Jump to content

Salesforce object blacklist

From Resco's Wiki

If you are using Resco with Salesforce, you can control which Salesforce objects (known as entities in Resco terminology) should be made available in Woodford (and later the mobile app) when you click the Update metadata button.

We recommend keeping the object list in Woodford short; this can greatly speed up publishing and validation of app projects. By default, Resco is blacklisting a significant number of objects. Blacklisted objects are not visible in Woodford and they are never available in the app.

Salesforce object blacklist requires Resco managed package.

Why blacklist anything?

When Resco is connected to a Salesforce organization, it mirrors the Salesforce organization's security settings by default, so that Woodford and other tools can use this information for auditing, licensing, and targeting the audience for customizations (app projects).

Connecting to enterprise-scale organizations with complex security settings requires importing thousands of profiles, roles, and permissions, resulting in a large security data footprint on Resco Cloud servers. This often leads to a significant slowdown in regular operations, such as metadata updates, publishing app projects, or license assignments.

In reality, only a very small subset of security configurations is usually needed in mobile scenarios. Normally, only field users are relevant, meaning that only users belonging to a few profiles ever interact with Resco.

Items available for blacklist

The blacklist (or whitelist) allows us to significantly reduce the metadata footprint and speed up metadata update and working with Woodford in general. The following items can be added to the list:

  • Objects
  • Languages
  • Profiles (mapped to Roles in Woodford) (new with 19.0.6)
  • Roles (mapped to Business Units) (new with 19.0.6)

In reality, only a very small subset of these artifacts is needed in the mobile use cases. When Profile or Business Unit filtering is configured, we synchronize only users belonging to these roles/profiles.

Salesforce objects in other tools

The Questionnaire Designer and Results Viewer also adhere to the same object blacklist as Woodford. Additionally, these tools have a limit of 300 objects.

Configuration

The configuration is stored as records in "resco__sync__c" object (Resco Metadata Sync Config). By adding records to this object, the customers are able to fine-tune which objects they see in Woodford and in the apps.

resco metadata config object

Tip In release 18.1, we are renaming the object labels to "Resco Metadata Config".
  1. Log in to your Salesforce server.
  2. Select App Launcher > View All.
  3. Find "Syncs" or "Resco Metadata Config" in the list.
  4. Create new records for this object according to the following rules.

Configuration rules:

  • Enter the name of a single Salesforce object into each record's primary field.
  • Use just the name to whitelist an object.
  • Use the name prefixed with an exclamation mark to blacklist the object.
  • The object names are not case-sensitive.
  • As Type, select "Object".
  • If an object is both whitelisted and blacklisted, the whitelist takes precedence.

editing the blacklist

Examples:

acceptedeventrelation - the object AcceptedEventRelation is whitelisted even though it is in the default blacklist
!account - blacklists the Account object
Note When creating a record in "resco__sync__c" object, do not include the prefix sf_. Use only the API name of the object.

Wildcard in object blacklist

Since Resco release 19.1, it is possible to include the wildcard "*" in the Salesforce object blacklist/whitelist. For example, you can combine a prefix with the wildcard to blacklist the whole family of objects (e.g., coming from a package). This is especially useful for large enterprise organizations with lots of server-side packages that are not needed in mobile scenarios (e.g., Conga reports). Administrators can simply filter out the entire package using the package namespace prefix, e.g., "!trailheadapp__*".

Additional details:

  • One can whitelist multiple objects by prefix using '*' wildcard, e.g., "Account*" will IMPORT all objects starting with "Account", e.g., "AccountContact", "AccountHistory", etc.
  • One can blacklist multiple objects by prefix using '*' wildcard, e.g., "!Account*" will IGNORE all objects starting with "Account", e.g., "AccountContact", 'AccountHistory", etc.
  • One can combine a whitelist and a blacklist: the whitelist takes precedence. The combination of "!Messaging*" and "MessagingChannel*" will ignore "MessagingEndUser" and "MessagingSession", but not "MessagingChannel" nor "MessagingChannelUsage".
  • The wildcard is only supported after a prefix. Using the asterisk elsewhere is not supported, so the following config entries are treated as literal object name definitions: "*Account", "Acc*nt", or standalone "*", "!*".
  • The wildcard is only supported for Object config items. Other types (Profile, Role, Language, …) are not supported.

Language whitelist

Since release 17.0, it is possible to define a whitelist of languages. Only the selected languages are transferred to Woodford during the metadata update. The full list of supported languages is available in Salesforce documentation.

whitelisting languages for localization in Salesforce

Profiles and Roles whitelist

Since release 19.0.6, it is possible to filter which profiles, roles, and, optionally, users are imported during metadata update. Using these, you can significantly reduce the number of imported security settings, speed up the metadata update process, and ensure that only users relevant to mobile scenarios are present in Woodford.

