CRUD/FLS security changes

Follow

We have changed our approach with regards to the security changes of which Salesforce admins have been notified via email in August. The changes will be disabled by default and admins need to enable it via a new custom setting after Release 14 has been installed on your org. Enabling the changes can be done per user and/or per profile, which will give you the opportunity to do a phased roll out and gives you more time to test the changes extensively. We strongly advise you to test this first on a Sandbox. The email that was sent out in August contained the following information:

As part of our continuing efforts to ensure the highest level of security within Bullhorn Connexys, we will be rolling out some changes in our September release (release 14) that we wanted to make you aware of.

Going forward, every aspect of the application, including custom pages, will have an absolute adherence to the profile permission model built into Salesforce. After release 14 has been deployed, it is possible that users will run into errors when trying to edit, create or delete records.

In advance of this release, we strongly recommend that you review your profile permissions to ensure that all permissions are configured correctly. This will guarantee there is no disruption in functionality for your users when the update rolls out.

We have decided to change our approach because this upcoming change can have a big impact. Please be aware that the changes will be enabled for all users/profiles with the next release.

Enable the security changes

To enable the security changes you need to follow the steps below:

  • Go to the Salesforce Setup > Build > Develop > Custom Settings > CRUD and FLS Setting;
  • click on Manage > click on the second New button on the page;
  • the setting can be enabled per profile or per user; choose the option you want it enabled for, select the required profile(s) or user(s) and make sure you check the box for the field Enforce CRUD and FLS?;
  • click Save. Repeat these steps to enable it for other profiles and/or users.

Review your profile permissions

Functional objects

After the update has been rolled out and the permissions are not configured correctly, you might run into the following type of error: 'You do not have permission to edit/insert the Workflow_event_name field on the Step object. Please notify your admin. 

More information for your admin can be found in this article (https://help.connexys.com/hc/en-us/articles/360000452720).

In this case, it means that a user's profile needs edit permission for the Workflow_event_name__c field on the Step object. Only one field can be shown in the error message every time you save a record although the error might refer to other fields on the page as well. We therefore strongly advise you to also check the permissions for the other fields on the page. There will also be an email sent to all users on the ORG with the System Administrator profile that contains the same error message, but does include all other fields on the page the error refers to.

This is how you grant this permission:

  1. From Setup, enter Profiles in the Quick Find box, then select Profiles
  2. Select a permission set or profile.
  3. Depending on which interface you're using, do one of the following:
    a. Permission sets or enhanced profile user interface—In the Find Settings... box, enter the name of the object you want and select it from the list. Click Edit, then scroll to the Field Permissions section.
    b. Original profile user interface—In the Field-Level Security section, click View next to the object you want to modify, and then click Edit.
  4. Specify the field's access level.
  5. Click Save.

Technical objects

Also Technical objects will be affected. Because permissions for technical objects should be the same for every customer we have added a permission set to the package that admins can mass assign to users. This will be possible after release 14 has been deployed in your org.

This is how you mass assign the permission sets to all your users:

  1. From Setup, click Manage Users | Permission Sets.
  2. Select the 'Connexys technical objects permission set'. 
  3. In the permission set toolbar, click Manage Assignments.
  4. Click Add Assignments. If any users are selected, this button isn’t available.
  5. Select the users to assign to this permission set. You can assign up to 1000 users at a time. 
  6. Click Assign.
  7. Review the messages on the Assignment Summary page. If any users weren’t assigned, the
  8. Message column lists the reasons.
  9. To return to a list of all users assigned to the permission set, click Done.

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk