Home Salesforce Enhance Salesforce File Security with FileEvent

Enhance Salesforce File Security with FileEvent

by Dhanik Lal Sahni
File Security with FileEvent

Salesforce stores Customer/Client’s sensitive information like customer demographic information, contact details, sales/service history information, chat information etc. It also stores sensitive files like invoices, financial data, customer verification documents, contract details etc. Salesforce Files/Content is designed to facilitate collaboration, document management, and integration of files.

Salesforce provides a lot of features like permission sets, profiles, roles, sharing rules etc. to secure data. Salesforce provides File Upload and Download Security features to secure the upload and download of specific types of files. This feature will not stop users from previewing or downloading files. Salesforce introduced a new feature FileEvents to strengthen file security. In this blog post, we will see how to enhance Salesforce File Security with FileEvents.

What is FileEvent?

FileEvent allows Salesforce developers to track user activities on files, which can help identify and prevent unauthorized access to sensitive content using UI and API. FileEvent supports transaction security policies so we can track who tried to access sensitive information. We can throw an error and we can send him a personalized email asking the reason for accessing the sensitive page.

User Action Supported in File Event

  1. File Upload
  2. File Preview
  3. File Download

Implement Transaction Security Policy using FileEvents

Salesforce Transaction Security Policies allow us to impose security measures and restrictions for user actions and transactions within Salesforce org. These rules assist in protecting against a variety of threats, including fraud, data breaches, and unauthorised access. Transaction Security Policies enable us to establish rules that cause actions or alerts to be triggered when certain criteria are fulfilled during a transaction. Let us see the steps for implementing a transaction security policy using FileEvents

  1. Get Salesforce License
  2. Transaction Security Policy Using Declarative Approach
  3. Transaction Security Policy using Apex Code
  4. Test FileEvents Transaction Security Policy

1. Get Salesforce License

FileEvents is part of Salesforce Shield Encryption. We should have a Salesforce Shield or Salesforce Event Monitoring add-on subscription to implement this functionality. This feature is available in Developer org to test this functionality.

2. Transaction Security Policy using a Declarative Approach

File Event Transaction security can be set up using declarative as well custom code in Salesforce Apex. We can create a File Event Transaction Security Policy from Setup → Transaction Security Policies. Select Condition Builder for point-and-click configuration.

File Security with FileEvent

2.1 Build Transaction Condition/Criteria

Set criteria for firing file event transaction security policy. For this POC, I have set up criteria for downloading files. Set up below conditions/criteria

EventFile Event
Condition Logic-All Conditions are met(AND)
Condition- FileAction
Operator- Equals
Value -UI_DOWNLOAD
File Security with FileEvents

2.2 Action to perform when the above policy is triggered

Setup action that will be performed when condition logic is met for File Event policy.

ActionBlockThis will stop any action performed by the user.
Block MessageCustom Block MessageSet up any custom message that you want to show to the user. If you don’t want to set up a custom message then choose Default Block Message
Notification1. Email notification
2. In-app notification
How notification should be sent to the admin user? If Email Notification is selected then we can set up Email Notification Content. In-app notification is used for notification in mobile devices like Android or IOS.
Email Notification ContentDefault Email ContentThis will send email notifications to the admin or recipient. This will only enabled when the notification type is Email Notification. Custom emails can also be created for email notifications.
NameTransaction Security ErrorPut a name based on your requirement
StatusEnabledEnable this transaction security. We can disable this when we don’t want this policy.
Salesforce File Event for File Security

2.3 Test Point-to-click Transaction Security Policy

3. Transaction Security Policy using Apex Code

We can use Apex code also to customize transaction security policy for File Event. Using Apex, we have more control over transaction security. We can use our own logic for triggering file event security issues.

File Security with FileEvents using Apex

What triggers this policy?

Configure which event will trigger the transaction security policy. To create a File Event transaction security policy we have to select the below options.

*EventFile Event
*Apex Class New Empty Apex Class
Apex File Event Transaction Security

What actions do you want to take when the policy is triggered?

Setup action which will performed when File Event Transaction Policy is triggered. You can use the same setup as mentioned in section 2.2.

Once the action is set up, a boilerplate apex class will be created to customize the policy trigger. The below image shows the generated boilerplate code class.

File Security with FileEvents Boilerplate Code

Customize Apex Class:

Let us take an example, We have the below use case.

Use Case:

If a user who is not part of the Finance Department tries to download files of the Finance Department. They should get the error.

Solution:

To handle this use case, the below apex code will be created.

Test Apex Code for File Security with FileEvent

Summary

FileEvents are a valuable tool for securing the files in our Salesforce org. We can monitor user operations on files, set up transaction security controls, and respond to any risks in real time by employing FileEvents. We can take proactive steps to protect our Salesforce org’s files and keep your customers’ trust.

References

Real-Time Event Monitoring Overview

Enhanced Transaction Security Policy List

Salesforce Event Monitoring

Salesforce Shield

Salesforce Data Security

Related Posts

Top 5 Session Security for LWC

Salesforce Interview Question – Security

You may also like

2 comments

Sathish Periyasamy October 19, 2023 - 2:54 pm

Thank you so much for such a valuable post to know more about the salesforce file security.

Reply
Dhanik Lal Sahni October 28, 2023 - 11:39 pm

Thank You, Sathish.

Reply

Leave a Comment