Friday, July 17, 2015

Salesforce: How to block user to access Data Loader or Workbench?

In some companies, permission to Export Report is not allowed, one of the concern is about data security issue. However, some "smart" user will try to find other ways to download data using external tool, such as: Data Loader or Workbench.

For admin, this tools would be useful in supporting daily work in, but not all users should allowed to access it.

API Enabled
One of the easiest way is just disable API Enabled in the user permission. But, API Enabled is not just use for Data Loader, but some other applications such as: Salesforce for Outlook, Salesforce1 mobile app also need that permission, so disabling that permission is not correct.

Connected Apps
We have discussed Connected Apps in blog How to enable Salesforce1 access by Profile / User? The same method can be used to block other apps. Under SetupManage AppsConnected Apps, you will found apps that connect to your Salesforce organization. For app that is not allowed for everyone, click the app name and change Permitted Users from All users may self-authorize to Admin approved users are pre-authorized

While for users allowed to access those app, go to User Profile (or using Permission Set), look for Connected App Access section, and check the apps.

For users not granted to access the app, they will see following error:

Data Loader: Sorry, your administrator has blocked access to this client

Workbench: user is not admin approved to access this app

The user login history when login with unauthorized app - Failed: Not approved for access

ReferenceWhy am I getting the error "Sorry, your adminstrator has blocked access to this client" when logging in with Apex Data Loader?

No comments:

Post a Comment

Page-level ad