Protecting Salesforce: Preventing Public Link Creation

Identify and prevent the creation of Salesforce public links and reduce your blast radius with Varonis.
Nathan Coppinger
2 min read
Last updated June 25, 2024
disable Salesforce public links

Public links created by Salesforce users can expose confidential data to anyone on the web, sometimes without the awareness of admins or security teams.

The latest Varonis update gives security teams the ability to revoke the permission to create Salesforce public links from Profiles and Permission Sets, providing unrivaled control over public exposure in Salesforce. 

Varonis is the only solution that allows you to identify and remove the ability to create public links from users who don't need those permissions, as well as remove existing links that expose sensitive information — all without navigating complex Salesforce Profiles or Permission Sets.

This builds upon Varonis’ extensive automated remediation capabilities for Salesforce, which enable organizations to automatically fix critical misconfigurations, disable stale or risky users, remove unassigned entitlements, and more. 

In this blog, we’ll cover how Varonis can help you find and remove the “create public link” Salesforce permission so you can enforce least privilege. 

Find who can create public links in Salesforce.

Reducing the exposure of Salesforce data starts with understanding permissions. With Varonis for Salesforce, figuring out what access someone has is as easy as one click. Varonis analyzes your Salesforce entitlements and displays every Profile and Permission Set that contains the “create public link” permission.

This report quickly shows each user assigned these entitlements, what sensitive data each entitlement grants access to, and which users are actively creating public links.

From this automated report, it only takes a few clicks to revoke the “create public link” permissions from your entitlements and commit the changes to Salesforce. 

View the Profiles and Permission Sets that contain the “create public link” permission and see to whom they are assigned. 

Salesforce Public link creation report

View the Profiles and Permission Sets that contain the “create public link” permission and see to whom they are assigned. 

Enforce least privilege: Revoke the ability to create public links. 

Once you decide which entitlements should have the “create public link” permission removed, you can use Varonis to easily make that change. Simply click each entitlement you want to modify, select “run action,” click “remove permission,” and click “save” to commit the change to Salesforce.

This action will then automatically update the permission change in Salesforce and remove the “create public link” permission from the selected entitlements, allowing you to drastically reduce your Salesforce blast radius in seconds.

Revoke the “create public link” permission from entitlements in only a few clicks. 

Revoke create public link permission

Revoke the “create public link” permission from entitlements in only a few clicks. 

Proactively reduce your blast radius.

As new Profiles and Permission Sets are created and users' responsibilities change, it’s important to continually ensure that only the right people can create public links for your sensitive data within Salesforce.  

The Varonis Salesforce Dashboard allows you to view the number of entitlements containing the “create public link” permission and monitor its proliferation across your environment.

Our Salesforce dashboard continuously monitors your environment for entitlements that enable public link creation.

Public link dashboard

Our Salesforce dashboard continuously monitors your environment for entitlements that enable public link creation.

Try Varonis for free.

Available on the Salesforce AppExchange, the Varonis Data Security Platform helps security teams continuously monitor and improve their Salesforce security posture in real time with the ability to:

  • Discover and classify sensitive data in records and attachments
  • Simplify permission analysis and enforce least privilege access
  • Monitor sensitive data activity and alert you to abnormal behavior
  • Enhance Salesforce Shield
  • Continuously surface and fix configuration drift
  • Identify and manage third-party application risk

Ready to protect your critical Salesforce data and improve your security posture with Varonis?

Request a demo today.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

varonis-enhances-salesforce-security-with-high-risk-permissions-remediation
Varonis Enhances Salesforce Security With High-Risk Permissions Remediation
Identify and automatically remediate high-risk Salesforce permissions to reduce risk and improve your SaaS security posture.
protecting-salesforce:-remediating-misconfigured-sites
Protecting Salesforce: Remediating Misconfigured Sites
Varonis enables organizations to identify and remediate misconfigured Salesforce Site guest permissions that expose sensitive data publicly.
varonis-launches-third-party-app-risk-management
Varonis Launches Third-Party App Risk Management
Varonis reduces your SaaS attack surface by discovering and remediating risky third-party app connections.
dspm-report-highlights-risks-that-lead-to-significant-data-breaches  
DSPM Report Highlights Risks That Lead to Significant Data Breaches  
Varonis' new DSPM report reveals that typical companies are widening their blast radius by oversharing permissions, excess ghost users, lack of MFA, and more.