Apex Policies for Transaction Security Notifications

Every Transaction Security policy must implement the Apex TxnSecurity.PolicyCondition interface. Here are several examples.

Available in: both Salesforce Classic and Lightning Experience

Available in: Enterprise, Performance, Unlimited, and Developer Editions.

Requires purchasing Salesforce Shield or Salesforce Shield Event Monitoring add-on subscriptions.

If you didn’t specify a condition value before you generated the Apex interface for a policy, you can add the condition later. If you want to change the condition, you can edit it. Edit the Apex code to include a condition before you activate your policy. If you never include a condition, your policy is never triggered. See the following examples for how to write up the condition.

Don’t include Data Manipulation Language (DML) statements in your custom policies. DML operations are rolled back after a transaction security policy is evaluated, regardless if the policy evaluates to true or false.

When you delete a transaction security policy, your TxnSecurity.PolicyCondition implementation isn’t deleted. You can reuse your Apex code in other policies.

This Apex policy example implements a policy that is triggered when someone logs in from multiple IP addresses in the past 24 hours.

Example

1global class LoginPolicyCondition implements TxnSecurity.PolicyCondition {
2  public boolean evaluate(TxnSecurity.Event e) {
3    AggregateResult[] results = [SELECT SourceIp
4                                 FROM LoginHistory
5                                 WHERE UserId = :e.userId
6                                       AND LoginTime = LAST_N_DAYS:1
7                                 GROUP BY SourceIp];
8    if(!results.isEmpty() && results.size() > 1) {
9      return true;
10    }
11    return false;
12  }
13}

This Apex policy example implements a policy that is triggered when a session is created from a specific IP address.

Example

1global class SessionPolicyCondition implements TxnSecurity.PolicyCondition {
2  public boolean evaluate(TxnSecurity.Event e) {
3    AuthSession eObj = [SELECT SourceIp FROM AuthSession WHERE Id = :e.entityId];
4    if(eObj.SourceIp == '1.1.1.1' ){
5      return true;
6    }
7    return false;
8  }
9}

This DataExport policy implements a policy that is triggered when someone exports data via the Data Loader.

Example

1global class DataExportPolicyCondition implements TxnSecurity.PolicyCondition {
2  public boolean evaluate(TxnSecurity.Event e) {
3    if(e.data.get('SourceIp') == '1.1.1.1' ){
4      return true;
5    }
6    return false;
7  }
8}

This Apex policy is triggered when someone accesses reports.

Example

1global class ReportsPolicyCondition implements TxnSecurity.PolicyCondition {
2  public boolean evaluate(TxnSecurity.Event e) {
3    if(e.data.get('SessionLevel') == 'STANDARD' ){
4      return true;
5    }
6    return false;
7  }
8}

This Apex policy is triggered when someone accesses a Connected App.

Example

1global class ConnectedAppsPolicyCondition implements TxnSecurity.PolicyCondition {
2  public boolean evaluate(TxnSecurity.Event e) {
3    if(e.data.get('SessionLevel') == 'STANDARD' && (e.entityId == '0CiD00000004Cce')){
4      return true;
5    }
6    return false;
7  }
8}

Salesforce Security Guide

Apex Policies for Transaction Security Notifications

Example

Example

Example

Example

Example

See Also: