Category: security

How to restrict @AuraEnabled method access for Authenticated users

by | Aug 5, 2020 | , , , , , , , , | 0

As we all know security is always the number 1 priority for Salesforce, so there is a critical update coming to all of our Salesforce environments. This will change the way we provide access to AuraEnabled Apex methods. From this post, you can expect -What problem this update is going to solve?When can we expect this update in our environments?Show me the problemShow me the solution(s)Show me all the places where I need to make this changeWhat problem this update is going to solve?When we write our Lightning Component or Lightning Web Component today, for any type of server operation, we write Apex classes and annotate the method with @AuraEnabled. We don’t have an option today to restrict the access to our AuraEnabled methods today. That is why Salesforce came up with this important critical update where you need to specify who can access your AuraEnabled methods. I will explain this update with one example later in this post.When can we expect this update in our environments?This update “Restrict @AuraEnabled Apex methods to authenticated users” came as part of Salesforce’s Winter ’20 release. Enforcement will start on August 9th, 2020.Show me the problemLet’s say we have this below Lightning Web Component where we pass a string to the AuraEnable controller class and then class return list of Contacts. Finally component is going to display the list of contacts. Below is the...

Read More

Implicit Sharing in Salesforce

by | May 27, 2018 | , , , , , | 5

In Lightning Platform, Salesforce provides multiple options to administrators so that they can grant data access to different users, groups, teams. But there is something which is implemented and maintained by Salesforce which will also give relational data access to users based on their’s access to other records. In Lightning Platform, it is known as Implicit Sharing. Administrator cannot change the way implicit sharing works. So it is very important to understand the different types of implicit sharing we have in the platform.Nice to check out: Salesforce Spring 21 Release FeatureSalesforce Certification NotesSalesforce Release Video TutorialsSalesforce Lightning Flow Video TutorialsIn this blog post, I am going to explain different types of Implicit Sharing and how it works.To understand, let’s first consider the Account and Contact object. These two objects are linked with each other. So let’s say the Organization Wide Default for both Account and Contact are mentioned as Private, i.e. the record owner can see the records they created or owned.With the above assumptions, here are the different Implicit Sharing we have -Parent Implicit Sharing: This sharing provides read only access to parent record if the user is having access to the child record. Example – Refer the picture below. Here Bob is getting read-only access to Account because he is having access to the Contact (bcoz: Jimmy manually shared the contact with Bob). The level of Account access...

Read More

Delegate Administrator

by | Jan 18, 2017 | , , , , , , , , , | 35

In a big organization, a single admin can a big problem in terms of bandwidth issues. Normally admins are getting multiple requests like – creating users, updating profiles, resetting the password, running report etc. along with their daily meetings. So it will be really difficult for a single admin to handle all these requests by himself/herself. And that is the place where admins want to delegate some of their work to others (trusted colleagues). But trust me, it is a big decision. You should not give all the admin privilege to your colleagues even though he/she is a very trusted employee. Rather you should delegate few specific task to your colleagues. In Salesforce, we can do the same with DELEGATE ADMINISTRATION. So basically Delegate Administrator will allow named users to manage other users within selected roles and profiles, as well as managed selected custom objects. With Delegate Administration, you can configure named users to do the below things -Role & Subordinate:  Delegate Administrator can create and edit users with specific roles and subordinates. The can’t modify the role hierarchy though.Profile:  Delegate Administrator can assign users(they create or edit) to assigned profiles. They can’t modify the profile.Permission Set: Delegate Administrator can add/remove selected permission sets from users(they create or edit) to assigned profiles. They can’t modify the permission set.Public Group: Delegate Administrator can add/remove selected public groups from users(they create or edit)...

