Public links created by Salesforce users can expose confidential data to anyone on the web, sometimes without the awareness of admins or security teams.
The latest Varonis update gives security teams the ability to revoke the permission to create Salesforce public links from Profiles and Permission Sets, providing unrivaled control over public exposure in Salesforce.
Varonis is the only solution that allows you to identify and remove the ability to create public links from users who don't need those permissions, as well as remove existing links that expose sensitive information — all without navigating complex Salesforce Profiles or Permission Sets.
This builds upon Varonis’ extensive automated remediation capabilities for Salesforce, which enable organizations to automatically fix critical misconfigurations, disable stale or risky users, remove unassigned entitlements, and more.
In this blog, we’ll cover how Varonis can help you find and remove the “create public link” Salesforce permission so you can enforce least privilege.
Find who can create public links in Salesforce.
Reducing the exposure of Salesforce data starts with understanding permissions. With Varonis for Salesforce, figuring out what access someone has is as easy as one click. Varonis analyzes your Salesforce entitlements and displays every Profile and Permission Set that contains the “create public link” permission.
This report quickly shows each user assigned these entitlements, what sensitive data each entitlement grants access to, and which users are actively creating public links.
From this automated report, it only takes a few clicks to revoke the “create public link” permissions from your entitlements and commit the changes to Salesforce.
View the Profiles and Permission Sets that contain the “create public link” permission and see to whom they are assigned.
View the Profiles and Permission Sets that contain the “create public link” permission and see to whom they are assigned.
Enforce least privilege: Revoke the ability to create public links.
Once you decide which entitlements should have the “create public link” permission removed, you can use Varonis to easily make that change. Simply click each entitlement you want to modify, select “run action,” click “remove permission,” and click “save” to commit the change to Salesforce.
This action will then automatically update the permission change in Salesforce and remove the “create public link” permission from the selected entitlements, allowing you to drastically reduce your Salesforce blast radius in seconds.
Revoke the “create public link” permission from entitlements in only a few clicks.
Revoke the “create public link” permission from entitlements in only a few clicks.
Proactively reduce your blast radius.
As new Profiles and Permission Sets are created and users' responsibilities change, it’s important to continually ensure that only the right people can create public links for your sensitive data within Salesforce.
The Varonis Salesforce Dashboard allows you to view the number of entitlements containing the “create public link” permission and monitor its proliferation across your environment.
Our Salesforce dashboard continuously monitors your environment for entitlements that enable public link creation.
Our Salesforce dashboard continuously monitors your environment for entitlements that enable public link creation.
Try Varonis for free.
Available on the Salesforce AppExchange, the Varonis Data Security Platform helps security teams continuously monitor and improve their Salesforce security posture in real time with the ability to:
- Discover and classify sensitive data in records and attachments
- Simplify permission analysis and enforce least privilege access
- Monitor sensitive data activity and alert you to abnormal behavior
- Enhance Salesforce Shield
- Continuously surface and fix configuration drift
- Identify and manage third-party application risk
Ready to protect your critical Salesforce data and improve your security posture with Varonis?
Request a demo today.
