Compliance Rule

Updated 11 months ago by Iván Minaya

A Compliance Rule holds the Criteria that Copado Scanner is going to use query and  analyse your Org's metadata, it also holds the Severity of the rule, and Action to perform when a finding occurs. 

Compliance Rules are not exclusive of a Compliance Rule Group, you can assign the same Compliance Rule to different Compliance Rule Groups. 

Rule Severity types:

  • Low
  • Medium
  • High
  • Critical

Rule Action types:

  • Abort Process:
    • When finding, visual alert will be shown, a finding record will be created, the process will be immediately aborted. 
  • Continue with alert:
    • When finding, visual alert will be shown, a finding record will be created  and  process will continue. 
  • Document Only:
    • When finding, a finding record will be created, and process will continue with no alert.

Compliance Rule Criteria
The Compliance Rule Criteria section holds the the actual judgment of the  Compliance Rule that Copado Scanner will use to analyse and safeguard your Salesforce Org.

  • Metadata Type:
    • This will be the metadata type that Copado Scanner  will be querying for findings. 
    • You can only define one metadata type per rule.
  • Filter Criteria:
    • This field holds the filtering query that to Copado Scanner will use to query  the metadata in the Org.
    • This Criteria will only filter over the previously selected Metadata Type.
    • This read-only field is filled and defined by Copado when you define a Criteria with the Manage Criteria page.
  • Record Count Criteria:
    • The Filter Criteria (filtering Query) will provide  a resulting  XML file with metadata "records". The Record Count Criteria is the Criteria we will apply to inspect this resulting XML.
    • Record Count Criteria types:
      • Number of groups: Number of nodes  in the XML file.
  • Matching Criteria: 
    • Logical operator between Record Count Criteria and Record Count.
      • Matching Criteria Values:
        • Equals
        • Not Equals
        • Less Than
        • Less or Equals
        • Greater Than
        • Greater or Equal
  • Record Count: 
    • The expected number of metadata components ("records")  to assert on the XML.   

In order to Create Compliance Rule follow the next steps:

  1. Open Copado Compliance Hub.
  2. Open Compliance Rules Tab and click New.
  3. Select  Copado Record Type.
  4. Fill the Information Section:
    1. Provide a Compliance Rule Name.
    2. Select the Severity.
    3. Select the Action.
    4. Set to True the Active checkbox. 
  5. Fill Criteria Section:
    1. Select the Record Count Criteria.
    2. Select a Matching Criteria.
    3. Provide the Record Count.
    4. Fill the Error Message.
  6. Save. 

Compliance Rule needs to have a Rule Criteria witch is the collection of conditional statements and it's logic that will be considered Copado Scanner. 
From an  existing  Compliance Rule record, click "Manage Criteria" button. The Manage Compliance Rule Criteria Page will open. 
The page has the following sections:

  • Rule Information: in this section section you will provide the Metadata Type that will be scanned in search for violations.
    • Compliance Rule supported Metadata Types:
      •  Profiles
      • Certificates
      • CustomObject
      • CspTrustedSite
      • NamedCredential
      • Network
      • PermissionSet
      • SamlSsoConfig
      • Settings
  • Criteria Selection: In this section you will tailor your own Criteria Judgment for the  selected Metadata Type and optionally design your own Filter Logic. 
    • Criteria Selection section has four items that makes part of the conditional statement:
      • Node: Attribute of the selected Metadata Type to analyse.
      • Field: Attribute Name of the Metadata Type attribute analysing.
      • Operator: Evaluation Argument of the Criteria Rule. 
      • Value: Value of the Attribute. 
    • You can Add Rows to increase the number of conditional statements in the Criteria Rule and design your own the conditional logic with the "Add Filter Logic" Button.  

You can create "Other" Compliance Rule Record Type. This Rules are not going to be analysed by Copado Scanner.
Within the Compliance Rule page you can view the related list of Compliance Findings with its reference to Compliance Scan.  

In order to Add Rule Criteria to Compliance Rule follow the next steps:

  1. From an existing Compliance Rule, click "Manage Criteria".
  2. From the Manage Compliance Rule Criteria page, select a Metadata Type.
  3. From the Criteria Selection section, complete the items to build the required conditional statements.
  4. If advanced Criteria Logic is required.
    1. Click Add Filter Logic at the bottom of the Criteria Selection section.
    2. For each conditional statement row, a number will appear at the left. This number is a reference for the statement.
    3. Type your personalised Filter Logic  using Salesforce standard logical operators. (AND, OR, NOT) and referencing the conditional statement with it's number.
  5. Save.

By Default Rule Criteria is the AND logical operator between all of the conditional statements.

How did we do?