Good day!

Please see: http://www.salesforce.com/us/develop...ganization.htm

We need to have access to Organization standard object to determine the Salesforce Edition before we change the URL to .secure.force for the Event public site. This object is a key object and we have to have access to it.

Without "View All Data" permission we do not have access to the fields we need.

Hope that answers your question.

We have sensitive data that needs to restricted to a handful of people in the org - giving even a few additional staff members "View All Data" permission just so they can create/edit events is not feasible in our situation.

Is there any way you can change it so that it is possible to create/edit the event with lesser privileges, but then require someone with the correct permissions to publish the event?

Btw, the people who can create/edit the event currently have Modify All Data - even they do not have View All Data, so in reality this is the minimum permission one needs. I tested this.

Good day!

Here is the challenge - it is always good to know the reason for certain features and then one can decide what is the best path forward.

The site URL for event requires that the end user add .secure. before the "force.com" domain that is given at the Sites link. In other words if the sites is set up as: http://something.force.com we have to change it to https://something.secure.force.com

The event page is processing credit cards so it has to be secure and one cannot simply change the http:// to https:// since the SSL key at Salesforce requires .secure. to be added prior to .force.com domain and TLD.

In Event 1.x initial release we had instructions for people to add the .secure. to the URL and one can say with high degree of certainty that 99.99% of people were missing it and then getting errors because they could not process using an insecure page. We had the instructions in red, etc. but none worked so we had to think of automating it.

The only way to automate this is to figure out what version of Salesforce is being used since the above instruction is not true for the developer accounts that developers and consultants use. So we had to figure out what version is being used so we can automatically change it when the site URL is entered. You will see this behavior when you select the site URL - the link automatically changes to reflect the secure version.

To be able to detect the version we need full access to the object. To automate and resolve all the support issues or go to manual and deal with support issues- that is the question!

One solution that we are exploring is to make this an option in the "Event Settings" tab (to be introduced in 3.x) and let users select the automation level. Of course then we need to write the manual and explain what it means..

If you have any other ideas as to how one can deal with this please let us know.

Thanks! I have been pondering this one. A setting helps although if you titled this "automation level" it might create more confusion.

Is there any way you could make it so that when creating the Event, we have a system account create it on behalf of the user? I am not a developer so I might not have the correct term, but hopefully you get my point. We could then give that account the correct access and no one would need to use it to log in.

I'm having this problem, but when you say "We need to have access to Organization standard object" are you saying the User's profile needs the "View All Data" permission? And which of CnP's custom objects needs this- there's only 70 CnP custom objects permission settings, and none of them are the "CnP_PaaS_EVT" referred to above- which ones need the View All?

Or am I looking in the wrong place- do I somehow need to give the app permissions?

resolution

I got the answer in the HUB- there is a "View All Data" checkbox in the Application Data settings for the Profile- I thought I had to add the "View All, Modify all" permissions on some unknown individual object and I didn't know which of the 70+ CnP objects' permissions I needed to modify.

Good day Caroline,

Glad the answer worked for you. Here is the image that was posted to the HUB



Please grant View All permission and it should work. I am including this here so the post is complete for future reference.

Let us know if we can be of any further assistance.

I understand the difficulty of getting users to read documentation and follow instructions, but I must say this is the WORST possible solution to that problem. What is the point of creating permissions in our orgs if one app can force us to bypass all of that. The staff we have creating events should not have permission to view a great deal of information in our Org but now we are left with either granting them that permission or having an admin create (and edit) the events. This is NOT sustainable. This is lazy problem solving. Please provide a solution soon.

Jason,

The only solution is to remove checking the Organization object. We have discussed this internally and we don't have any choice but to remove that feature. We then have to tell people that if they select a certain option in their account such as BCC Compliance then the BCC in the autoresponder will not work since Salesforce will block it. Also they need to manually add ".secure." to their URL since Salesforce's link does not have secure and without the event form having a .secure. extension it won't be secure and the payment will not work.

As you see this is a major hassle. I always find it interesting when people say something like "worst" solution. It is as if we just woke up one morning and said let's do this or do that. Believe me every single issue is given a lot of thought and it works for most and will not work for some. We understand the issue and just have to remove it and deal with the consequences and support problems. It is an added feature to release 9.x of PaaS and Event 3.x which is due out before Summer - as this change requires a lot of testing.

The reason I say "worst" is because it takes a specific issue in one area and makes it a global issue in another area. I know as a system admin I have done this many times. If a user can't access something I just give them admin rights, but I acknowledge that this is not a real solution, but rather a lazy workaround to solving the complexity of the underlying issue.

We recently spend a good amount of energy to ensure only certain profiles had access to certain information (like giving information) and to find out that the only way to let my student worker create events is to bypass all those protections is just frustrating.

I look forward to the solutions 3.0 will provide. LOVING much of 2.0.

Keep on innovating.

Jason,

This is a feature that will be worked on shortly. We will publish it as a beta so you can test.

I will keep you posted.

Yay! Thank you!