AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Use Insights for Salesforce (Preview) > Risk Definition Administration

Export to PDF

Risk Definition Administration

The risk definition settings have already been configured when the first tenant user logs into Insights and completes the initial configurations. You can make updates to your risk definition settings as required by clicking Settings > Risk definition. The following tiles can be viewed on the Risk definition page.

  • Risk Definition Profiles

  • Scan Scope Definition

  • Scope and Binding

Risk Definition Profiles

On the Risk definition profiles page, existing profiles are listed in the table, including the built-in Default profile for Salesforce and Default profile for Salesforce objects. You can search for a specific profile by entering the profile name in the search box and clicking the magnifying glass button.

On this page, the following actions are available to manage profiles.

  • New profile – Click New profile on the Risk definition profiles page, and the New profile page will appear.

  • View – Click View above the table or click View from the ellipsis drop-down list to the right of a profile. The profile details are displayed in the View window on the right.

  • Edit – Click Edit above the table or click Edit from the ellipsis drop-down list to the right of a profile. The Edit profile page appears, where you can edit the profile information.

  • Duplicate – Click Duplicate above the table or click Duplicate from the ellipsis drop-down list to the right of a profile. The New profile page appears with the settings of the profile. The new profile name is suffixed with – Copy.

  • Delete – Select one or multiple profiles that you want to delete and click the Delete button above the table.

    NOTE

    Default profiles cannot be deleted.

After your desired risk definition profiles created, you can now apply the profiles to containers based on your requirements. You can click the Scope and binding link above the table to access the Scope and Binding page directly.

Create New Risk Definition Profile

On the New profile page, complete the following settings to create a new risk definition profile.

  1. In the Profile information step, select the definition type Third-party apps or Salesforce objects. Enter a name and optional description for the profile.

    Click Next to go to the next step.

  2. In the Risk definitions step, the settings are dynamic based on the selected data scope.

    • For Third-part apps, you can configure settings for each risk level separately.

      Click Edit in the upper-right corner of each risk level, and the risk level settings are configurable in the Edit window on the right pane.

      • Used and uninstalled apps – The connected app has been used but has no policies for management.

      • All users may self-authorize – The connected app allows all users in the organization to authorize the app after successfully signing in.

      • Last activity date – Select Last activity date, select one of the following options from the drop-down list, and configure the threshold number or number range.

        • More than – The connected app of which the last activity date is more than the threshold number will be classified as the corresponding exposure level.

        • From…to – The connected app of which the last activity date is within the configured number range will be classified as the corresponding exposure level.

        • Less than – The connected app of which the last activity date is less than the threshold number will be classified as the corresponding exposure level.

      • High privilege – Select High privilege, and define the high privilege permission list by selecting permissions from the drop-down list. The connected app has at least one of the defined permissions will be classified as the corresponding exposure level.

      • No certificate – The connected app that has no certificate configured will be classified as the corresponding exposure level.

      • Certificate validity period – Select Certificate validity period, select one of the following options from the drop-down list, configure the threshold number or number range, and select the time unit (Week, Month, or Year).

        • More than – The connected app of which the certificate validity period is more than the threshold number will be classified as the corresponding exposure level.

        • From…to – The connected app of which the certificate validity period is within the configured number range will be classified as the corresponding exposure level.

        • Less than – The connected app of which the certificate validity period is less than the threshold number will be classified as the corresponding exposure level.

    • For Salesforce objects, you can configure the sensitivity definitions and exposure definitions separately.

      1. In the Sensitivity definitions step, enable the sensitivity definitions that you want to use in the profile by clicking the toggle button in front of the definitions. You can use the existing definitions or create a new one by clicking New definition. For detailed information, refer to Create New Sensitivity Definition.

      2. Click Next to go to the next step.

      3. In the Exposure definitions step, configure the exposure definitions for each level by clicking Edit in the upper-right corner of each exposure level. Select one or multiple options to define the exposure for each level, and click Save.

