Let me start this post with a huge, bold-fonted, shout-it-from-the-rooftops disclaimer so that there can be no doubt about the true brains behind this week’s How To… THIS IS ALL THE WORK OF SOMEONE ELSE AND IF YOU WANT TO THANK ANYONE FOR IT THEN YOU SHOULD THANK THEM AND NOT ME, AND I GET NO CREDIT FOR IT AND I’M JUST SHARING IT BECAUSE I THINK IT’S BRILLIANT AND IT DESERVES MORE EXPOSURE. Phew, that felt good.
To back up that point, I even stole this post’s image from the original source of the solution (with credit added, natch):
OK, let’s get on and set the scene before I hyperlink over to the Machine Readable People site for all the sexy ‘how to’ goodness…
THE REQUIREMENT
You want (or need) to audit who is viewing what records in Salesforce. Maybe your business processes force you into having a Public Read-Only or Public Read/Write sharing setup, but you really want to make sure that people are only viewing stuff that they need to, and that nothing underhand is going on with that one employee you’re pretty sure won’t be around next week.
This was a requirement I recently had. So what options ran through my head? Well, we know that Salesforce has a powerful Event Monitoring solution that will do this – and much, much more – for you. So that’s the answer, right? Well, not quite. There was a problem. A pretty sizeable problem.
THE PROBLEM
You see, I don’t know if you’ve heard, but Salesforce are trying to make a profit. So of course Event Monitoring isn’t free. But just how not-free is it? Well, approximately very very not-free. To get all scientific about it, in technical terms it will set you back <checks calculator> …an absolute metric shit-ton.
THE SOLUTION
OK, so we’re in need of a solution which does what we want without breaking the bank. My mind goes next to the world of Visualforce (yes, this particular org is still in Classic – but maybe not for long) and the vague concept of placing a VF page on the page layouts of the objects we want to track. Kind of the ‘invisible pixel’ approach used to detect who has read an email.
But Visualforce is hard, right? Sure, the page itself is little more than glorified HTML, but you gotta have an Apex controller to do the heavy lifting, and this requirement screams ‘custom controller’ and that’s going to take effort and a lot of tears and tantrums for a non-programmer like me.
And then I found this. My answer. My salvation. My holy grail. A way of using a simple custom object and a Visualforce page and remote objects with a standard controller (no writing Apex – just copy and pasting), and it gets the job done nicely.
I’m not going to share the exact steps with you here, because to do so would be to take hits away from the Machine Readable People site who came up with the solution. So if you’re looking to audit who is viewing what records in your org, go here, read the article, build the solution, bask in the glory, and then make sure you thank the author. I know I do.