Read More

Understand Field’s Visibility with Field-Level Security and Page Layout

by | Jan 27, 2015 | , , , , , | 1

We all know that Field-Level security (FLS) and Page Layout are very important concept. But let us understand the concept with multiple use cases. I always believe going through use cases/scenarios are the best way to learn the concept.Use Case 1:Object Name: StudentField Name: Student NameField is required: YesLet’s try to change the field’s security both in profile level as well as through page layout.Changing though Field Level Security @ Profile Level (say for profile: Sales User) –You can’t change Field Level Security for a field if the field is marked as required during declaration. The field will become visible for all the profiles as shown below -So is it possible to do something in page layout? Let’s check –Seems like here also you can’t do any changes. Below is the screenshot –So the conclusion is that if a field is marked as required during declaration, that field will remain required and visible in all the page layouts. You can’t make that field read-only also.Use Case 2:Object Name: StudentField Name: Student AgeField is required: NoNow we can have multiple scenarios. They are listed below –Scenario 1:Visible for Profile – Sales User: NoVisible for Profile – Executive User: YesRequired in Page Layout – YesObservation:Logged in as Adams, Karen (Profile – Sales User)Logged in as Bassi, Brent (Profile – Executive User)Scenario 2:Visible for Profile – Sales User: YesRead Only for Profile...

Read More

Campaign in Salesforce and Security involved

by | Jan 10, 2015 | , , , , , , | 0

The very basic question comes to my mind is that what is a Campaign? Here is a very good blog post regarding how you want to define Campaign. Here – What is a Salesforce.com Campaign?Who can access Campaigns?Let’s understand this with the below use caseUse Case: Let’s say we have a custom profile named “Sales User” with below permissions on Campaign object -Now I have two users with this profile -User 1 – Kevin Bailey with Marketing User checkbox checked andUser 2 – Karen Adams with Marketing User checkbox unchecked.So what will happen here is that both Kevin and Karen can view campaigns, run campaign reports, but only Kevin can create new campaigns or edit existing campaigns.Note: So in order to create / edit Campaigns, Marketing User checkbox should be checked and Create/Edit permission should be there on the Campaign object.Let’s summarise the permission information as -To view Campaign – “Read” on Campaign.To create Campaign – “Create” on Campaign + “Marketing User” checkbox checked.To change Campaign – “Edit” on Campaign + “Marketing User” checkbox checked.To use Import Lead wizard – “Edit” on Campaign + “Marketing User” checkbox checked + “Import Lead” checkbox checked on user details page.To use Campaign Update wizard – “Edit” on Campaign + “Marketing User” checkbox checked + “Import Lead” checkbox checked on user details page + “Read” on...

