Compliance Rule

Updated 21 hours ago by Copado Solutions

A compliance rule holds the criteria that Copado scanner is going to use to query and analyze your org's metadata. It also holds the severity of the rule and an action to perform when a finding occurs.

Compliance rules are not exclusive of a compliance rule group, you can assign the same compliance rule to different compliance rule groups. To learn more about how to create a compliance rule, please visit the article How to Create a Compliance Rule.

Rule Severity Types

  • Low
  • Medium
  • High
  • Critical

Rule Action Types

  • Abort Process:
    • If there is a finding, a visual alert will be shown, a finding record will be created and the process will be immediately aborted. 
  • Continue with alert:
    • If there is a finding, a visual alert will be shown, a finding record will be created, and  the process will continue. 
  • Document Only:
    • If there is a finding, a finding record will be created, and the process will continue with no alert.

Compliance Rule Criteria

The Compliance Rule Criteria section holds the actual judgment of the compliance rule that Copado scanner will use to analyze and safeguard your Salesforce org.

  • Metadata Type:
    • This will be the metadata type that Copado scanner will be querying for findings. 
    • You can only define one metadata type per rule.
  • Filter Criteria:
    • This field holds the filtering query that Copado scanner will use to query the metadata in the org.
    • These criteria will only filter over the previously selected Metadata Type.
    • This read-only field is filled in and defined by Copado when you establish a criterion in the Manage Compliance Rule Criteria page.
  • Record Count Criteria:
    • The Filter Criteria (filtering Query) will provide  a resulting  XML file with metadata "records". The Record Count Criteria are the Criteria we will apply to inspect this resulting XML.
    • Record Count Criteria types:
      • Number of groups: Number of nodes  in the XML file.
  • Matching Criteria: 
    • Logical operator between Record Count Criteria and Record Count.
      • Matching Criteria values:
        • Equals
        • Not Equals
        • Less Than
        • Less or Equal
        • Greater Than
        • Greater or Equal
  • Record Count: 
    • The expected number of metadata components ("records")  to assert on the XML.

Manage Compliance Rule Criteria Page

From an existing Compliance Rule record, click on Manage Criteria. The Manage Compliance Rule Criteria page will open. 
The page has the following sections:

  • Rule Information: In this section section you will provide the metadata type that will be scanned in search of violations.
    • Compliance rule supported Metadata Types:
      •  Profiles
      • Certificates
      • CustomObject
      • CspTrustedSite
      • NamedCredential
      • Network
      • PermissionSet
      • SamlSsoConfig
      • Settings
  • Criteria Selection: In this section you will tailor your own criteria judgment for the selected metadata type and, optionally, design your own filter logic. 
    • The Criteria Selection section has four items that makes it part of the conditional statement:
      • Node: Attribute of the selected Metadata Type to analyze.
      • Field: Attribute Name of the Metadata Type attribute analyzing.
      • Operator: Evaluation Argument of the Criteria Rule. 
      • Value: Value of the Attribute. 
    • You can add rows to increase the number of conditional statements in the criteria rule and design your own conditional logic with the Add Filter Logic button.  

For more information about rule criteria and how to add rule criteria to a compliance rule, check out the article How to Add Rule Criteria to a Compliance Rule.

You can create Other Compliance Rule Record Type. These rules are not going to be analyzed by Copado scanner.
Within the Compliance Rule page you can view the related list of compliance findings with its reference to compliance scan.  


How did we do?