The "Resco Metadata Sync Config" supports two additional options for the Sync Type field: "Profile" and "Role". Both act as a whitelist, and allow either Name or ID. If there are no entries in the table, Update Metadata will import all profiles/roles. If there is at least one profile/role configured, only the whitelisted items are imported; the rest is ignored.

Filtering users based on Profiles and Roles

By default, all active users are imported, and Profile/Role filtering doesn't change this behavior. If you want Resco to use Profile/Role whitelisting to also limit which users are synced with Resco, you need to add a Sync Config line with a specific directive to tell Resco to do it. The directive name is "@@FilterUsers", and you can add it as "Profile" or "Role" sync type (or both), depending if you want to filter users based on Profile or Role (or both).

Note: using both Profile and Role, Resco imports users matching both Profile and Role whitelist using logical AND, not OR.

Here is an example of a configuration (using the Kanban view of the list for more clarity) that imports only users assigned to the profile "System Administrator" or “00e0Y000000X5roQAC” and who have the role "CEO" or "00E0Y0000016x5bUAA".

filter users by profile or role

Default object blacklist

The list of prefixes used to blacklist standard Salesforce objects. Does not apply to custom objects. 

process, aura, app, auth, duplicate, secure, data, listemail, fsl__optimization, fsl_scheduling, feed (*), chatter, expressionset, extlclntapp, flow, livechat, mlmodel, mktsgmt
(*) Except chatter objects Feed Item, Feed Comment, Feed Attachment, and Feed Like.

The list of suffixes used to blacklist both standard and custom Salesforce objects. 

history, share, __tag, __hd, feed, changeevent, __ka, __votestat, __viewstat, __kav, __datacategoryselection, subscription, definition, eventstream, __mdt, __dlm

The default list of named objects that are blacklisted by default.

