Important security-related change to Named Credentials

Publiseringsdato: Jul 14, 2023

Beskrivelse

What is changing and why?
In order to edit a Named Credential in the setup UI, users always needed the Customize Application user permission.
Previously, in order to execute anonymous Apex code blocks that reference Named Credentials, users only needed the ‘Enable API Access’ user permission.
We are now requiring users that make Named Credential callouts using Anonymous Apex to have the Customized Application user permission. This is a part of our ongoing effort to increase the security posture of our applications. We are fixing a discrepancy where the combination of two settings is required to access a higher privileged resource.
In order to bring the two users flows in alignment,

Who is affected?
Users without the Customized Application user permission that previously were making Anonymous Apex callouts with a Named Credential will now be blocked from doing so.

When?
Middle of week of February 22nd. Tuesday-Wednesday time frame

Løsning

Do I have to do anything?
If you are an admin that has a business requirement for one of your users to make Anonymous Apex callouts using Named Credentials, assign them the Customize Application user permission. For info on the permission here.

Knowledge-artikkelnummer

000392849

Hjalp denne artikkelen med å løse problemet ditt?

La oss få vite det slik at vi kan forbedre!

Important security-related change to Named Credentials

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List