Enhanced Security with Report Event Policy

Report event policies monitor when data is viewed or downloaded from your reports. So, what could be the different use cases where you can use its magic. Here are a few examples:

  1. Require two-factor authentication for all users accessing or downloading reports over a specific size. To attain maximum coverage, write a policy that notifies you and blocks access to reports that process more than a certain number of rows.
  2. Block the downloads for specific user IDs, report IDs, and dashboard IDs.
  3. Disallowing to run or export reports having a column with a specific name. It could contain some sensitive patent data.

Required Editions

Available in – Salesforce Classic and Lightning Experience
Available inPerformance, Enterprise, Unlimited, and Developer Editions
Necessities – Salesforce Shield/ Salesforce Event Monitoring with add-on subscriptions

Let’s consider a scenario of blocking a classic user when exporting any opportunity report over “N” rows of data. For demo purposes, let’s assume maximum size of 10.

First and foremost, enable ‘Transaction Security Policy’ in the salesforce setup.

STEP 1: CONDITIONS 

Create a new policy using the ‘Content Builder’ option which is suitable out of the box option for this simple use case.

Provide conditions below:

Event: Report Event

Condition Logic: All Conditions Are Met

Conditions:

Condition Operator Value
Event Source Equals Classic
Operation Equals ReportExported
Queried Entities Equals Opportunity
Rows Processed Greater than 10

STEP 2: ACTIONS 

Define an action (blocking the user) to receive a notification via email to a specific user when conditions met and give it a name.

Action: Block

Notification: Check ‘Email notification’ to receive emails to a specific user when condition met

Recipient: Select a user (Maybe yourself for testing purpose)

Name: Block over 10 rows for classic users <User defined>

Description: <User Defined>

Status: Enabled

New Policy2

STEP3: TEST IT! 

Try exporting an opportunity report over 10 rows in classic.

Export Details

You will get a blocker message.

Check your mail, if you are the recipient; you will be receiving an email with triggered policy info:

Report Event Policy in a Nutshell 

Object Conditions Available in a Condition Builder Actions Considerations
ReportEvent Username, User ID, Scope, Source IP, Session Level, Queried Entities, Rows Processed, Report ID, Name, Name of Columns, Number of Columns, Owner ID, Operation, Event Source, Is Scheduled, Dashboard ID, Dashboard Name, Description.

 

 

Block, Notifications, Two-Factor Authentication (for UI logins) Two-factor authentication policies apply to the following UI-based report actions:

1)     Printable View

2)     Report Export

3)     Report Run (in Salesforce Classic only)

Keep in mind:
Two-factor authentication is not supported for reports in Lightning pages, so the action is upgraded to Block.

What’s next? 

Transaction security policy is not limited to Report Events! It could be of Login, API, ListView events.

The platform is yours 😊 Explore different types of events, conditions and don’t forget to test! How about a use case to block running a report or list view involving patent data?

 

References: 

https://help.salesforce.com/articleView?id=security_transactions_setup.htm&type=5

https://help.salesforce.com/articleView?id=enhanced_transaction_security_policy_types_report.htm&type=0