acceptedeventrelation, accountchangeevent, accountcontactrole, accountcontactrolechangeevent, accounthistory, accountshare, actionlinkgrouptemplate, actionlinktemplate, activityhistory, adminsetupevent, aggregateresult, announcement, apexclass, apexcomponent, apexemailnotification, apexlog, apexpage, apexpageinfo, apextestqueueitem, apextestresult, apextestresultlimits, apextestrunresult, apextestsuite, apextrigger, apextypeimplementor, apievent, apptabmember, assetchangeevent, assethistory, assetrelationshiphistory, assettokenevent, assignmentrule, asyncapexjob, asyncoperationtracker, audittrailfileexport, backgroundoperation, backgroundoperationresult, batchapexerrorevent, batchcalcjobdefinitionview, batchdatasource, batchdatasrcfiltercriteria, batchjob, batchjobpart, batchjobpartfailedrecord, batchprocessjobdefview, brandingset, brandingsetproperty, brandtemplate, briefcaseassignment, briefcaserule, briefcaserulefilter, businessprocess, campaignchangeevent, campaignhistory, campaignshare, casechangeevent, caseexternaldocument, casehistory, caseshare, chatretirementrdymetrics, clientbrowser, collaborationgroup, collaborationgroupmember, collaborationgroupmemberrequest, collaborationinvitation, connectedapplication, contactchangeevent, contacthistory, contactrequest, contactrequestshare, contactshare, contentasset, contentbody, contentdocumenthistory, contenthubrepository, contenttagsubscription, contentusersubscription, contentversionhistory, contracthistory, convintelligencesignalrule, convintelligencesignalsubrule, corswhitelistentry, cronjobdetail, crontrigger, csptrustedsite, custombrand, custombrandasset, customhelpmenuitem, customhelpmenusection, customhttpheader, customobjectuserlicensemetrics, custompermission, custompermissiondependency, dandbcompany, dashboard, dashboardcomponent, digitalsignature, documentattachmentmap, domain, domainsite, emailcapture, emaildomainfilter, emaildomainkey, emailrelay, emailservicesaddress, emailservicesfunction, emailstatus, emailtemplate, embeddedservicedetail, embeddedservicelabel, entityparticle, eventbussubscriber, eventchangeevent, eventlogfile, eventrelationchangeevent, expressionfilter, expressionfiltercriteria, expssetobjectaliasfieldvw, extdatasharetarget, externalaimodel, externalclientapplication, externaldatasource, externaldatasrcdescriptor, externaldatauserauth, externalevent, externaleventmapping, externalsocialaccount, fieldhistoryarchive, fieldpermissions, fieldsecurityclassification, fieldservicemobilesettings, fieldserviceorgsettings, filesearchactivity, fiscalyearsettings, flexqueueitem, flowinterview, flowinterviewshare, flowrecordrelation, flowstagerelation, forecastingshare, forecastshare, fsl__criteria__c, fsl__gantt_filter__c, fsl__ganttpalette__c, fsl__service_goal__c, fsl__slr_cache__c, fsl__territory_optimization_request__c, goalhistory, goalshare, grantedbylicense, idpeventlog, iframewhitelisturl, image, imageshare, installedmobileapp, integrationproviderattr, integrationproviderdef, ipaddressrange, leadchangeevent, leadhistory, leadshare, lightningexitbypagemetrics, lightningexperiencetheme, lightningonboardingconfig, lightningtogglemetrics, lightningusagebyapptypemetrics, lightningusagebybrowsermetrics, lightningusagebyflexipagemetrics, lightningusagebypagemetrics, linkedarticle, listemailchangeevent, listemailshare, listview, listviewchart, listviewchartinstance, listviewevent, liveagentsession, loginasevent, loginevent, logingeo, loginhistory, loginip, logoutevent, lookedupfromactivity, macro, macrohistory, macroinstruction, macroshare, mailmergetemplate, matchingrule, matchingruleitem, metricdatalinkhistory, metrichistory, metricshare, mktcalculatedinsight, mktdatalakemapping, mktdatatransform, mktmlmodel, mktmlpredictionjob, mlfeaturevaluemetric, mobileapplicationdetail, mobilesettingsassignment, mydomaindiscoverablelogin, name, namedcredential, networkactivityaudit, networkaffinity, networkauthapisettings, networkdatacategory, networkdiscoverablelogin, networkfeedresponsemetric, noteandattachment, notificationmember, oauthtoken, objectpermissions, omniroutingeventstore, omnisupervisorconfig, onboardingmetrics, openactivity, opportunitychangeevent, opportunitycontactrolechangeevent, opportunityfieldhistory, opportunityhistory, opportunityshare, orderchangeevent, orderhistory, orderitemchangeevent, orderitemhistory, ordershare, orgdeleterequest, orgdeleterequestshare, orgemailaddresssecurity, orglifecyclenotification, orgmetric, orgmetricscansummary, orgwideemailaddress, outgoingemail, outgoingemailrelation, outofoffice, ownerchangeoptioninfo, packagelicense, period, permissionsetlicense, permissionsetlicenseassign, permissionsettabsetting, person, picklistvalueinfo, pipelineinspectionlistview, pipelineinspectionsumfield, pipelineinspmetricconfig, pipelineinspmetricconfiglocalization, platformaction, platformcachepartition, platformcachepartitiontype, platformeventusagemetric, platformstatusalertevent, pricebook2history, processinstancehistory, product2changeevent, product2history, publisher, pushtopic, pushupgradeexcludedorg, quicktext, quicktexthistory, quicktextshare, quicktextusage, quotetemplaterichtextdata, recordaction, recordactionhistory, recordalert, recordsetfiltercriteria, recordsetfiltercriteriarule, recordsetfltrcritmonitor, recordvisibility, redirectwhitelisturl, relationshipdomain, relationshipinfo, reportevent, revenuetransactionerrorlog, samlssoconfig, scontrol, searchactivity, searchlayout, searchpromotionrule, securitycustombaseline, servicereportlayout, sessionpermsetactivation, setupassistantstep, setupaudittrail, setupentityaccess, site, sitedetail, sitehistory, siteiframewhitelisturl, solutionhistory, sosdeployment, sossession, sossessionactivity, sossessionhistory, sossessionshare, staticresource, streamingchannel, streamingchannelshare, subscriberpackage, subscriberpackageversion, tableauhostmapping, taskchangeevent, tenantusageentitlement, testsuitemembership, thirdpartyaccountlink, timelineobjectdefinitionlocalization, todaygoal, todaygoalshare, transactionsecuritypolicy, twofactorinfo, twofactormethodsinfo, twofactortempcode, urievent, userappinfo, userappmenucustomization, userappmenucustomizationshare, userappmenuitem, userchangeevent, useremailpreferredperson, useremailpreferredpersonshare, userentityaccess, userfieldaccess, userlicense, userlistview, userlistviewcriterion, userlogin, userpackagelicense, userpermissionaccess, userpreference, userprovaccount, userprovaccountstaging, userprovisioningconfig, userprovisioninglog, userprovisioningrequest, userprovisioningrequestshare, userprovmocktarget, userrecordaccess, usershare, verificationhistory, visibilitychangenotification, visualforceaccessmetrics, waveautoinstallrequest, wavecompatibilitycheckitem, weblink, weblinklocalization, workcoachinghistory, workcoachingshare, workfeedbackhistory, workfeedbackquestion, workfeedbackquestionhistory, workfeedbackquestionsethistory, workfeedbackquestionsetshare, workfeedbackquestionshare, workfeedbackrequesthistory, workfeedbackrequestshare, workfeedbackshare, workfeedbacktemplateshare, workperformancecyclehistory, workperformancecycleshare

Retrieved from "https://docs.resco.net/mediawiki/index.php?title=Salesforce_object_blacklist&oldid=13886"