I have been tasked with coming up with a solution where I am not sure if there is a solid answer:
How can I match username records from an application's database to users in our Active Directory?
I have two applications this needs to be done for - 1st application I only have firstname and lastname information. Second application i have the application's username, which is similar to activeD's but not a definate match. I also have firstname lastname info.
Now, simply put I can just write a script that matches all the records in ActiveD that match the firstname lastname in the application DB, but that is fraught with errors.
Having no unique identifier to begin with might make this an impossible task, but before I start to task someone else with manually comparing the data after running the script, I thought I would ask the delightful StackOverflow crew to chew on it. There are always methods I don't think of, after all.
So any brilliant ideas out there to accomplish this task?
Thanks guys
Once you get them matched up automatically and the exceptions by hand, make a custom attribute in Active directory where you can store the information to keep them matched up in the future.
You could store the Active Directory object GUID against the database record.
Well, the one thing that will be indeed unique in AD is the sAMAccountName for each user. If you find a way to associate your users in your two databases with a SAM Account Name, you should have no big trouble anymore to do an automatic sync check with AD.
That property is already available in AD, you don't need to add any additional artificial IDs, and it's much easier to read than a GUID.
Marc
Related
I know this works on the workbench:
SELECT Id,bizible2__BizibleId__c FROM Task
where bizible2__BizibleIid__c is on the activity table.
This works too:
SELECT Id,bizible2__BizibleId__c,owner_manager__c FROM Task
but it doesn't work in simple_salesforce. No clue why. So I tried to simulate it because owner_manager__c is a calculated field that equals:
Owner:User.Manager.FirstName &" " & Owner:User.Manager.LastName
the owner is a standard relationship for the task table and presumably the activity table. My attempt:
SELECT Id,bizible2__BizibleId__c,Owner.name FROM Task
works, but
SELECT Id,bizible2__BizibleId__c,Owner.Manager.FirstName FROM Task
Didn't work. Manager is a hierarchy thingy. I thought it could be because the owner relationship is user,calendar,something else and not just user, so I tried
SELECT Id,bizible2__BizibleId__c,LastModifiedBy.Manager.FirstName FROM Task
and that didn't work.
I figured it out. You have to go to the directory simple_salesforce is in: site-packages\simple_salesforce\api.py. then in the line DEFAULT_API_VERSION = '42.0', change 42.0 to 51.0. That, of course, is a terrible hack, so I asked this question:
How do I change the api version of Simple Saleforce
But so far there is no answer other than what I did.
From what I remember "simple salesforce" uses REST and this API respects field level security. Are you sure you have access to the field? Just because you're sysadmin and bypass stuff in UI doesn't mean your Profile is all right. Workbench might be using SOAP API which is bit old and doesn't enforce the fields (yet).
What does this do for you?
SELECT Id,
TYPEOF Owner
WHEN User THEN Username, Manager.Name
END
FROM Task
On mutant fields sometimes you need to use polymorphic SOQL to get the fields you want. But still, the formula should work OK.
In our web application we want to use DB2 row level access control to control who can view what. Each table would contain a column named userId which contain the user id. We want log-in users be able to see only row's usereId column with theirs id. I have seen db2 permission examples using DB2 session_id or user, for example taking DB2 given Banking example :
CREATE PERMISSION EXAMPLEBANKING.IN_TELLER_ROW_ACCESS
ON EXAMPLEBANKING.CUSTOMER FOR ROWS WHERE BRANCH in (
SELECT HOME_BRANCH FROM EXAMPLEBANKING.INTERNAL_INFO WHERE EMP_ID = SESSION_USER
)
ENFORCED FOR ALL ACCESS
ENABLE;
Our table gets updated dynamically hence we don't know what row get added or deleted hence we don't know what are all the user Id in the table.
At any given time, different user would log-on to the web to view information retrieve from the tables, the permission declaration above only take SESSION_USER as the input, can I change it to something like Java function parameter where one can pass arbitrary id to the permission? If not then how do I handle different log-in users at arbitrary time? Or do I just keep changing SESSION_USER dynamically as new user login (using "db2 set" ??)? If so then is this the best practice for this kind use case?
Thanks in advance.
Since the user ID in question is application-provided, not originating from the database, using SESSION_USER, which equals to the DB2 authorization ID, would not be appropriate. Instead you might use the CLIENT_USERID variable, as described here.
This might become a little tricky if you use connection pooling in your application, as the variable must be set each time after obtaining a connection from the pool and reset before returning it to the pool.
Check out Trusted Contexts, this is exactly why they exist. The linked article is fairly old (you can use trusted contexts with PHP, ruby, etc. now).
I have a custom object in Salesforce which I need to setup a Master Detail relationship from Accounts. Accounts being the Master and CompHist being the Detail. The problem I am running into is that I need to set the relation to work off of custom fields within the objects. Example:
1.) Accounts has a custom field called CustomerId.
