Whenever a Salesforce user tries to upload, preview, or download a file via the user interface or API, a FileEvent will occur in the backend. This event is included in Salesforce’s Real-Time Event Monitoring feature, and Salesforce Developers can choose to enable streaming or storage for FileEvents just like any other event associated with Real-Time Event Monitoring. Furthermore, developers can set up a transaction security policy for FileEvents, which allows them to track and take action based on the user’s actions on files.

We’re excited to see FileEvents become GA in the Summer ’23 release. In this post, we’ll show you how you can build a transaction security policy on top of a FileEvent and strengthen file security.

Note: FileEvents are available to customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Why is Salesforce file security important?

To understand FileEvents, it’s important to first grasp the significance of file security in the Salesforce org. Salesforce stores a wide range of information as files, including customer contact details, sales data, notes from customer interactions, and service requests, as well as internal documents such as contracts, marketing materials, and product specifications. In addition, the system can store files related to financial transactions like invoices or purchase orders.

The purpose of Salesforce Files is to keep all this data in one central location, making it easily accessible by multiple users at once, thereby improving collaboration and productivity. It’s crucial to prioritize the protection of these files to ensure the security of sensitive information in your Salesforce org. This cannot be emphasized enough.

What can FileEvents do?

When employees quit their job, they typically continue working for a short period of time before leaving the company. In this situation, many companies restrict access to sensitive files during this pre-exit period. A transaction security policy can be implemented using FileEvents to prevent employees from downloading files tagged as “legal” for compliance purposes.


  • Your org has a Salesforce Shield or Event Monitoring add-on license
  • File(s) that users are trying to download have a legal tag

Let’s see how you can implement a transaction security policy using file events.

  • Setup → Transaction Security Policies
  • Click on New and select Apex

Step 1 - Set up transaction security policy using Apex

In the “Event” dropdown, select FileEvent. And in the Apex class dropdown, select New Empty Apex Class and then click on the Next button.

Step 2 - Select the event as "File Event"

In the Actions selection, we can either choose Default Message or Custom Block Message. The same applies to email notification content as well. Please make sure the policy status is enabled.

Step 3 - Fill the required details

Now, the boilerplate Apex class has been created automatically.

Step 4 - Navigate to the BlockLegalFilesDownloadEventCondition class created by the system

The code snippet below includes logic to meet compliance needs. Update the class with this code snippet.

Great job! Let’s see it all in action

Log in as the user and try to download the file which is tagged as “Legal.”

Downloading the file which is tagged as legal

The ability to download the files has been restricted due to the policy which we created.

Downloading of the file is blocked due to the transaction security policy


Now that FileEvents have become generally available, it is easier than ever to set up transaction security policies for managing files. By taking advantage of these events, you can monitor and respond to activity in real-time, detect suspicious behavior quickly, and accurately identify potential threats before they become a problem.

Additionally, leveraging automation capabilities, such as automated alerts or notifications when certain activities occur on files within your org, will help ensure that any malicious activity is identified right away so that appropriate countermeasures can be taken immediately.

It’s clear why keeping confidential documents safe within a secure filing system should be a top priority for any business utilizing a CRM platform like Salesforce. In conclusion, understanding FileEvents is essential for enhancing the security of your Salesforce org.

About the author

Jagan Padmanabhan

Jagan Padmanabhan is a Technical Architect (Customer Success Group) at Salesforce with a special focus on creating secure applications at a large scale. He is passionate about developing applications using security-driven products like Salesforce Shield and Event Monitoring. Moreover, he actively contributes to platform security as a security researcher. Follow him on LinkedIn.

Get the latest Salesforce Developer blog posts and podcast episodes via Slack or RSS.

Add to Slack Subscribe to RSS