This document discusses various security features in Salesforce including auditing, health checks, encryption, event monitoring, field audit trails, transaction security policies, login and field history monitoring, and Apex security. It explains that Salesforce and customers share responsibility to protect data. Regular audits should be done to detect potential abuse, and health checks can identify vulnerabilities. Features like encryption, event monitoring, and field audit trails provide security and compliance. Transaction policies can limit logins and data exports. Login and field histories along with setup change monitoring allow tracking of activity. Apex security requires enforcing user permissions, sharing rules, and SOQL permissions.
2. https://sfsupport247.com | Salesforce Training & Support | sfcontact.247@gmail.com
Salesforce is built with security to protect your data and applications. Protecting your data is a joint responsibility between you
and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safelAuditing provides
information about use of the system, which can be critical in diagnosing potential or real security issues. The Salesforce auditing
features don't secure your organization by themselves; someone in your organization should do regular audits to detect potential
abuse.y and efficiently.
Salesforce Security
2
Phishing and Malware If you see something suspicious related to your Salesforce implementation,
report it to security@salesforce.com, in addition to your own IT or security team.
Trust starts with transparency. That’s why Salesforce displays real-time
information on system performance and security at http://trust.salesforce.com
and http://trust.salesforce.com/securit
Security Health Check Salesforce admin can use Health Check to identify and fix potential vulnerabilities in your security
settings, all from a single page. A summary score shows how your org measures against a
security baseline, like the Salesforce Baseline Standard. You can upload up to five custom
baselines to use instead of the Salesforce Baseline Standard.
Auditing Auditing provides information about use of the system, which can be critical in diagnosing potential
or real security issues. The Salesforce auditing features don't secure your organization by
themselves; someone in your organization should do regular audits to detect potential abuse.
3. https://sfsupport247.com | Salesforce Training & Support | sfcontact.247@gmail.com
Salesforce Security
3
Salesforce
Shield
Salesforce Shield is a trio of security tools that admins and developers can use to build a new level of trust,
transparency, compliance, and governance right into business-critical apps. It includes Platform Encryption,
Event Monitoring, and Field Audit Trail. Encrypt Fields, Files, and Other Data Elements With Encryption Policy,
Filter Encrypted Data with Deterministic Encryption, Cache-Only Key Service, Platform Encryption -
Encryption allows you to natively encrypt your most sensitive data at rest across all your Salesforce apps.
Event Monitoring - gives access to detailed performance, security, and usage data on all your Salesforce
apps. Every interaction is tracked and accessible via API,
Field Audit Trail - lets you know the state and value of your data for any date, at any time. You can use it for
regulatory compliance, internal governance, audit, or customer service.
Transaction
Security
Policies
When enabled Transaction Security for your org, two policies are created. 1) Concurrent User Session Limit
policy to limit concurrent login sessions. -A user with five current sessions tries to log in for a sixth session.
2) Lead Data Export policy to block excessive data downloads of leads - Retrieves more than 2,000 lead
records
Monitoring
Organizatio
n’s Security
Track login and field history, monitor setup changes, and take actions based on events. Monitor Login History,
Field History Tracking, Monitor Setup Changes, Transaction Security Policies
4. https://sfsupport247.com | Salesforce Training & Support | sfcontact.247@gmail.com
During the Apex programming, the security of Apex code is critical. Make sure to add user permissions for Apex classes and enforce sharing rules.
Apex code generally runs in system context i.e. current user's permissions, field-level security, and sharing rules aren’t taken into account during code execution.
Note: - Apex code execution for executeAnonymous block always executes using the full permissions of the current user.
public with sharing class ClassName {
...........
}
public without sharing class ClassName{
...........
}
Object-leve and Field Level permissions: Sharing rules are distinct from object-level and field-level permissions. They can coexist. If sharing rules are defined in
Salesforce, you can enforce them at the class level by declaring the class with the with sharing keyword.
SOQL Permissions:
[SELECT Id, (SELECT LastName FROM Contacts), (SELECT Description FROM Opportunities) FROM Account WITH SECURITY_ENFORCED]
[SELECT Id, parent.Name, parent.Website FROM Account WITH SECURITY_ENFORCED]
Apex Security
4