#19. Security & Permissions
iSyncSF uses Salesforce Permission Sets to control who can run syncs, initiate rollbacks, and manage configuration. All data access is governed by field-level security enforcement and with-sharing Apex patterns — ensuring iSyncSF respects your org's existing security model.
Purpose: The security layer controls who can do what within iSyncSF. Custom permissions provide feature-level access control (who can sync, who can rollback, who can manage templates), while FLS enforcement and sharing rules protect data access at the field and record level. OAuth token encryption protects stored credentials. Where It Fits: Security is configured during initial setup and enforced at all times. Admins assign custom permissions to permission sets/profiles to control user access. The security settings affect every interaction - from viewing templates to executing syncs to rolling back data.
#19.1 Custom Permissions
The application uses custom permissions to control access to specific features:
| Permission | Controls |
|---|---|
| Manage Template Lines | Add, edit, and delete template lines |
| Template Preview | Access to the scan/preview feature |
| Template Sync Now | Ability to execute sync immediately |
| Template Metadata Check | Enable metadata mismatch checking |
| Template Metadata Update | Enable metadata fix/resolve capability |
| Template Rollback Sync | Ability to perform sync rollback |
| Template Abort Job | Ability to abort running sync jobs |
| Template Save | Ability to save template configuration |
#19.2 Security Features
- Field-Level Security - Configurable enforcement of FLS on all queries and DML
- OAuth Token Encryption - Access tokens are stored encrypted with AES-256
- Sharing Rules - All Apex classes use
with sharingby default - SOQL Injection Prevention - Input sanitization on dynamic queries