this will work if you need something basic.
Stephanie BoggsStephanie Boggs 
I have read all the previous posts and changed the following settings, but I have users that are still reporting that they are being logged out during an active session.

Settings:
  • Timeout Value = 2 hours
  • Disable session timeout warning popup = Unchecked (I just made this change today)
  • Lock sessions to the IP address from which they originated = Checked
  • Lock sessions to the domain in which they were first used = Checked
The most recent report was a user clicked the "New" button to create a new record. The amount of time between clicking the button and being logged out was about 6-7 minutes.

I have also prompted users to make the following browser changes:
  1. Click Settings.
  2. At the bottom, click Advanced.
  3. Select Privacy and Security | Content Settings | Cookies | Allow.
  4. Enter [*.]salesforce.com.
  5. Click Allow.
Is there anything else that I can do?
Best Answer chosen by Stephanie Boggs
Naveen DhanarajNaveen Dhanaraj
After doing all the setting changes logout and Log in salesforce,if the problem persist raise a case to salesforce support.
 
Kate RodrieKate Rodrie 
Hi, 

In my Apex Code I would like to perform an action as an other user, is it possible ??
I Have the following error when I try to do an action as a non owner record :

 INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

Thank you,
Kate
Best Answer chosen by Kate Rodrie
Sedoud BoussadSedoud Boussad
Hello Kate,

Not sure to understand.

It depends on your needs :
If it's about Apex Test, for sure it's possible you can use the following method :
System.runAs(User record)

Following documentation about the Apex method : 
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_testing_tools_runas.htm

If it's on your Apex class itself, you can't select (even with a query) a specific contact and perform action with him, but you can flag you apex class with "without sharing" and it will Bypass the current OWD (Organization wide Default) architecture.


Hope this helps :)
Boussad
Stefanie StaffordStefanie Stafford 
So I just enabled communities for our org and I went to ensure my profile (System Admin) has the "Manage Communities" permission checked and it didn't, so I clicked EDIT and it literally makes all fields gray and I'm unable to select that checkbox or any of those checkboxes. So what am I doing wrong? 
Best Answer chosen by Stefanie Stafford
Vinay ChaturvediVinay Chaturvedi
so Assigning this custom profile (after cloning from system admin profile) to the existing system admins should do your job :)
Best Answer chosen by Sheronda Usher
Steve MolisSteve Molis
Yes, they are totally unrelated to each other
Patrick RedorPatrick Redor 
Hi,

We have a community setup and it uses Visualforce Page and ReactJS to display a customized UI. After a security scan, we found out that we can still see the standard salesforce community page just by changing the URL from 

https://mysitedomain.my.salesforce.com/testSite/ 
to
https://mysitedomain.my.salesforce.com/testSite/00U/c?cType=2

from this example, we are able to view the Multi-User Calendar that displays all the names of internal users that we have. Also, just by adding the 3 digit Object Id at the end, like "/001" , will redirect the external user to a standard salesforce community page for Accounts.

Is there a way to stop this from happening and restrict the external user to just view the visualforce page? 

After googling, I found out about the "allowStandardPortalPages" under Custom Sites. Changing this at the metadata level to "<allowStandardPortalPages>false</allowStandardPortalPages>" might help. Unfortunately, when I tried it, it returned an error that our version of Site is still on 36.0 and "allowStandardPortalPages" is only available on 39.0 and up.

To summarize, I have two questions:
- Is there a way to restrict the external user from accessing Standard Salesforce Community Pages?
- How to upgrade the version of Custom Sites to 39.0?

Thanks!
Pat
Best Answer chosen by Patrick Redor
Patrick RedorPatrick Redor
It's all good now.

I was able to get the metadata api 39.0 of Sites by updating the version field from 36.0 tp 39.0 inside package.xml using eclipse. Since it was updated to 39.0, when I refresh from server, the allowStandardPortalPages is available. I changed its value to false and saved to server. This fix our issue which blocks external users from viewing standard salesforce community pages.
Jessica GagnonJessica Gagnon 
We just rolled out Signal Sign On for my org. It now disables the user from Active Directory which disables the user from signing in to all our systems. However this does not deactivate the Salesforce user account which means I have an licence which could be freed up. Is there a way for me to automatically disable a user who has not logged in in the past 30 days? 
Best Answer chosen by Jessica Gagnon
Doug AyersDoug Ayers
There's a couple options. If you want seamless integration with your AD, you might consider purchasing Salesforce's "Identity Connect" add-on to keep not just active/inactive in sync but all the other user details (http://www.salesforce.com/platform/identity/).

For a more "free" approach based on a "not logged in within last 30 days" you might consider a scheduled batch apex job to automate this process.

Another option is to manually, once a week (or whenever) use a tool like Enabler for Excel (http://www.taralex.us/) or the Salesforce Data Loader to export active users with login date within last 30 days, do a quick excel change, then update the affected records.
Jose ArechavalaJose Arechavala 
With regards to Event Monitoring, how far back can we run reports on users? We are interested but considering the cost involved we don't want to make the investment without knowing if we have the ability to go back at least a year. 
Best Answer chosen by Jose Arechavala
Mayank SrivastavaMayank Srivastava
Jose, here's  the answer to your question:
All these events are stored in event log files. An event log file is generated when an event occurs in your organization and is available to view and download after 24 hours. The event types you can access and how long the files remain available depends on your edition.

-- Developer Edition (DE) organizations have free access to all 30+ log types with one-day data retention.
-- Enterprise, Unlimited, and Performance Edition organizations have free access to the login and logout log files with one-day data retention. For an extra cost, you can access all log file types with 30-day data retention.

Now remember that when you have event monitoring added, you will have some sort of automation downloading those files on a daily basis:
https://trailhead.salesforce.com/modules/event_monitoring/units/event_monitoring_download

So it is totally upto you that how long you want to keep the files for.
Melissa BunchMelissa Bunch 
We have multiple Quote templates and all of our users have access to create Quotes, however I have some templates that I don't want everyone to be able to see. I haven't been able to determine how to limit this visibility. 

Is it possible to control which users see which templates?

Thank you!
Best Answer chosen by Melissa Bunch
Dnyaneshwar AghawDnyaneshwar Aghaw
Hi Melissa,

There is no such possibility to hide Quote templetes from certain users.However there is an Idea posted on Ideaexchange for this.

https://success.salesforce.com/ideaView?id=08730000000Yq3oAAC


Thanks
​Dnyaneshwar 




 
Steve RubinSteve Rubin 
Hello,  Is there a way to give a Public Group access to an object field through a permission set?  Or is there a better way, maybe through Sharing?

Thanks,
Steve
Best Answer chosen by Ed (salesforce.com) 
Kishore B TKishore B T
Steve,
As you have mentioned you need to give access,
Please add the users to groups based on some condition using process builder.
Please change the entry criteria accordingly, the example is to add all the new users to public group. 
https://automationchampion.com/tag/automatically-add-new-user-to-public-group-salesforce/