Ask Search:
Sandeep SandurSandeep Sandur 

How can we restrict a user from exporting the data from Salesforce instance.

Hi,

How can we restrict a user from exporting the data from salesforce instance like exporting accounts, contacts and other objects using data loader, export all data from data management and scheduling the job to export data.

The user is not a system administrator.

Regards,
Sandeep
Matthew LambMatthew Lamb
There's an Export profile permission, you can remove that permission from their profile.
Sandeep SandurSandeep Sandur
 Hi Mathew,

Are you referring to "Export Reports"? If it is Export Reports then we have already disabled it but we don't want user to export data from Data loader and Data Export in Data management.

Regards,
Sandeep
Matthew LambMatthew Lamb
Those are admin level features. What profile type is the user in question? Have you confirmed that this user is able to do the things you listed? Non-admin profiles should already be restricted from doing these things.
Sandeep SandurSandeep Sandur
 Hi Mathew,

The user is a Standard platform user and he is not able to view "Data Export" but can login to Apex data loader and export data.

Regards,
Sandeep
Sandeep SandurSandeep Sandur
 Hi Mathew,

The user is a Standard platform user and he is not able to view "Data Export" but can login to Apex data loader and export data.

Regards,
Sandeep
Matthew LambMatthew Lamb
Hm. Platform users by default have API access. Given that the Data Loader is an API tool, I'm not sure if you can restrict this or not. I tweeted a link to this thread, I bet someone else knows.
Sandeep SandurSandeep Sandur
 Thanks Mathew.

Lets see if others can help us.

Regards,
Sandeep
Matthew LambMatthew Lamb
Can you give some more background? What's the platform user doing with that license (which gives them a lot of access to the system) that you don't want them exporting data? Is there a possiblity to give them another license?
Sandeep SandurSandeep Sandur
 Hi Mathew,

The user is using the recruiting application who will be having permissions to edit, delete and modify records like contacts and accounts. We want to disable permissions to export data from the application assigning him the same platform license.

Sandeep
Matthew LambMatthew Lamb
If this user is just performing standard data manipulations through the interface, why do they have a platform license? Why not grant them a CRM license instead?
Sandeep SandurSandeep Sandur
 Hi Mathew,

The user is accessing the recruiting application which has lot of custom objects like job, job applicant, interview and placement. We want him to use the platform license. Please suggest.

Sandeep
Matthew LambMatthew Lamb
I've asked around to many others in the community, and confirmed there is no way to restrict Data Loader access if the user has API access enabled.

In your last clarificaiton, you mention they are working with custom objects. A standard CRM license allows users to access custom objects. If you want to achieve this, you need to give the user something other than a platform license.

Are there specific reasons to give them a platform license, features that a CRM license doesn't give them? Access to custom objects is available in both.
Matthew LambMatthew Lamb
If anyone else finds this page, I've created an idea to provide a specific permission to allow / prevent data loader access. Would appreciate your votes and comments here:

https://sites.secure.force.com/success/ideaView?id=08730000000jlwXAAQ
Ivo BernsIvo Berns
Hi,

A few moments ago I found out that a normal user without any export rights has the availabilitty to export data with the dataloader. Now I don't think that any user is aware of this tool, but in the future they might be.
To grant users acces to export reports is useless anymore if they can export the total database with the dataloader. This is really dangerous! Salesforce does everything for security, but a standard user can export the total database.

I found the API-button. But if I turn it off, what other problems might occur? We have Professional edition and I am not really into API, otherwise than using the dataloader.

Regards, Ivo