        • Shared directly with external users

        • Shared with All Internal Users

        • Shared with All Customer Portal Users

        • Shared with All Partner Users

  3. Click Next to go to the next step.

  4. In the Review step, click Save to save the risk definition profile. You can also click Back to go back to the previous step or click Cancel to discard changes.

Create New Sensitivity Definition

On the Sensitivity definitions step of the New profile page, click New definition to create a new sensitivity definition.

In the New definition window, complete the following information:

  • Name – Enter a name for the definition.

  • Template – Select a template for the definition. Currently, only Custom can be selected.

  • Country or region – Select the country or region for which this definition will be used.

In the High sensitivity level, Medium sensitivity level, and Low sensitivity level sections, multiple conditions and/or condition groups can be configured.

To add a new group of conditions for a sensitivity level, click Add a group.

You can click the Delete button in the upper-right corner of a group to delete the group from the sensitivity level.

In each condition group, you can perform the following actions to manage the group:

  • You can define the logical relationship of the conditions and/or groups in this group by clicking the All link in the upper-left corner of the group and clicking All or Any in the drop-down list.

    • All – An object that meets all the conditions and groups in this group is discovered and classified as the corresponding sensitivity level.

    • Any – An object that meets any one of the conditions and groups in this group is discovered and classified as the corresponding sensitivity level.

  • Click Add condition in the upper-left corner of the group, and the Add condition window appears. All conditions provided for Salesforce objects and custom conditions are listed in the window. Select the conditions you want to use, and click Save to add the conditions. You can also click Create to create your own conditions.

    • Name and description – Enter a name and optional description for the condition.

    • Regular expression – Select Regular expression as the type and you can enter a regular expression and configure the context.

    • Dictionary – Select Dictionary as the type and you can configure a set of keywords as the dictionary.

  • You can click the Delete button to the right of the condition to delete the condition from the group.

  • Click Add a group to add a condition group to this group.

  • You can click the Delete button in the upper-right corner of a group to delete the group.

When you finish the definition settings, click Save to save the definition.

Scan Scope Definition

On the Scan scope definition page, existing containers are listed with their names and tenants.

To create a new container, click New container. On the New container page, complete the following information, and click Save to create the container.

  • Container name – Enter a name for the container.

  • Tenant – Select the tenant for which this container will be created.

  • Objects – Select the Salesforce objects that you want to include in this container.

  • Fields – Choose whether to set conditions for object fields. Complete the following steps to set conditions.

    1. Click Add condition, and select Data sensitivity level or Compliance categorization.

    2. Select Contains or Does not contain, and select the options to define the condition.

    3. [Optional] Repeat the steps above to add the second condition.

    4. [Optional] Click All in the upper-left corner and click All or Any to define the relationship between the two conditions.

    When at least one field of the objects selected above meets the conditions, the field values of records under the objects will be scanned by Insights.

To edit an existing container, select the container and click Edit. Alternatively, click Edit from the ellipsis drop-down list to the right of a container.

Click Refresh to refresh the container list.

Scope and Binding

On the Scope and binding page, containers are listed. You can view the container name, workspace, the number of items in the container, and the applied risk definition profile. Click the item count link, and the View container details window appears where the objects in the container are displayed.

To create new containers with desired objects, click the Scan scope definition link above the table. For more information, refer to Scan Scope Definition.

Select one or multiple containers and click Assign profile, and the Assign profile window appears on the right pane. Select a profile for the containers and click Save to assign the selected risk definition profile to the containers. The profile name will be displayed as the Risk definition profile column values for the containers.

NOTE

If you remove profiles from containers, these containers will no longer be scanned. It may take some time to rescan these containers when they are assigned with profiles again.

NOTE

With the limited Trial subscription, you can scan up to 25 Salesforce objects except for Content Delivery. To scan your desired objects, make sure the number of selected objects in containers with risk definition profile applied does not exceed this limit.