Mapped Security for Salesforce

The Salesforce Connector supports mapped security, but the following Salesforce security features are not supported:

  • Apex managed sharing. Apex is a Salesforce scripting language that can programmatically grant or deny permissions on items in the repository. Rules applied in this way are not respected in IDOL. As a result, users who would be denied access to an item in Salesforce might be allowed access in IDOL, and users who would be granted access to an item in Salesforce might be denied access in IDOL.
  • IP-based permissions. In Salesforce, you can restrict where a user is allowed to access content from (by IP range), and when a user is allowed to access content (by time range). These rules are not respected in IDOL, which could result in users being allowed to see content from IP ranges, or at times, that they would not be able to in Salesforce.
  • Field-level security. In Salesforce you can grant or deny access to fields on an object. This is not supported in IDOL. All users that have permission to view a document can see all of the fields indexed by the connector.
  • Shared personal groups. In Salesforce, a user can share content with a personal group. These permissions are not respected in IDOL because they are not available through the Salesforce API. This means that members of a personal group cannot see the shared content in IDOL.
  • Frozen users. Frozen users are still present in document ACLs and will be able to see content in IDOL that they cannot see in Salesforce.
  • Knowledge Base item permissions. In Salesforce, you can map user roles to knowledge base data categories (for example, members of the technical agent role might only have permission to see articles under the technical data category). This mapping information is not available through the Salesforce API, and consequently in IDOL all users can see all knowledgebase articles in all data categories.