Read More
Loading

Generative AI is a transformative technology that increases developer productivity, accelerates software application development, and reduces the barrier for anyone to learn programming. At this year’s TrailblazerDX, we announced Einstein for Developers – and now, Salesforce’s generative AI solution that unleashes developer productivity is officially in Open Beta. Built specifically for Salesforce languages and frameworks, Einstein for Developers is able to generate Apex code using natural language. Support for LWC is coming soon. In this blog, we will explore how to get started with Einstein for Apex development and how its potential can revolutionize your development process. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 0:01 - Introduction 0:34 - Enable Einstein for Developers 0:58 - Configure Visual Studio Code 1:54 - Demo 7:55 - My Opinion 8:08 - Conclusion 📌 Salesforce Winter 24 Release Playlist - https://bit.ly/3P0bun0 📌 Salesforce Summer 23 Release Playlist - https://bit.ly/3Mw6rbx #salesforce #generativeai #einstein #visualstudio #artificialintelligence ✨ Blog: https://www.sudipta-deb.in/ ✨ Subscribe for new videos on technology every week: https://bit.ly/3vCQKpg ✨Connect with me 📌 Twitter: https://twitter.com/thesudiptadeb 📌 Website: https://www.sudipta-deb.in/ 📌 LinkedIn: https://www.linkedin.com/in/sudiptadeb/ 📌 Facebook: https://www.facebook.com/TechnicalPotpourri Credit: Music I Use under the Mixkit License Disclaimer: All opinions are my own and this video content is not endorsed by Salesforce, Google or any other company in any way.
Welcome to the Winter ’24 Release! Salesforce Release is the process by which Salesforce updates its software platform to add new features, enhancements, and bug fixes. Salesforce releases typically occur three times a year, in spring, summer, and winter, and are named after the season in which they are released. In this video, I am going to share how you can transform collections of data between flow resources with the new Transform element in Flow Builder. I have a dedicated video where I have shown how to use this new element but in today's video, I am going to show you how to use this new element to transform and create multiple records within Salesforce Flow. Where: This change applies to Lightning Experience and Salesforce Classic in Essentials, Professional, Enterprise, Performance, Unlimited, and Developer editions. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 0:01 - Introduction 0:47 - Use Case Explanation 1:44 - Demo 8:55 - Conclusion 📌 Salesforce Winter 24 Release | Transform Your Data in Flows - https://youtu.be/d5V7bL6gnUc 📌 Salesforce Winter 24 Release Playlist - https://bit.ly/3P0bun0 📌 Salesforce Summer 23 Release Playlist - https://bit.ly/3Mw6rbx Display Custom Error Messages for Record Triggered Flows - https://bit.ly/3snudQv 📌 Salesforce Flow Playlist - https://bit.ly/3nIpTnT 📌 Rollback Records in Salesforce Flow - https://youtu.be/a0gfei_smaE 📌 New Admin Features of Salesforce Summer '23 Release - https://youtu.be/QETKVtNU_xo 📌 New Flow Features of Salesforce Summer '23 Release - https://youtu.be/ruD3mP5WRq8 📌 HTTP Post Call From Salesforce Flow - https://youtu.be/UCHQmkVq7yo 📌 Summer 23 Release | How To Add Named Credentials To Permission Set Using Principals - https://youtu.be/53q3I-bJobk 📌 External Services in Flow - HTTP Callout - https://youtu.be/n-vHAqr6KiI 📌 Salesforce Release Playlist - https://bit.ly/3r7F0cn 📌 How To Secure Apex Code With User Mode Database Operations - https://youtu.be/1agImQ1MWJs #salesforce #winter24release #flow #errormessage #screenflow #transformdata #mapdata ✨ Blog: https://www.sudipta-deb.in/ ✨ Subscribe for new videos on technology every week: https://bit.ly/3vCQKpg ✨Connect with me 📌 Twitter: https://twitter.com/thesudiptadeb 📌 Website: https://www.sudipta-deb.in/ 📌 LinkedIn: https://www.linkedin.com/in/sudiptadeb/ 📌 Facebook: https://www.facebook.com/TechnicalPotpourri Credit: Music I Use under the Mixkit License Disclaimer: All opinions are my own and this video content is not endorsed by Salesforce, Google or any other company in any way.
