2.1 C
London
Tuesday, February 7, 2023

Top 3 Riskiest Misconfigurations on the Salesforce Platform • londonbusinessblog.com

Must read

Simple Energy raises $20 million from investors

Electric Vehicle Startup Simple Energy announced on Tuesday to raise USD 20 million (approximately ₹ 165 crore) from a group of investors as part...

Who is Wes Anderson’s wife, Juman Malouf? His married life, girlfriend and more

Wes Andersenthe director of movies, including Moonrise Kingdom, Fantastic Mr. Fox, The Grand Budapest Hoteland others is married to his wife Juman Maloufa...

RCap Resolution: NCLAT issues notices to Torrent Investments and others at the lender’s plea

The appeals court has ordered the petition to be listed on February 9, 2023 and says the appeal will be heard and decided by...

A single ticket in Washington State wins the $754.6 million jackpot

The lucky owner of a single Powerball ticket in Washington state has won a jackpot worth $754.6 million after matching all six numbers drawn...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Gartner estimates that by 2025, 70% of enterprise applications will be built on low-code and no-code platforms such as Salesforce and ServiceNow. But do these platforms give a false sense of security?

When asked, Salesforce admins often answer that the company is responsible for security. Security is a shared responsibility with SaaS applications. Your provider secures the infrastructure and your administrators and developers are responsible for ensuring least privileged access.

Cloud misconfigurations are responsible for a tripling of data breaches. Misconfiguration usually occurs when security settings are allowed to default, inappropriate access levels are assigned, or data barriers are not created to protect sensitive data. Configuring a low-code platform is so easy that the low-code administrator often doesn’t understand the impact of ticking a box.

Looking at the impact of a simple check, these are the three most risky misconfigurations on the Salesforce platform: Modify All Data (MAD) and View All Data (VAD), Sharing & Sharing Groups, and Running Apex code without the “runAs” method .

Let’s take a look at each and the impact they can have.

Sharing Groups are very powerful, but they may accidentally give access to unauthorized users.

MAD and VAD

We’ll start with the obvious and most dangerous. Change all data and view all data permissions do exactly what they say. These are the super user permissions for Salesforce.

If a user has VAD, he has read access to every data record in the system. MAD means they can also update and delete any record. These permissions should only be given to administrators and even then to a very limited number of people.

Why would an administrator be tempted to give MAD or VAD to non-administrators? The typical case is when a user cannot access data that they need to see. The administrator reviews the user’s profile and permission sets, all sharing rules, and the role hierarchy, and can’t determine why the user can’t see the information. As a “workaround” they give the user MAD or VAD and now the user can see the records – along with everything else in the system.

This error can also happen when developers run into the same dilemma. They temporarily turn on MAD in the user profile to make progress in their code and later forget they turned it on.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Simple Energy raises $20 million from investors

Electric Vehicle Startup Simple Energy announced on Tuesday to raise USD 20 million (approximately ₹ 165 crore) from a group of investors as part...

Who is Wes Anderson’s wife, Juman Malouf? His married life, girlfriend and more

Wes Andersenthe director of movies, including Moonrise Kingdom, Fantastic Mr. Fox, The Grand Budapest Hoteland others is married to his wife Juman Maloufa...

RCap Resolution: NCLAT issues notices to Torrent Investments and others at the lender’s plea

The appeals court has ordered the petition to be listed on February 9, 2023 and says the appeal will be heard and decided by...

A single ticket in Washington State wins the $754.6 million jackpot

The lucky owner of a single Powerball ticket in Washington state has won a jackpot worth $754.6 million after matching all six numbers drawn...

WhatsApp allows users to post voice notes as status updates • londonbusinessblog.com

WhatsApp Status, the feature introduced in 2017 as the company's take on Snapchat Stories, has received a number of updates to make it more...