Prerequisites
When you configure the Salesforce Connector, you create an XML file (see The DocumentsXML File) that specifies what information to retrieve from Salesforce. To enable mapped security this file must meet some additional requirements.
Each document
element that you include in the documents.xml
file must have a basetype
that is one of the following:
- The Folder object type.
- The Organization object type.
- The User object type.
-
A securable object type.
TIP: To obtain a list of these types, run the
synchronize
fetch action without thedocuments.xml
file. The connector will connect to Salesforce and generate adocuments.xml
file that contains all of the document types that are available. Securable object types are listed under theSobjectType
field ofObjectPermissions
.
Unless the document basetype
meets this requirement, the document
element must also have a parentIdField
attribute. The value of this attribute must be the name of the field that contains the reference of the parent object. The connector can then find the parent object, and find a parent securable object type (as defined above), possibly through a chain of other objects.
You can add the parentIdField
attribute to a document where the basetype
is a securable object. This indicates that there is a securable object chain that must be respected in the object's access control list.
Examples
In the following example, basetype="Lead"
is a securable object type:
<document basetype="Lead"> <field name="Lead_*" query="*" /> </document>
In the following example:
basetype="Document"
is a securable object type.- the attribute
parentIdField="FolderId"
indicates that the connector can find the reference of the parent object in a field namedFolderId
. The connector must follow this reference and respect the permissions set on the parent object when it generates an ACL for the document.
<document basetype="Document" parentIdField="FolderId"> <file query="Body" /> <field name="Document_*" query="*" /> <field name="Document_Author_Manager_*" query="Author.Manager.*" /> <field name="Document_CreatedBy_*" query="CreatedBy.*" /> <field name="Document_LastModifiedBy_*" query="LastModifiedBy.*" /> </document>
In the following example:
- the attribute
parentIdField="AccountId"
on the contract object indicates that the connector can find the reference of the parent object in a field namedAccountId
. The connector must follow this reference and respect the permissions set on the parent object when it generates an ACL for the document. basetype="Account"
is a securable object type, but can have another account as its parent object. The attributeparentIdField="ParentId"
indicates that the connector can find the reference of the parent account in a field namedParentId
. The connector must respect the permissions set on any parent account(s) when it generates the ACL for the document.
<document basetype="Contract" parentIdField="AccountId"> <field name="Contract_*" query="*" /> <field name="Contract_Account_*" query="Account.*" /> <field name="Contract_Owner_*" query="Owner.*" /> <subquery childrelationship="Notes"> <field name="Contract_Note_*" query="*" /> </subquery> </document> <document basetype="Account" parentIdField="ParentId"> <field name="Account_*" query="*" /> <field name="Account_MasterRecord_*" query="MasterRecord.*" /> <field name="Account_Owner_*" query="Owner.*" /> </document>