Loading

Records Created, Updated or Deleted Unexpectedly

Data pubblicazione: Mar 2, 2026
Descrizione

Disclaimer

 

  • Salesforce's #1 value is Trust. We will not manipulate customer data without consent. Standard application functionality will not intentionally update or manipulate customer data randomly or in an unexpected way.

 

  • When data is updated unexpectedly, it's typically due to unintentional changes made by users directly, or through indirect client-introduced automation such as workflow, processes, flow, API integration, or Apex. These changes may be performing updates to records in the affected user's context.

 

  • It is not within the scope of Salesforce Support's offerings to review and analyze customer metadata, customizations, automation, or user actions, in order to identify what may have created or made record changes.

 

  • Historically, there may have been circumstances where Support had the ability to assist customers to retroactively identify which users may have committed record changes. However, this is no longer possible due to changes in application features and logging with the introduction of General Data Protection Regulation (GDPR), read more at Salesforce's Privacy Information page.

 

  • Depending on the complexity of your organization's unique implementation, identifying where automation or user changes are originating from, may be difficult. The following tools and strategies are available to help administrators identify the source of these changes.

 

Risoluzione
 
Warning
Always back up your data before performing any data operation. See Export Backup Data from Salesforce or Export Data for more details. It is recommended to run a test with a small subset of records to ensure the operation was successful through manually opening and verifying that the corresponding records are correct in Salesforce.

 

Record Deleted or Missing


For record deletion refer to Find out who deleted a record in Salesforce and Recover records and data in Salesforce.

 

Record Updated/Modified


If an unexpected change has already been made to a record the most important piece of information available for investigation is the record's System Fields. Specifically, 'LastModifiedById' and 'LastModifiedDate' fields provide critical insight into when and who last modified or deleted the record(s).
 
Customers with Shield Event Monitoring may be able to review event logs for the last modified user and time to help retroactively identify customization that may be influencing the unexpected record changes.
 


System Audit Field Considerations

 
  • There may be circumstances where the record in question has been modified  after the unexpected change occurred. For this situation, it is recommended to set up a test record and use the  strategies above to determine the process or user making the record change as it is happening. This may be the only way to get accurate 'LastModified' data.
 
  • If your organization has Enable the 'Create Audit Fields' premission, it may be possible that another administrator user is performing an insert operation to the record's object. This permission allows admins to manually input the audit field's values which may be causing unexpected values and user confusion.

 

Tracking down these types of changes can only be done client-side or internally by customers through:

 

  • Strong change management practices. It is considered best practice to only enable the feature for as long as necessary to complete required data operations then promptly turn it off to ensure data integrity.
 
  • Strict controlled assignment of the 'Set Audit Fields upon Record Creation' profile permission.
 
  • Organizational coordination and communication.

To see if 'Set Audit Fields upon Record Creation' and 'Update Records with Inactive Owners' may have been enabled download and search your organization's 'Setup Audit Trail.' Follow the steps to 'Set Audit Fields upon Record Creation,' as detailed in the Monitor Setup Changes with Setup Audit Trail documentation.
 


Gleaning additional details from LastModified fields

 
Check for Data Loads, API, or other integrations using the 'LastModifiedBy' user record:

 

  • Create a report to see if the user modified similar records on the same date. This may provide insight into whether these records were updated as a part of a data load, import, or update operation. View Bulk Data Load Job Details to identify any potential candidates for record updates.

 

  • Query the record(s) in question to get their exact 'LastModifiedDate' values, down to the second the change was made.

 

  • For a more granular look, an admin may run a SOQL query via client tools such as Data Loader to identify if other records were modified within the same time frame (+/- 5 seconds). See the 'Date Format' section of the Data Types Supported by Data Loader for information on how to format your conditional export or query using a Condition Expression Syntax (WHERE Clause) and 'LastModifiedDate' values.

 

  • If several records were modified simultaneously or within seconds of one another it is a good indication that automation is updating records in a batch. In this case, it is unlikely the changes were made that quickly via the 'LastModifiedBy' user editing and saving records via the user interface.

 

  • Identify if an integration may be causing the updates by reviewing the 'LastModifiedBy' user's logins. See View and Manage Users to review and downloaded logins from the affected user. See if there is an API or other login that correlates to the date and time the record was modified, for additional insight.

 

Unable to Identify Source of Change


If the behavior is still occurring, and specific field values are changing unexpectedly, an Admin can setup and configure Field History Tracking or Feed Tracking to identify who and when the unexpected field changes are being made.
 

  1.  Ask the users to monitor sample records that are likely to exhibit the same issue moving forward. Then have them document exact details on the changes or updates they actually committed to the record. Document the following items.

 

  • Link to affected record(s)
  • Exact fields changed by the user including previous and new values
  • Date, Time, and Time Zone when said change(s) were made

 

  1. Monitor the record(s) in question over a period of time in which the unexpected updates or changes are commonly happening. Document the following items.

 

  • Exact Date and Time when the user noticed the records had been unexpectedly updated.

 

  • Before editing the affected record, be sure to capture the data in the record's 'Last Modified By' field, including the user and exact Date, Time, and Time Zone.

 

  • Describe what unexpected fields or other changes had been made to the record.

 

  • If it is found that the record in question is commonly updated in a short or consistent amount of time frame after the user modified it, an Admin may elect to coordinate with the affected user to Set Up Debug Logging. Debug logs are a great way to capture details on what processes may be modifying a record.

 

 

 

  • Apex Triggers are also associated and stored with specific objects and are listed in the 'object management' settings for each object. Admins should work with developers to review the scope of Apex and Trigger operations that may exist on the object in question. To learn more, please review View Apex Trigger Details and Understanding Dependencies.



Details Indicate the Record was Manually Updated

 

  • Ask the user if they intentionally made the change. If not, ask if they can recall what click path, or other actions, may have been taking at that time. It maybe helpful to walk through the exact steps taken and compare how other users accomplish the same task.

 

  • Review the user's day to day activities and how they interact with the object may provide additional insights into the behavior. 



Details Indicate Record Update via API or Integration


If unknown API login attempts are present, it may helpful to use the login's source IP to perform a 'WhoIs' lookup via the 'Whois-RWS' on the American Registry of Internet Numbers Site search feature. This will typically provide organization details for the reported owner of the IP address from which the unknown login is occurring.


Common features that have been known to potentially cause seemingly unexpected updates to Activity (Task and Event) records include:
 


It's recommend an administrator remove the affected user from said application(s) or configuration(s) on a temporary basis and ask the user to monitor and see if unexpected updates continue to occur. If change are no longer occurring systematically, reintroduce each application area individually to identify which is contributing to the unexpected changes. If this is not possible in production, consider using a sandbox to test with this troubleshooting method.

See Also :
Data Recovery Retirement
Unable to restore a deleted record from the Recycle Bin

Numero articolo Knowledge

000381832

 
Caricamento
Salesforce Help | Article