Security
A user can be granted access to an item in several ways. Not all possible ways are currently included in the connector. The possible security overrides depends on the Salesforce edition.
The current user security access is implemented in the connector.
- User access is given by the user Id
- Group access is given from user roles and inherited sub roles
- Permission to view all data, if the profile has this access
- Permission to view all users, if the profile has this access
Authentication
At search time users needs to log into their Salesforce accounts in ViaWorks. This authentication is done under Account & Settings and Source Credentials.
The salesforce security token is given for each user and can be reset and sent by email from Salesforce. This user token is needed together with the username and password to get access to the API and use the connector. It is possible to omit the token and only use the username and password to login. This is done by adding the IP in use under IP Login IP Ranges in Salesforce. The ranges are given for each profile group (for example System Administrator etc). Each user having the current profile can then login without the security token. Still a random text string must be filled in the field salesforcetoken in the window, to be able to authenticate the user, but this text is ignored.
Authorization
Items are marked with a list of Salesforce groups and user SIDs at fetching time. At search time, users are given SIDs based on the Salesforce account associated with the ViaWorks login.
Example:
- "SalesF 005A0000004wzojIAA" (User)
- "SalesF 00GA0000001LnPuMAK" (Group)
- "SalesF AllData" (View all data - from profile settings)
- "SalesF Users" (View all users - from profile settings)