Loading
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create a Transaction Security Policy That Uses Apex

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Create a Transaction Security Policy That Uses Apex

            Use Setup to create an transaction security policy that uses Apex. You can specify an existing Apex class or create an empty class that you then code. The Apex class must implement the TxnSecurity.EventCondition interface.

            Required Editions

            Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.

            Available in: Enterprise, Unlimited, and Developer Editions

            Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.
            User Permissions Needed
            To view events: View Real-Time Event Monitoring Data
            To view transaction security policies: View All Data
            To create, edit, and manage transaction security policies: Customize Application

            You can create multiple policies for the same type of event, but we recommend that your policies and their actions don’t overlap. If multiple policies with the same action for a given event execute when the event occurs, their order of execution is indeterminate.

            1. From Setup, in the Quick Find box, enter Transaction Security, and then select Transaction Security Policies.
            2. Click New, and then select Apex.
            3. Click Next.
            4. Select an event that your policy is built on.
              For example, if you want to track API calls in your org, select API Event. If you want to monitor when users view or export reports, select Report Event. See Transaction Security for the full list of available events.
            5. Select the Apex class that implements your policy. If you haven’t already created the class, select New Empty Apex Class.
            6. Click Next.
            7. Select the action that the policy performs when triggered.
              The available actions vary depending on the event type. For more information, see Transaction Security Actions and Notifications.
              Note
              Note The two-factor authentication action isn’t available in the Salesforce mobile app, Lightning Experience, or via API for events. Instead, the block action is used. For example, if a two-factor authentication policy is triggered on a list view performed via the API, Salesforce blocks the API user.
            8. If applicable, choose a block message or notification type and recipient.
            9. Enter a name and description for your policy.
              Your policy name must begin with a letter, not end with an underscore, and not contain two consecutive underscores.
            10. Optionally, enable the policy.
              If you chose to create an Apex class, don’t enable the policy yet because you must first add code to the class.
            11. Click Finish.
              Your new policy appears in the Policies table. If you chose to create an Apex class, its name is the 25 characters of your policy name without spaces appended with the EventCondition string. If your policy is named “My Apex Class,” your Apex class is auto-generated as MyApexClassEventCondition. The class is listed in the Apex Condition column.
            12. Click the name of your Apex class if you want to edit it.
              If you chose to create an Apex class, you must add the implementation code. Salesforce adds this basic code to get you started. 
              global class MyApexClassEventCondition implements TxnSecurity.EventCondition {

  public boolean evaluate(SObject event) {
    return false;
  }

}

            When you delete a transaction security policy that uses Apex, the implementation class isn't deleted. You can either delete this Apex class separately or reuse it in another policy.

            Don’t include DML statements in your Apex-based policies because they can cause errors. When you send a custom email via Apex during transaction policy evaluation, you get an error, even if the record isn’t explicitly related to another record. For more information, see Apex DML Operations in the Apex Reference Guide.

            • Enhanced Apex Transaction Security Implementation Examples
              Here are examples of implementing enhanced Apex transaction security.
            • Asynchronous Apex Example
              When executing a transaction security policy, use an asynchronous Apex process to offload time-consuming operations, such as sending a notification email to an external recipient.
            • Enhanced Transaction Security Apex Testing
              Writing robust tests is an engineering best practice to ensure that your code does what you expect and to find errors before your users and customers do. It’s even more important to write tests for your transaction security policy’s Apex code because it executes during critical user actions in your Salesforce org. For example, a bug in your LoginEvent policy that’s not caught during testing can result in locking your users out of your org, a situation best avoided.

            See Also

             
            Loading
            Salesforce Help | Article