Compliance Rule

Updated 1 month ago by Copado Solutions

A compliance rule holds the criteria that Copado scanner is going to use to query and  analyse your org's metadata. It also holds the severity of the rule, and an action to perform when a finding occurs.

Compliance rules are not exclusive of a compliance rule group, you can assign the same compliance rule to different compliance rule groups. 

Rule Severity Types

  • Low
  • Medium
  • High
  • Critical

Rule Action Types

  • Abort Process:
    • When finding, visual alert will be shown, a finding record will be created, the process will be immediately aborted. 
  • Continue with alert:
    • When finding, visual alert will be shown, a finding record will be created  and  process will continue. 
  • Document Only:
    • When finding, a finding record will be created, and the process will continue with no alert.

Compliance Rule Criteria

The Compliance Rule Criteria section holds the actual judgment of the compliance rule that Copado scanner will use to analyse and safeguard your Salesforce org.

  • Metadata Type:
    • This will be the metadata type that Copado scanner will be querying for findings. 
    • You can only define one metadata type per rule.
  • Filter Criteria:
    • This field holds the filtering query that Copado scanner will use to query  the metadata in the org.
    • This Criteria will only filter over the previously selected Metadata Type.
    • This read-only field is filled and defined by Copado when you define a criteria with the Manage Criteria page.
  • Record Count Criteria:
    • The Filter Criteria (filtering Query) will provide  a resulting  XML file with metadata "records". The Record Count Criteria is the Criteria we will apply to inspect this resulting XML.
    • Record Count Criteria types:
      • Number of groups: Number of nodes  in the XML file.
  • Matching Criteria: 
    • Logical operator between Record Count Criteria and Record Count.
      • Matching Criteria Values:
        • Equals
        • Not Equals
        • Less Than
        • Less or Equals
        • Greater Than
        • Greater or Equal
  • Record Count: 
    • The expected number of metadata components ("records")  to assert on the XML.   

In order to create a Compliance Rule follow the steps below:

  1. Open Copado Compliance Hub.
  2. Open the Compliance Rules tab and click on New.
  3. Select  Copado Record Type.
  4. Fill in the Information section:
    1. Provide a Compliance Rule Name.
    2. Select the Severity.
    3. Select the Action.
    4. Set to true the Active checkbox. 
  5. Fill in the Criteria section:
    1. Select the Record Count Criteria.
    2. Select a Matching Criteria.
    3. Provide the Record Count.
    4. Fill in the Error Message field.
  6. Save. 

Compliance Rule needs to have a Rule Criteria witch is the collection of conditional statements and it's logic that will be considered Copado scanner. 
From an  existing Compliance Rule record, click on Manage Criteria. The Manage Compliance Rule Criteria page will open. 
The page has the following sections:

  • Rule Information: In this section section you will provide the metadata type that will be scanned in search for violations.
    • Compliance Rule supported Metadata Types:
      •  Profiles
      • Certificates
      • CustomObject
      • CspTrustedSite
      • NamedCredential
      • Network
      • PermissionSet
      • SamlSsoConfig
      • Settings
  • Criteria Selection: In this section you will tailor your own criteria judgment for the selected metadata type and optionally design your own filter logic. 
    • Criteria Selection section has four items that makes part of the conditional statement:
      • Node: Attribute of the selected Metadata Type to analyse.
      • Field: Attribute Name of the Metadata Type attribute analysing.
      • Operator: Evaluation Argument of the Criteria Rule. 
      • Value: Value of the Attribute. 
    • You can add rows to increase the number of conditional statements in the criteria rule and design your own conditional logic with the Add Filter Logic button.  

You can create Other Compliance Rule Record Type. These rules are not going to be analysed by Copado scanner.
Within the Compliance Rule page you can view the related list of compliance findings with its reference to compliance scan.  

In order to Add Rule Criteria to a compliance rule follow the steps below:

  1. From an existing Compliance Rule, click on Manage Criteria.
  2. From the Manage Compliance Rule Criteria page, select a Metadata Type.
  3. From the Criteria Selection section, complete the items to build the required conditional statements.
  4. If advanced Criteria Logic is required:
    1. Click on Add Filter Logic at the bottom of the Criteria Selection section.
    2. For each conditional statement row, a number will appear on the left. This number is a reference for the statement.
    3. Type in your personalized filter logic  using Salesforce's standard logical operators. (AND, OR, NOT) and referencing the conditional statement with its number.
  5. Save.
By default Rule Criteria is the AND logical operator between all of the conditional statements.

How did we do?