Monday, December 11, 2017

SOSL - platform encryption

Salesforce platform encryption encrypts the data at rest, hence we can not run SOQL against it. SOSL is good work around but have its own limitation. (side note: SOSL also has limitation of 2000 rows returned)

Enable Platform Encryption
Encrypt Fields
Create Acount
SOQL
SOSL


Enable Platform Encryption 

a) create permission set




b) assign system permission for this permission set




c) Assign permission set to current user





Encrypt Fields

Fields to encrypt (Setup -> Platform Encryption)



Create Account

Created account with name : My Account



SOQL

If we run SOQL against account, now it would return error.

 select id, name, description from Account where name like '%My%'  

 [object Object]: description from Account where name like '%My%' ^ ERROR at Row:1:Column:49 encrypted field 'Account.name' cannot be filtered in a query call  



SOSL

If we run below SOSL, we can access our account:

 FIND {My} IN ALL FIELDS RETURNING Account(Name, Description, AnnualRevenue)  
 FIND {M*} IN ALL FIELDS RETURNING Account(Name, Description, AnnualRevenue)  






However issues comes when we want to narrow down the result. If we apply the where clause to the SOSL, it breaks. I believe it is because behind the scene SOSL still runs as SOQL.

 FIND {M*} IN ALL FIELDS RETURNING Account(Name, Description, AnnualRevenue WHERE Name LIKE 'M%')  

Error Message

 Description, AnnualRevenue WHERE Name LIKE 'M%')  
                                                                         ^  
 ERROR at Row:1:Column:82  
 encrypted field 'Account.Name' cannot be filtered in a query call     


So, we need to be careful when we write SOSL or SOQL where clause (especially in managed package) given that fields could be encrypted.