You need to sign in to do that
Don't have an account?
Justin Ruck
Stop Access To Account Object for API User
My company has an API connection to an external system which updates SFDC nightly. How can I turn off its access to the Account object?
The external system is sending incorrect information to the Account object. Unfortunately, the administrator on the external system has no idea how to change the settings on her side. So, I want to just turn off the access to that. I want to keep the other integrations to other objects, though.
I've gone through the profile, which is a custom profile specifically for API. I changed all settings for Accounts to read-only. I checked the sharing settings, and there's nothing shared with that profile or a group that the API user is in. But, it's still somehow able to update Accounts.
The external system is sending incorrect information to the Account object. Unfortunately, the administrator on the external system has no idea how to change the settings on her side. So, I want to just turn off the access to that. I want to keep the other integrations to other objects, though.
I've gone through the profile, which is a custom profile specifically for API. I changed all settings for Accounts to read-only. I checked the sharing settings, and there's nothing shared with that profile or a group that the API user is in. But, it's still somehow able to update Accounts.
Can you send me your contact information to my email id buyan@eigenx.com and i can see if i can call you to resolve this isue? I am assuming that there is custom code on the external application which is updating your accounts which will bypass all your security rules. So to avoid this, one thing you can do is if you have external ids on the account which the external application uses to reference the account, you can update the external ids in salesforce to a non matching value so that the accounts will not be matched at all and updates are not done.
If you dont use external ids and the external application has the account ids, then if some body can get to the table which the external application uses and update the account ids to null, it would not impact your current account ids. Feel free to reach out to me and i can explain this further..
Thanks
Buyan
All Answers
You might want to check the last modified user which is updating the account and verify what profile is being used to update the account. You can make account as private on the org wide settings but this might have a major impact on others. Do you know how the external system is making the api call? Do you know why the account data is updated wrongly by the night batch?
Buyan
Can you send me your contact information to my email id buyan@eigenx.com and i can see if i can call you to resolve this isue? I am assuming that there is custom code on the external application which is updating your accounts which will bypass all your security rules. So to avoid this, one thing you can do is if you have external ids on the account which the external application uses to reference the account, you can update the external ids in salesforce to a non matching value so that the accounts will not be matched at all and updates are not done.
If you dont use external ids and the external application has the account ids, then if some body can get to the table which the external application uses and update the account ids to null, it would not impact your current account ids. Feel free to reach out to me and i can explain this further..
Thanks
Buyan
We do have external IDs. What I do know is that the external system creates new accounts if one doesn't already exist in SFDC. For instace, if the external system created company A with the external ID 123, going forward it looks at that external ID and just updates company A. But if company A exists with external ID 123, and we remove the external ID, then the external system would say that company A doesn't exist in SFDC and it will create the account again and assign another external ID. Then, we'd have duplicates.
I think there must be some webservice methods which is being invoked from external system.
Try to find that class and make that class "with sharing", in this way user (used by external system) won't be able to access account records which is not shared with him.
I am supporter of global switches to be kept to on/off functionality in codes. :-)