In your Salesforce environment, Code42 only monitors the users who have the "Report export" permission. This article explains how Code42 identifies these users after you connect it to Salesforce. Included are details about how you can create a list of these users to determine how to scope Code42's user monitoring and manage costs.
How Code42 monitors Salesforce users
Only the users with the "Report export" permission in Salesforce can generate and export reports, so only these users are monitored by Code42. Once you connect it to Salesforce, Code42 starts scanning your Salesforce environment to identify the users that are in scope for monitoring:
- All users
- Only the specific users you identified during authorization
- Only the users in the specific groups you identified during authorization
Code42 then determines which of these users have the "Report export" permission in Salesforce and monitors only those users. Code42 discovers any new users that have been added to your Salesforce environment (and determines whether they have the required permissions and should be monitored) within 8 hours.
Identify Salesforce users with the "Report export" permission
Workbench is a web-based set of tools that allows administrators and developers to interact with the Salesforce APIs. You can run a query in Workbench to list the users who have the "Report export" permission to determine how to best scope user monitoring and manage costs.
- Log into Workbench using your Salesforce administrator account.
- Go to queries > SOQL Query.
- Execute the following query. Under View as, select Bulk CSV to export the results to a CSV file that you can download and edit as needed.
select name, email from user where isactive = true and id in (select assigneeid from PermissionSetAssignment WHERE permissionset.permissionsexportreport = true) ORDER BY name