+ Start a Discussion
Osiris77706Osiris77706 

Potential Security flaw.

So i have been using the system log window, to directly execute Apex code for maintence, for instance:

 

- clearing out a large number of leads older that 2 years.

- poping open and saving a large number of leads to fire a trigger.

 

Has anyone else used this window in a similiar fasion ?  is this a really bad practice  (besides the obvious possibilty of deleting stuff that you didnt mean to) ? it seems like such a valuable resource, a console for executing scrpts, but i can't help but think i shouldnt be in there doing that, or theres another way to perform such maintenance. The scariest part is that every user has access to that window, so anyone could potentially go in and delete all the leads or opportunities, or even wipe out the whole Db if they knew a little code ! is there a way to disable this window for all users except the admins ? 

Best Answer chosen by Admin (Salesforce Developers) 
jhurstjhurst

If the user does not have "View All Data", they will not see the link for the System Log.  If you login as the user through the "Login" lin in the User List view under setup, then you will see the link (since you are an admin logging in as the user).

 

If you are seeing differently, please log a case with salesforce.com support and let me know the case number.

 

Thanks

jay

All Answers

JRyanLJRyanL

Try turning off the "View All Data" permission for your non-admin profiles.

 

This (along with Modify All) give a user access to everything, so there is really no escalation of privileges just by getting the convenience of the system log.

 

It is probably fine to use for basic stuff, but I wouldn't recommend using it in a production system for anything that can change or delete data.

Osiris77706Osiris77706

Well we did a little testing. The Changes you suggested, were already the way you suggested they should be, but standard users still have access to this window. Is it possible that it is an actual security flaw and not just a setting i'm missing ?  i would like to think i am wrong but i really dont see any switches to affect whether or not users can access this.

 

Note: i logged in as one of our users with a standard account, and was able to execute script to bulk create, and bulk delete objects.

jhurstjhurst

If the user does not have "View All Data", they will not see the link for the System Log.  If you login as the user through the "Login" lin in the User List view under setup, then you will see the link (since you are an admin logging in as the user).

 

If you are seeing differently, please log a case with salesforce.com support and let me know the case number.

 

Thanks

jay

This was selected as the best answer
Osiris77706Osiris77706

 I See. wow thank you for that. that makes alot more sense now. i checked directly with another user at their computer, they cannot see that window.   :: Heads to send salesforce an apolegetic email::

 

Strangely i had assumed that logging in as another user would only show me exactly what that user could see =p.

GorhamGuyGorhamGuy

Maybe there are differences between the editions of Salesforce, but we are using Enterprise Edition and the 'Login As' functionality does not work the way it is described in the accepted solution above.  When I login as another user using my Admin account, I see everything exactly as that user would see things.  I am bound by the field security and availability settings for that user and see the page layouts, recent items, views, etc. for the user I am logged in as.  I cannot perform any operations when I am logged in as a user that that user would not be able to perform when they log in themselves, even though I am the system administrator.

Osiris77706Osiris77706

Right, thats how it works for me to, with one exception, as admin logged in as user, i can seethe system log, where as a normal user logged in as them self, they cannot see the system log window.

 

Is it that way for you ?

GorhamGuyGorhamGuy

I do see the link to the System Log when I log in as a user from the admin account.  I guess I misunderstood what the accepted solution was saying.

jhurstjhurst

Sorry for the confusion.

 

The logic here is that if you are logging in as a user, it is normally to troubleshoot an issue.  In this case you would want the ability to open the System Log to see the debug information, but you would want the data access to be the same as the end user.

Osiris77706Osiris77706

In all reality the developers had a good idea here, it really makes a lot of sense, and i'm glad they did it that way. Our issue is just an unforeseen side affect, but we cleared it up, so hopefully anyone who has the same question comes across this thread.