2.) CompHist also has custom field called CustomerId.
3.) I need to be able to have this linked together by CustomerId field for report generation.
About 2,000 records are inserted into CompHist around the 8th of each month. This is done from a .NET application that kicks off at the scheduled time, collects info from our databases and then uploads that data to salesforce via the SOAP API.
Maybe I'm misunderstanding how Salesforce relationships work as I am fairly new (couple months) to salesforce development.
Thanks,
Randy
There is a way to get this to work without triggers that will link the records or pre-querying the SF to learn Account Ids in .NET before you'll push the CompHistories.
Setup
On Account: set the "External ID" checkbox on your CustomerId field. I'd recommend setting "Unique" too.
On CompHist: you'll need to make decision whether it's acceptable to move them around or when the relation to Account is set - it'll stay like that forever. When you've made that decision tick / untick the "reparentable master-detail" in the definition of your lookup / m-d to Account.
And if you have some Id on these details, something like "line item number" - consider making an Ext. Id. for them too. Might save your bacon some time in future when end user questions the report or you'll have to make some kind of "flush" and push all lines from .NET (will help you figure out what's to insert, what's to update).
At this point it's useful to think how are you going to fill the missing data (all the nulls in the Ext. Id) field.
Actual establishing of the relationship
If you have the external ids set it's pretty easy to tell salesforce to figure out the linking for you. The operation is called upsert (mix between update and insert) and can be used in 2 flavours.
"Basic" upsert is for create/update solving; means "dear Salesforce, please save this CompHist record with MyId=1234. I don't know what's the Id in your database and frankly I don't care, go figure this out will ya?"
If there was no such record - 1 will be created.
If there was exactly 1 match - it will be updated.
If there were more than 1 found - SF won't know which one to update and throw error back at you (that's why marking as "unique" is a good idea. There's a chance you'll spot errors sooner).
"Advanced" upsert is for maintaining foreign keys, establishing lookups. "Dear SF, please hook this CompHist up to Account which is marked as "ABZ123" in my DB. Did I mention I don't care about your Ids and I can't be bothered to query your database first prior to me uploading my stuff?"
Again - exact match - works as expected.
0 or 2 Accounts with same ext. id value = error.
Code plz
I'd recommend you to play with Data Loader or similar tool first to get a grasp. of what exactly happens, how to map fields and how to not be confused (these 2 flavours of upsert can be used at same time). Once you'll manage to push the changes the way you want you can modify your integration a bit.
SOAP API upsert: http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_upsert.htm (C# example at the bottom)
REST API: http://www.salesforce.com/us/developer/docs/api_rest/Content/dome_upsert.htm
If you'd prefer an Salesforce Apex example: Can I insert deserialized JSON SObjects from another Salesforce org into my org?
I am about to do the process of mass de-duping in Salesforce. However, our team uses excel spread sheets where they have Account IDs. When I will merge accounts, then some of them won't exist in Salesforce anymore. I would like to get merged Account IDs to use vlookup in Excel, to replace invalid values.
I tried to pull this data out via Account History report... I wasn't able to do this. Also I went to Recycle Bin, where deleted Accounts are stored. However, there I can find only Account names instead of Account IDs
Does anyone know how can I get the merged Account IDs?
You could use some screenscraping thingie to inspect the HTML of Recycle Bin page. The Id of deleted record is hidden in the checkbox you click.
<input id="ids0" name="ids" onclick="..."
title="Select Sample Account" type="checkbox" value="001xxxxxxxxxxxx">
But that's a very crappy solution.
Better would be to use an API tool (I usually recommend Real Force Explorer but if it's an one-time action the web-based workbench.developerforce.com might do too).
http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_merge.htm
To find all records that have been merged since a given point in time,
you can use queryAll() with a SELECT statement similar to the
following:
SELECT Id FROM Contact WHERE isDeleted=true and masterRecordId != null
AND SystemModstamp > 2006-01-01T23:01:01+01:00
In your case something like this should give you both old and new Id - perfect for mapping in Excel!
SELECT Id, Name, MasterRecordId, MasterRecord.Name
FROM Account
WHERE isDeleted=true and MasterRecordId != null
Use a soql query tool or apex with soql query. The old accounts should be there and marked with IsDeleted true
I work on Mac and use SOQLExplorer
You can also use th SF Workbench. Log onto SF and under your name look for it
I want to make a site in which every user has his own customers and products to manage.
Whats the best way to handle this??
Is it OK to use an additional field for each entry specifying the user this entry belongs to ? or there is a better way?
Im using sql server if it matters.
Thank You.
not really much info in the question... however:
it is much simpler to scale some more data in a single database than to create additional databases. so YES - make one database.
the exact schema you choose is more subtle - normalize, and link rows to appropriate users
Do NOT I repeat do NOT create a database per user, not even a table per user.
Add a column UserID to any table that may need to reference a person with a product or order.