Salesforce Security Guide

Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data's Security with Shield Platform Encryption
Monitoring Your Organization’s Security
Real-Time Event Monitoring
Real-Time Event Monitoring Definitions
Considerations for Using Real-Time Event Monitoring
Enable Access to Real-Time Event Monitoring
Stream and Store Event Data
Create Logout Event Triggers
How Chunking Works with ReportEvent and ListViewEvent
Enhanced Transaction Security
Types of Enhanced Transaction Security Policies
Enhanced Transaction Security Actions and Notifications
Build a Transaction Security Policy with Condition Builder
Create an Enhanced Transaction Security Policy That Uses Apex
Best Practices for Writing and Maintaining Enhanced Transaction Security Policies
Enhanced Transaction Security Metering
Test and Troubleshoot Your New Enhanced Policy
Migrate Legacy Policies to the Enhanced Transaction Security Framework
Choose an Event for the Enhanced Policy
Choose Event Fields for the Enhanced Policy Conditions
Create a Policy with a UI or with Apex Code
Differences Between the Legacy and Enhanced Apex Interfaces
Policy Migration Examples
Threat Detection
Security Guidelines for Apex and Visualforce Development
API End-of-Life
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Migrate Legacy Policies to the Enhanced Transaction Security Framework

The enhanced transaction security framework makes it easy to create policies that are more useful than policies created with of the legacy framework. You can migrate your legacy policies to the new framework. As of Summer ’20, Legacy Transaction Security is a retired feature in all Salesforce orgs. You can no longer create, edit, or enable transaction security policies using the legacy framework and will receive an error message if you try to do so.
Available in: Salesforce Classic and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Let's first review ways that the enhanced transaction security framework improves your experience of creating a policy and how the policies are so much better.

  • With the enhanced transaction security framework, you can create policies that execute actions on any standard or custom object. In the legacy framework, you’re limited to a few standard objects. For example, the legacy Data Export policy type supports actions only on standard report types. Enhanced policies based on ReportEvent support all standard and custom report types. (However, this benefit has the consequence that enhanced policies execute more often than legacy ones.See Differences Between the Legacy and Enhanced Apex Interfaces).
  • Enhanced policies are based on publicly documented Salesforce objects. As a result, you can quickly view the available conditions by scanning the event object’s fields in the API documentation, such as for ApiEvent.
  • The enhanced framework includes Condition Builder, a declarative point-and-click tool that requires no Apex coding. If you prefer to code, or need more complex logic, the enhanced Apex interface is more intuitive and easy to use than the legacy one.

Legacy policies are incompatible with the enhanced transaction security framework. And because the legacy framework is being retired, we encourage you to migrate your policies as soon as possible.

Follow these high-level steps to migrate your policy.

  1. Choose the Real-Time Event Monitoring event for your enhanced policy.
  2. Choose the fields of the event object that you use as policy conditions.
  3. Decide whether to use Condition Builder or Apex to create your enhanced policy.
  4. If you’re using Apex, read how the legacy interface differs from the enhanced interface.
  5. Create your enhanced policy, but don't enable it yet.
  6. Test your enhanced policy.
  7. When your enhanced policy is ready, disable the legacy policy and enable the enhanced policy. You can’t enable two policies on the same event at the same time.
  8. If your enhanced policy isn’t working as you expect, troubleshoot the issues.

This guide uses the Lead Data Export policy as the running example. This example is a legacy policy that was provided for all customers in the Salesforce UI in orgs created before the Spring '20 release. Orgs created after the Spring ‘20 release no longer include these policies. Check out the Follow Along with the Lead Data Export Example sections, which highlight parts of the example to explain the accompanying conceptual information.

Support Differences Between the Legacy and Enhanced Transaction Security Frameworks

Some features of the legacy framework aren’t supported in the enhanced framework.

  • With the legacy framework, you can define an end-session action on a policy. This action isn’t available in the enhanced framework. Instead, use a login flow to restrict the number of simultaneous Salesforce sessions per user.
  • Legacy policies support Chatter actions, such as posts, messages, and comments. These actions aren’t available in the enhanced framework. Check out the Experience Cloud site moderation rule feature to see whether it covers your use case.