Welcome to the Winter ’24 Release! Salesforce Release is the process by which Salesforce updates its software platform to add new features, enhancements, and bug fixes. Salesforce releases typically occur three times a year, in spring, summer, and winter, and are named after the season in which they are released. In this video, I am going to share how you can perform HTTP POST, PUT, PATCH and DELETE call. POST call will provide me the record ID which I will be using in subsequent PUT, PATCH and DELETE calls to perform actions. Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 0:01 - Introduction 0:18 - Use Case/Scenario Explanation 2:25 - HTTP POST Call From Salesforce Flow 5:30 - HTTP PUT Call From Salesforce Flow 10:11 - HTTP PATCH Call From Salesforce Flow 13:33 - HTTP DELETE Call From Salesforce Flow 15:33 - Conclusion 📌 How To Add Named Credentials To Permission Set Using Principals - https://youtu.be/53q3I-bJobk 📌 Salesforce Winter 24 Release Playlist - https://bit.ly/3P0bun0 📌 Salesforce Summer 23 Release Playlist - https://bit.ly/3Mw6rbx 📌 Display Custom Error Messages for Record Triggered Flows - https://bit.ly/3snudQv 📌 Salesforce Flow Playlist - https://bit.ly/3nIpTnT 📌 Rollback Records in Salesforce Flow - https://youtu.be/a0gfei_smaE 📌 New Admin Features of Salesforce Summer '23 Release - https://youtu.be/QETKVtNU_xo 📌 New Flow Features of Salesforce Summer '23 Release - https://youtu.be/ruD3mP5WRq8 📌 HTTP Post Call From Salesforce Flow - https://youtu.be/UCHQmkVq7yo 📌 Summer 23 Release | How To Add Named Credentials To Permission Set Using Principals - https://youtu.be/53q3I-bJobk 📌 External Services in Flow - HTTP Callout - https://youtu.be/n-vHAqr6KiI 📌 Salesforce Release Playlist - https://bit.ly/3r7F0cn 📌 How To Secure Apex Code With User Mode Database Operations - https://youtu.be/1agImQ1MWJs #salesforce #winter24release #flow #errormessage #screenflow #transformdata #mapdata ✨ Blog: https://www.sudipta-deb.in/ ✨ Subscribe for new videos on technology every week: https://bit.ly/3vCQKpg ✨Connect with me 📌 Twitter: https://twitter.com/thesudiptadeb 📌 Website: https://www.sudipta-deb.in/ 📌 LinkedIn: https://www.linkedin.com/in/sudiptadeb/ 📌 Facebook: https://www.facebook.com/TechnicalPotpourri Credit: Music I Use under the Mixkit License Disclaimer: All opinions are my own and this video content is not endorsed by Salesforce, Google or any other company in any way.
Welcome to the Winter ’24 Release! Salesforce Release is the process by which Salesforce updates its software platform to add new features, enhancements, and bug fixes. Salesforce releases typically occur three times a year, in spring, summer, and winter, and are named after the season in which they are released. In this video, I am going to share how you can perform HTTP GET and POST Call from Salesforce Flow. If you can’t GET enough with HTTP Callout, now you can use the POST method to send Salesforce data to an external server in Flow Builder. This feature, now generally available, includes some changes since the Summer ’23 release. More easily integrate external data with the new PUT, PATCH, and DELETE methods. Give more context about HTTP callout parameters, validate JSON samples faster, and get more information about the external service registration with more organized sections of parameters. Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 0:01 - Introduction 0:24 - Open Source Rest API Endpoint 0:47 - Create Named Credentials, Principals, External Credentials 3:32 - Perform HTTP Get from Salesforce Flow 5:56 - Perform HTTP Post from Salesforce Flow 9:04 - Conclusion 📌 Salesforce Winter 24 Release Playlist - https://bit.ly/3P0bun0 📌 Salesforce Summer 23 Release Playlist - https://bit.ly/3Mw6rbx 📌 Display Custom Error Messages for Record Triggered Flows - https://bit.ly/3snudQv 📌 Salesforce Flow Playlist - https://bit.ly/3nIpTnT 📌 Rollback Records in Salesforce Flow - https://youtu.be/a0gfei_smaE 📌 New Admin Features of Salesforce Summer '23 Release - https://youtu.be/QETKVtNU_xo 📌 New Flow Features of Salesforce Summer '23 Release - https://youtu.be/ruD3mP5WRq8 📌 HTTP Post Call From Salesforce Flow - https://youtu.be/UCHQmkVq7yo 📌 Summer 23 Release | How To Add Named Credentials To Permission Set Using Principals - https://youtu.be/53q3I-bJobk 📌 External Services in Flow - HTTP Callout - https://youtu.be/n-vHAqr6KiI 📌 Salesforce Release Playlist - https://bit.ly/3r7F0cn 📌 How To Secure Apex Code With User Mode Database Operations - https://youtu.be/1agImQ1MWJs #salesforce #winter24release #flow #errormessage #screenflow #transformdata #mapdata ✨ Blog: https://www.sudipta-deb.in/ ✨ Subscribe for new videos on technology every week: https://bit.ly/3vCQKpg ✨Connect with me 📌 Twitter: https://twitter.com/thesudiptadeb 📌 Website: https://www.sudipta-deb.in/ 📌 LinkedIn: https://www.linkedin.com/in/sudiptadeb/ 📌 Facebook: https://www.facebook.com/TechnicalPotpourri Credit: Music I Use under the Mixkit License Disclaimer: All opinions are my own and this video content is not endorsed by Salesforce, Google or any other company in any way.
More Videos Subscribe to My Channel