Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            PermissionSetEventStore Policies

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            PermissionSetEventStore Policies

            Permission set event policies monitor when users are assigned critical permissions in a permission set or a profile.

            Required Editions

            Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.

            Available in: Enterprise, Unlimited, and Developer Editions

            Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

            Policy at a Glance

            Object Conditions Available in Condition Builder Actions
            PermissionSetEventStore Event Source, Operation, Permissions, Permission Type, User Count, User ID, Username Block, Notifications

            What You Can Do with It

            Create a transaction security policy that can prevent users from being assigned these permissions in a permission set or a profile:

            • AssignPermissionSets (Assign Permission Sets)
            • AuthorApex (Author Apex)
            • CustomizeApplication (Customize Application)
            • ForceTwoFactor (Multi-Factor Authentication for User Interface Logins)
            • FreezeUsers (Freeze Users)
            • ManageAccessPolicies (Grants users access to view, create, edit, and delete Enforcement Policies)
            • ManageDataspaceScope (Grants users access to view, create, edit, and delete a Dataspace Scope)
            • ManageEncryptionKeys (Manage Encryption Keys)
            • ManageInternalUsers (Manage Internal Users)
            • ManagePasswordPolicies (Manage Password Policies)
            • ManageProfilesPermissionsets (Manage Profiles and Permission Sets)
            • ManageRoles (Manage Roles)
            • ManageSharing (Manage Sharing)
            • ManageUsers (Manage Users)
            • ModifyAccessAllowPolicies (Create, edit, and delete Allow policies in the Data Governance tab)
            • ModifyAccessDenyPolicies (Create, edit, and delete Deny policies in the Data Governance tab)
            • ModifyAllData (Modify All Data)
            • ModifyAllDataGovPolicies (Create, edit, and delete policies in the Data Governance tab)
            • ModifyAllDataGovTagAssign (Create, edit, and delete tag assignments in the Data Governance tab)
            • MonitorLoginHistory (Monitor Login History)
            • PasswordNeverExpires (Password Never Expires)
            • ResetPasswords (Reset User Passwords and Unlock Users)
            • TransactionSecurityExempt (Exempt from Transaction Security)
            • ViewAllData (View All Data)
            Note
            Note When using this event in a transaction security policy, use the permission's API name, not its label, and use the Contains operator, rather than Equals.

            See Also

             
            Loading
            Salesforce Help | Article