Skip to main content

IP Ranges on Profiles

Use Case - An organization with some 50+ profiles is running a mission critical sfdc solution since last 5-6 years and after analysis of security implications decided to have IP based restriction on access. The organization in question is trying to make sure that mission critical application can be accessed only through office network or via VPN if outside office. The organization is global in nature and has 500+ possible IPs. Also, the deployment process involves migration of components through 4 boxes.

Possible Solution:-

1. Manually add IPs to all profiles - 50+ profiles X 500+ IPs = 25000 IPs entry. Quite cumbersome indeed, may be hours and hours. Also, very much possible that Networking team wants to do testing with only few IPs first and then add more and more.

2. Use Eclipse to add IP ranges to profiles - It will need just addition of 500 IPs on one profile and latter just copy & paste the same in other profiles.

I am going to describe below how we can make our life as developer easier:-

1. Create a project in eclipse and select specific profiles which needs IP ranges:-



2. Project will look something like this is eclipse:-


3. Open the profile on which you want to add IP ranges:-



4. Wrap each IP range under <loginIpRanges></loginIpRanges>. Inside <loginIpRanges></loginIpRanges>, keep in mind that <endAddress></endAddress> will come first, and the only <startAddress></startAddress> will come. something like:-

<loginIpRanges>
<endAddress>2.2.2.2</endAddress>
<startAddress>2.0.0.1</startAddress>
</loginIpRanges>

5. After having all IP Ranges, paste it in profile inside eclipse and save (or save to server):-



6. For other profiles, you already have all your possible IP Ranges wrapped inside <loginIpRanges></loginIpRanges> from above profile, copy and paste in other profiles and save to server.



Hopefully, it will make your life easier.

Comments

Post a Comment

Popular posts from this blog

Mashup Integration in Salesforce

During preparation for TA certification exam, I came across a word Mashup for integration a number of times. I explored about it and below is description:- Mashups, sometimes called “composites,” are hybrid applications created by bringing together several data sources and Web services to create a new application or to add value to an existing application. Behind the scenes, mashups may require different levels of integration, depending on whether the mashed-up data is only meant to be viewed, whether it can be edited, and whether data is actually transferred between systems. There are three types of mashup:- Client Presentation Mashup - In this type of mashup the integration takes place strictly at the visual level. It makes possible to view data from two or more applications in a browser,  without actually moving data between the applications. Example - Google Maps. Client Service Mashup - As mashups evolve, they are becoming more complex and sophisticated. Client...
15 comments
Read more

Make Calls to PageReference.getContent() in Asynchronous Apex - Winter16

You can now make calls to the getContent() and getContentAsPdf() methods of the PageReference class from within asynchronous Apex such as Batch Apex, Schedulable and Queueable classes, and @future methods. This allows you to design much more flexible and scalable services that, for example, render Visualforce pages as PDF files.
5 comments
Read more

Grant Access Using Hierarchies

Problem There is a custom object say 'XYZ' and OWD for this is set to ' Private ', which means record of this can be seen by only owner and users above in role-hierarchy and territory. However, to share this with other user, we can manually share it. The problem is that I don't want other users, who are above in role-hierarchy and territory of the user with whom record has shared, can see it. Solution We can un-check ' Grant Access Using Hierarchies ' check box for object 'XYZ' on 'Sharing Settings' page. We can go to Setup >> Security Controls >> Sharing Settings and click on ' Edit ' button. On the edit page, we can un-check ' Grant Access Using Hierarchies ' for required object.  Major uses of 'Grant Access Using Hierarchies' are:- If you disable the Grant Access Using Hierarchies option, sharing with a role or territory and subordinates only shares with the users directly asso...
1 comment
Read more