Month: May 2022

Salesforce Security Center child tenant user with minimum permissions

In order for Salesforce Security Center to access a child tenant and its data you need to have a user with the correct permissions in each child tenant. Many customers would want the users in the child tenants to have the fewest number of permissions possible. Based on my investigation the user in the child tenant needs to have the following permissions as a minimum:

  • API Enabled
  • Manage Security Center
  • View Roles and Role Hierarchy
  • View Setup and Configuration

I have successfully enabled these permissions for a new user by creating a new user in the child tenant using the “Salesforce” license and the “Minimum Access – Salesforce” profile. I then created a permission set with the above mentioned permissions and assigned that permission set to the user I’m going to use to access the child tenant from the parent tenant.

I was then able to authenticate as that user when connecting to the child tenant from the parent tenant.

YMMV!

Language agnostic Salesforce Apex unit test

I was doing some work with packaging on Salesforce and used the dreamhouse-lwc repo as a foundation. When I was building package versions the Apex unit tests were failing as the SOQL queries is using WITH SECURITY_ENFORCED and the user running the queries did not have the right access. The solution was to update the unit test to create a user and assign the dreamhouse Permission Set but to create a user you need to set a Profile. Which one to pick? Easy – use the “Standard User” Profile which is easily accessible by SOQL:

SELECT Id FROM Profile WHERE Name='Standard User' LIMIT 1

This code failed however as the Profile couldn’t be found. It turned out to be because the scratch org created was in Danish so the Profile is called “Standard Bruger” instead. This could be solved by setting the language of the scratch org by using the language key in config/project-scratch-def.json but the repo maintainers didn’t want that. A more flexible and still language agnostic way was to query more intelligently for the Profile. The below SOQL query achieves the same result as above but without setting the org language.

SELECT Name, Id
FROM Profile
WHERE UserType = 'Standard' AND PermissionsPrivacyDataAccess = false AND PermissionsSubmitMacrosAllowed = true AND PermissionsMassInlineEdit = true LIMIT 1

Add language to Salesforce CLI scratch org definition from terminal

All my scratch orgs gets created with the user-language set to Danish which is a good guess but I cannot find anything in Setup that way. No Dev Hub setting I’ve found can change that but setting the language in the scratch org definition file will. That’s easily done from the terminal with jq.

cat config/project-scratch-def.json | jq '. += {"language": "en_US"}' > config/project-scratch-def-en_US.json