You are here:
Security for Omnistudio Data Mappers and Integration Procedures (Managed Package)
For the managed package runtime, you can control access to Data Mappers and Integration Procedures using settings that reference Sharing Settings and Sharing Sets or Profiles and Permission Sets.
This information is for Omnistudio for Managed Packages. For Omnistudio on standard runtime, see Omnistudio Help.
Beginning with the Winter '20 Salesforce release, Guest Users, also called anonymous users, cannot access any records by default. Criteria-based Sharing Rules grant them read-only access. This affects all Salesforce orgs. For details, see Guest User Record Access Development Best Practices.
Vlocity allows guest users to create and update the records to which Sharing Rules grant access. No additional configuration is necessary for this expanded access.
Prior to the Summer '19 release, you might have used Salesforce Sharing Settings to secure access to Data Mappers and Integration Procedures. This approach is still supported. If you use caching, you must set CheckCachedMetadataRecordSecurity to true as described here.
Beginning with Summer '19, you can allow access to a Data Mapper or Integration Procedure based on the Custom Permissions enabled in a user's Salesforce Profiles or Permission Sets. An Apex class added to your Salesforce Org allows the Vlocity Managed Package to check user Custom Permissions. The custom settings described here are related to this approach. Vlocity recommends using Custom Permissions in Profiles or Permission Sets for ease of use and better performance.
For Salesforce access basics, see Control Who Sees What, Who Sees What — Overview Video, and Salesforce Data Security Model — Explained Visually. For Vlocity-specific information about Profiles, see Overview of Profiles and Security for Vlocity.
Sharing Settings, Sharing Sets, Profiles, and Permission Sets control access to Data Mappers and Integration Procedures as object records.
To ensure field-level security for a Data Mapper, go to the Data Mapper’s Options tab and select Check Field Level Security. To automatically enforce field-level security for all Data Mappers, enable EnforceDMFLSAndDataEncryption in the Omni Interaction Configuration.
To ensure that the classic encrypted fields are shown in plain text only if the user has the View Encrypted Data permission, enable EnforceDMFLSAndDataEncryption in the Omni Interaction Configuration.
To enable EnforceDMFLSAndDataEncryption in the Omni Interaction Configuration, follow these steps: From Setup, search and open Omni Interaction Configuration. Click New Omni Interaction Configuration, enter EnforceDMFLSAndDataEncryption for both name and label, set the value to true, and save your changes.
A user's access to a Data Mapper or Integration Procedure includes more than the ability to run it directly. Access also applies if an application the user is using calls the Data Mapper or Integration Procedure.
If a user has access to a parent Integration Procedure, the parent can invoke child Integration Procedures and Data Mappers to which the user doesn’t have direct access.
- Configure Omnistudio Data Mapper and Integration Procedure Security Settings (Omnistudio for Managed Packages) (Managed Package)
For the managed package runtime, you can change settings for Data Mapper and Integration Procedure security in Setup. - Omnistudio Data Mapper and Integration Procedure Security Settings (Managed Package)
For the managed package runtime, these settings affect Data Mapper and Integration Procedure security. - Implement the VlocityRequiredPermissionCheck Class (Managed Package)
For the managed package runtime, for the DefaultRequiredPermission setting to work, you must implement the VlocityRequiredPermissionCheck class manually because Salesforce handles classes in managed and unmanaged packages differently. This class doesn't work properly if it's included in the managed package.
