User guidesDeveloper platformLatest updatesSlack Community
User guides

[Beta] Salesforce Personal Connection - Admin Guide

Suggest Edits

👩‍🔬

Beta Connection

This Connection is currently in beta mode, available upon request. As alpha users we need your help to make it as powerful as possible, please share feedback!

General

This feature is a 🔐 security extension of the Dust Salesforce connection Dust Salesforce Connection - Admin Guide for beta testers

How It Works

  • Instead of using a Service Account to reach data, it will instead use the Personal user’s connection details
  • When querying data to your Salesforce for the first time, it will ask users to login to Salesforce
  • When querying data to your Salesforce, it will ensure that your user has enough permissions to retrieve the data

Pre-requisites

  • Salesforce connection must be active on your workspace (to check, navigate to the “Connected Data”, Salesforce should already be here)
  • Users who call Salesforce-related Agents from dust.tt must have a Salesforce account associated to the same email address. Permissions will be inherited from this account

⚠️

When turning on Personal Connection, all requests to Salesforce will be made using this permission scheme. It is not possible to have both the Service Account scheme and the Personal Connection scheme in the same Workspace

Permissions

Data Access Security

  • Queries are executed using the permissions of the connected user in Dust

Usage

Users in the Dust workspace can manage their Salesforce connection from the Account menu under “Exploratory features” or using the following URL

https://dust.tt/w/[workspaceId]/labs/salesforce_personal_connections



Account menu

From there, they can

  • Connect their personal Salesforce account to Dust
  • Disconnect their personal Salesforce account
  • View connection status


Personal connection management menu

Alternatively, using an Agent that requires Salesforce access will automatically prompt the user to connect, if not done already


Users can no longer query Agents without personal authentication

⚠️

When switching from Global permissions to User-based permissions, depending on your Salesforce access schemes, user’s request will get blocked. Here is an example of what a user will see in the Tools Inspection if they do not have enough permissions to retrieve data.

Blocked Query example

{
  "object": "Lead",
  "fields": [
    "Id",
    "FirstName",
    "LastName",
    "Company",
    "Industry",
    "Rating",
    "Status",
    "AnnualRevenue",
    "Owner.Name",
    "CreatedDate",
    "LeadSource"
  ],
  "where": {
    "condition": "AND",
    "filters": [
      {"field": "IsConverted", "operator": "=", "value": false},
      {"field": "Status", "operator": "IN", "value": ["Open - Not Contacted", "Working - Contacted"]}
    ]
  },
  "orderBy": [
    {"field": "Rating", "direction": "DESC"},
    {"field": "CreatedDate", "direction": "DESC"}
  ],
  "relationships": [{
    "relationshipName": "Account",
    "fields": [
      "Id",
      "Name",
      "Type",
      "Industry",
      "Rating",
      "AnnualRevenue",
      "Owner.Name",
      "CreatedDate"
    ],
    "where": {
      "condition": "AND",
      "filters": [
        {"field": "Type", "operator": "=", "value": "Prospect"}
      ]
    }
  }]
}

Error
Query uses tables/relationships that are not allowed: Owner

In this case, this user cannot access the data because they are not the owner of the table, but Salesforce has multiple other ways to control access, including Row-level or field-level controls

Updated about 19 hours ago