Salesforce Developer Forums - Security

I am blocked on Trailhead because I have started multiple Developer Edition orgs, do not have the login credentials for them, they say my city of birth is wrong, and because they are not linked I cannot enter a help ticket to get them deactivated.

Corinna Takigawa — Mon, 20 Nov 2023 00:16:04 +0000

I need a Developer Edition account for my next superbadges and some regular badges as well.
Yet, I cannot start anymore because my emails are linked to some.
I cannot open any of the DE's I've had.
I can get all the way in to one or two of them to where there should be a "Deactivate Org" button but there is no button showing, so I think I'm not the admin.
So I cannot deactivate the orgs to start new ones for the challenges/superbadges I want to do.
Resetting password does not work because it always says the city I was born in is wrong.
I cannot submit a help ticket because that must be linked to an org. Yet I cannot link these because I don't have full access to them.
I am working very hard, have earned Double Star Ranger and one superbadge, but now feel entirely blocked from moving forward with goals. Please advise.

can not login salesforce

CUI Captain — Thu, 16 Nov 2023 07:55:25 +0000

Hello,

I am the only admin of my ORG and the system is set up to require two-factor authentication.

I've made a change in the setup -> session settings, and move the two-factor authentication from the High Assurance column to the Standard column.

I've logged out and can not login.
I got an error message as bellow:
To log in, you need both a higher access level and an identity verification method. Contact your administrator to gain login access.

How do i solve it and login?

Thanks for you time and best regards,
captain

Resolving SOQLInjection error

Tejaswini E — Thu, 09 Nov 2023 16:50:03 +0000

Hi Team, Is it possible to resolve SoqlInjection error for the below code without adding String.escapeSingleQuotes() in Database.query(query)

String query = 'SELECT Id, Subject, Description, ActivityDate, Status, WhatId, What.Name, Type, Priority FROM Task WHERE';
if (recordId != null)

query += ' WhatId = :recordId AND TaskSubtype != \'Email\' ORDER BY ' + sortOrder;
else {
String ownerId = UserInfo.getUserId();
query += ' OwnerId=:ownerId AND TaskSubtype != \'Email\' AND Status NOT IN(\'Completed\', \'Withdrawn/Canceled\')';
}

for(Task t : Database.query(query))

consumer key and secret have been changed twice after refresh environment

yang li 53 — Fri, 03 Nov 2023 06:24:46 +0000

I refresh my uat full environment,and after refreshed successfully,I generated new consumer key and secret, but after about a week later, the key and secret has been changed.now I have two questions:
1.When I generate new key and secret, I didn't find the button 'generate',It looks like differtent from the document,Rotate the Consumer Key and Consumer Secret of a Connected App (https://help.salesforce.com/s/articleView?id=sf.connected_app_rotate_consumer_details.htm&type=5https://help.salesforce.com/s/articleView?id=sf.connected_app_rotate_consumer_details.htm&type=5)
2.I think the key and secret cannot be changed normally expect of I refresh the environment, Why it can be changed,and I test once more,I change key and secret twice in three hours,It hasn't been changed, Is there a need for a certain time interval between two builds？

Not receiving Verification code from UI Login

Navin Yadav — Fri, 27 Oct 2023 15:08:23 +0000

I have a site on experience builder, I have 2 sandboxes dev and sit, In dev when I try to log in from UI I am receiving an verification code on my email but when I do the same in SIT, I am directly getting logged in without verification code, I want verification code on my email in SIT as well.
I compared the following settings in DEV and SIT and both are identical

Identity verifications - MFA as high assurance
Session Settings - Require MFA for UI
Profile level System permissions

Can anyone suggest what I could have missed here?

I am able to see few record types in my account object and able to create record successfully with them even though the roles has read access

Sreelakshmi Asokan — Thu, 26 Oct 2023 08:13:07 +0000

Hello Everyone,

So I have 2 UAT environments, in one I am able to see and create records of particular record types which has read access only while in another environment i cant see or create records. Have gone through OWD, SHARING Rules, Permission sets public group and didnt find anything. Can someone please help me with this

SAML SSO: Salesforce IDP + Connected App config: How can I find the Persistent ID and store in custom field on User object?

crowdforce — Wed, 25 Oct 2023 23:05:03 +0000

Hi Community - Looking for some help on a very niche topic.

Question: We use The Persistent ID described under the section Subject Type in this SAML salesforce documentation (https://help.salesforce.com/s/articleView?id=sf.connected_app_create_saml_sso.htm&type=5)

We now want to surface this value for each user and export it to our EDS. I have not been able to find any further docs on where or how to find this value per user within salesforce user object.

Anyone know how this can be done?

best practices for creating opportunities that can have limited view permissions

Vishal Kumar Singh 4 — Wed, 25 Oct 2023 19:46:48 +0000

What is the best practice to be able to give users the ability to create confidential opportunities that can only be viewed by users they choose

Guest user facing issue "INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY" in a site without login

abel reegan 28 — Tue, 24 Oct 2023 05:24:37 +0000

Guest user facing issue "INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY" in a site without login, even after profile level read access is given and sharing rule created for guest user profile, how can I debug this?

I tried to query in "UserRecordAccess" table for the guest user and it shows that the guest user has read access to that specific record.

