Configuring Data Regulation Policies
The InCountry for Salesforce package lets you configure the required data regulation policies for different Salesforce objects.
The app deals with the following:
Data regulation policies
Data restriction levels
Data regulation policies
The InCountry for Salesforce app supports the three data regulation policies, as follows:
Policy | Description |
Redaction | Regulated data is stored within the origin country and cannot leave it. Data is saved to the InCountry platform only. Date requests from Salesforce in the origin country are made directly to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to Salesforce. |
Restriction | Regulated data is stored within the origin country, but can leave it in some cases when it is read. Data is saved to the InCountry platform. Data requests from Salesforce in the non-origin country are made to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to the Salesforce. |
Replication | Regulated data is first saved in the origin country, then the data can be replicated to other countries. In this case, regulated data is saved to the InCountry platform, and then it is replicated to Salesforce. |
note
The InCountry for Salesforce solution lets you use only one data regulation policy for your objects per one Salesforce instance. The mixed usage of several data regulation policies will be supported in future releases.
Data restriction levels
The InCountry for Salesforce app enables configuration of the data regulation policies for the three restriction levels, as follows:
Restriction level | Description |
Organization-wide | This configuration is used when all records within your organization attribute to the one country, so you do not have to specify the country on the object or record levels. This configuration is overridden by the object- or record-level configuration. |
Object-level | This configuration is used when some objects within your Salesforce instance may attribute to one country, while the others to another country. You can override the organization-wide configuration with the object-level configuration (for example, Account > US, Contact > RU). This configuration if overridden by the object-level configuration. |
Record-level | This configuration is used when you need to specify the origin country on the record level. When using this configuration, you need to provide the Salesforce field which contains the country code (for example. Account records > Country_c, Contact Record > Country2_c). |
Adding the data regulation policy
note
You must attribute to the InCountry Admin user to access this section.
On the menu, select Settings. The page with the app settings loads, as follows:
In the Select Object box, start entering the name of the Salesforce object which you want to define the data regulation policy for (for example, Lead).
Select the Salesforce object from the prompted options.
In the Type box, select the restriction level which you want to apply to the selected Salesforce object, as follows:
Organization - the data regulation policy is applied to the entire organization and all records within this organization. This way you can set the origin country for the organization.
Object - the data regulation policy overrides the organization-wide configuration for the selected Salesforce object. In this case the Lead object will attribute to the selected country, while all the other Salesforce objects will belong to the country defined by the organization-wide configuration, unless another country is defined in the object-level configuration.
Record - the data regulation policy overrides the object-level configuration. In this case, for each record within the Lead object you can specify the appropriate origin country.
In the Country box, select code of the country for storing the regulated data.
In the Behavior box, select the data regulation policy, as follows:
Redaction
Restriction
Replication
In the Select Field box, start entering the field which will contain the country code. This field will be used to identify which country the data is stored in. This option is available for records only.
When complete, click Add.
note
Salesforce Lightning supports the redaction and restriction data regulation policies only. The replication model can be used in Salesforce Classic only.
Editing the data regulation policy
Select the Salesforce object which data regulation policy you want to modify.
Once its configuration loads, locate the policy type which you want to modify.
Make the appropriate modifications.
When complete, click Save.
warning
When you change the country for a specific data regulation policy of the object, the InCountry for Salesforce app performs data migration to the newly selected country. Please consider this while modifying settings of the data regulation policy.
Deleting the data regulation policy
Select the Salesforce object which data regulation policy you want to delete.
Once its configuration loads, locate the policy type which you want to delete.
Click the Delete icon.
Deleting all policies
You can delete all data regulation policies configured for the currently selected Salesforce object.
- Click Delete Policies.
Deleting all data regulation policies and PROTECTED fields for the object
You can delete all data regulation policies and PROTECTED fields configured for the currently selected Salesforce object.
Select the Salesforce object which all data regulation policies and PROTECTED fields you want to delete.
Click Delete All.
Running synchronization
Once you have configured all the data regulation policies and PROTECTED fields for Salesforce objects, you can instantly synchronize them between Salesforce and the InCountry Platform. In this case, the synchronization mechanism will transfer the regulated data from Salesforce to the InCountry Platform for all the records of a specific Salesforce object.
Select the Salesforce object which records you want to synchronize.
Click Run Sync.
Wait for a while as it may take some time to synchronize records.
After the data synchronization, regulated data may be shown as tokenized when using the redaction policy.
The status of data synchronization will be shown in the Runned Jobs block and in the Apex Jobs section. If the data synchronization is interrupted by occurrence of an error, please check the configuration of your data fields or contact the InCountry support team.
Upon a successful data synchronization, an email with synchronization details will be delivered to your mailbox. After the data synchronization you can proceed to management of records within the synchronized Salesforce object.