Apex Reference Guide

Apex Reference Guide
Release Notes
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
CommerceBuyGrp Namespace
CommerceExtension Namespace
CommerceOrders Namespace
CommercePayments Namespace
CommerceTax Namespace
ComplianceMgmt Namespace
Compression Namespace
ConnectApi Namespace
Context Namespace
Database Namespace
Datacloud Namespace
DataRetrieval Namespace
DataSource Namespace
DataWeave Namespace
Dom Namespace
embeddedai Namespace
EventBus Namespace
ExternalService Namespace
Flow Namespace
Flowtesting Namespace
flowuiruntime Namespace
FormulaEval Namespace
fsccashflow Namespace
Functions Namespace
ise_bots_apex Namespace
IssueCreditMemo Namespace
ind_mfg_sample_mgmt_apex Namespace
industriesNlpSvc
IndustriesDigitalLending Namespace
Invocable Namespace
InvoiceWriteOff Namespace
IsvPartners Namespace
KbManagement Namespace
LxScheduler Namespace
Messaging Namespace
Metadata Namespace
PlaceQuote Namespace
Pref_center Namespace
Process Namespace
QuickAction Namespace
renew_assets_summary Namespace
Reports Namespace
RevSignaling Namespace
RevSalesTrxn Namespace
RichMessaging Namespace
RulesAppln Namespace
runtime_industries_cpq Namespace
runtime_industries_insurance Namespace
Schema Namespace
Search Namespace
setup_flow_performance Namespace
Sfc Namespace
Sfdc_Checkout Namespace
Sfdc_Enablement Namespace
sfdc_surveys Namespace
sfsqlquery Namespace
Site Namespace
Slack Namespace
Support Namespace
System Namespace
TerritoryMgmt Namespace
TxnSecurity Namespace
Event Class
EventCondition Interface
EventCondition Methods
EventCondition Example Implementation
AsyncCondition Interface
PolicyCondition Interface
UserProvisioning Namespace
VisualEditor Namespace
Wave Namespace
Appendices
PDF

EventCondition Interface

Allows an implementing class to specify whether to take action when certain events occur based on a transaction security policy. This interface is only used for Apex policies created in Real-Time Event Monitoring.

Usage

The evaluate method is called upon the occurrence of a real-time event monitored by a transaction security policy. A typical implementation first selects the fields of interest from the event. Then the fields are tested to see if they meet the conditions being monitored. If the conditions are met, the method returns true.

For example, imagine a transaction security policy that triggers when a user queries more than 1,000 lead records. For each API event, the evaluate method checks whether the RowsProcessed value is greater than 1,000 and the QueriedEntities value contains “Lead”. If so, true is returned.

We recommend having test classes for the policy condition interface to ensure it works correctly. Testing is required regardless of whether the policy is moved from a sandbox to production, with a change set, or some other way. For example, test your policies in your development environment before moving the policies to production.

For more information about testing Apex transaction security policies, read Transaction Security Apex Testing.

EventCondition Methods

The EventCondition interface has one method, evaluate(event).

The following are methods for EventCondition.

evaluate(event)

Evaluates an event against a transaction security policy created in Real-Time Event Monitoring. If the event triggers the policy, the method returns true.

Signature

public Boolean evaluate(SObject event)

Parameters

var1
Type: SObject
The event to check against the transaction security policy.

Return Value

Type: Boolean

Returns true when the policy is triggered. For example, suppose that the policy is to limit users to a single login session. If a user tries to log in a second time, the policy blocks the attempted login, and updates the Status, PolicyId, and PolicyOutcome fields of that LoginEvent. The policy also sends an email notification to the Salesforce admin. The evaluate method only checks the login event, and returns true if it’s the user’s second login attempt.

The system performs the action and notification, not the evaluate method.

EventCondition Example Implementation

Use EventCondition to create a custom condition for Shield Platform Encryption.

This example shows an implementation of the TxnSecurity.EventCondition interface. The transaction security policy triggers when the user queries an Account object.

1public boolean evaluate(ApiEvent event) {
2      switch on event {
3         when ApiEvent apiEvent {
4            return handleApiEvent(apiEvent);
5         }
6         when null {
7         // Trigger action if event is null
8            return true;
9         }
10         when else {
11         // Trigger action for unhandled events
12            return true;
13         }
14      }
15   }
16
17   private boolean handleApiEvent(ApiEvent apiEvent){
18      if(apiEvent.QueriedEntities.contains('Account')){ 
19         return true;
20      } 
21      return false;
22   }
23}

For more examples, see Enhanced Apex Transaction Security Implementation Examples.