Issue with Canvas App - Response header has X-Frame-Options : DENY

Chris Voge 17 — Thu, 19 Oct 2023 15:02:58 +0000

Hello,

I am trying embed our site using a Canvas app, it appears Salesforce is responding with X-Frame-Options : DENY and frame-ancestors: 'none' resulting in a gray screen.

I've tried adding my site to Remote Site Settings and Trusted URLs on both classic and ExperienceBuilder. Doesn't seem to work.

Help would be appreciated. Thanks, Chris

Users being directed to MFA Verification login screen even though SSO is enabled

LOGAN FUENTES — Wed, 18 Oct 2023 18:20:38 +0000

Users being directed to MFA Verification login screen below even though we have SSO enabled on our org, any setting updates on SSO needed to ensure bypass?

Object Security

santosh kumar 864 — Sun, 15 Oct 2023 00:48:46 +0000

Two users(user1 & user2) have same profile. There is an object 'Laptops'.
User1 have access to object.
User2 not to have access to object. Is it possible?

OWD - Private
Profile - C, R, E, D for object
There is no role hirerachy setup

InternalExecutionError: Salesforce Code Analyzer Report

Praveen Pujar 41 — Tue, 10 Oct 2023 10:13:03 +0000

Hello everyone, has anyone came across Internal Executions Errors like OutOfMemory & StackOverflowError issues while generating Salesforce code analyzer report ? I have increased the heap space and tried, issue still persists, if anyone has fixed this issue or worked on code analyzer, please post your answer, thanks in advance.

Command used - sfdx scanner:run:dfa --format=html --sfgejvmargs "-Xmx20g" --outfile=CodeAnalyzerDFA3.html --target="./" --projectdir="./" --category="Security" --rule-thread-timeout 9000000

How to import Salesforce report to SharePoint or OneDrive

Princes91221 — Fri, 06 Oct 2023 08:28:06 +0000

Was wondering if anyone could advise on the best methodology to import Salesforce reports into SharePoint or OneDrive, so that multiple people can collaborate on the same report.
Currently we're not using a connector to SharePoint, and are looking to move away from this due to potential security risks.
Any advice or recommendations will be greatly appreciated, and thank you in advance!

A single Lead record not accessible as System Admin

AArora 50 — Thu, 21 Sep 2023 18:27:58 +0000

I have come across a Lead record that I am not able to access as a System Admin. None of the jobs running are able to access this record either. I need to run a job to process this record and it fails each time. This record is owned by a Queue.

If I query the record in the Dev console using Standard fields I can access the data but if I include a custom field the data does not show up.

While accessing through UI I get following message
You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.

How can I access this record?

I am trying to authorize an sandbox org in vscode I am getting redirect tohttp://localhost:1717/OauthError This is most likely not an error with the Salesforce CLI. Please ensure all information is accurate and try again.

Jayabalan n — Wed, 20 Sep 2023 15:55:48 +0000

Admin Password Reset

Kimberly Soutar — Wed, 13 Sep 2023 16:57:26 +0000

How do I go about having my developer password reset by an admin?

I have tried to reset using the link, and after jumping through many hoops with Outlook, I finally got the link to work, but then it was asking me my security question. Where were you born, of which I am certain, but says the answer is incorrect.

How to set up Delete access exclusively to manager using data security ?

suji srinivasan — Wed, 13 Sep 2023 03:00:05 +0000

Hi,
I need assistance with setting up delete access for sales managers in Salesforce.
Here are my requirements:
Edit Access: Sales managers should have the ability to edit all opportunities.
Record Types: Opportunities created by the Direct Sales team should use the "Direct Sales" record type, while those created by the Inside Sales team should use the "Inside Sales" record type.
View Access:
The Direct Sales team should be able to view all opportunities, regardless of the record type.
The Inside Sales team should only see opportunities belonging to their team.
Delete Access:
Both Direct Sales managers and Inside Sales managers should have the ability to delete all opportunities.
Here's what I've already done:
Created five profiles: Sales Manager, Direct Sales Manager, Inside Sales Manager, Direct Sales Rep, and Inside Sales Rep.
Set the Organization-Wide Default (OWD) to "Private."
Assigned record types based on profiles.
Used sharing rules with criteria to make Inside Sales team records accessible to that team.
Enabled the "View All" permission for the Direct Sales team.

Now, I need guidance on how to provide delete access exclusively to Direct and Inside Sales Managers.

Thanks

Significance of Role Hierarchy

phanip admin — Thu, 07 Sep 2023 09:00:05 +0000

Significance of Role Hierarchy
Scenario: In a organization Manager-A & Subordinates, Manager-B & Subordinates, Manager-C & Subordinates. When ever any subordinate will create record, no other subordinate will have access, but all the managers should have access for all the records. how to solve this?

I have url https://es-portal.gavi.org/sdgavi--uat/sdcs101/ in custom settings while redirecting to the url session id is not set in the cookie for that it always redirecting to login page

Data Integration 46 — Fri, 01 Sep 2023 12:26:09 +0000

I have url https://es-portal.gavi.org/sdgavi--uat/sdcs101/ in custom settings while redirecting to the url session id is not set in the cookie for that it always redirecting to login page.From request header i got that session id is not set .But as expected salesforce should set the sid in cookie as we don't have control on request header.Can anyone please suggest why sid or session is not set?Below image is request header for the url