PolicyCondition Interface

Apex interface that allows an implementing class to specify actions to take when certain events occur based on a transaction security policy.

Namespace

Warning

Warning

Legacy Transaction Security is scheduled for retirement in all Salesforce orgs as of Summer ’20. For more information, see Legacy Transaction Security Retirement. To create transaction security policies using the new framework, refer to the Enhanced Transaction Security documentation. To migrate legacy policies to the new framework, refer to the migration documentation.

TxnSecurity

Usage

Tip

Tip

For more functionality and support of Enhanced Transaction Security, use the EventCondition interface instead of the PolicyCondition interface.

The evaluate method is called upon the occurrence of an event monitored by a transaction security policy. A typical implementation first selects the item of interest from the event. Then the item is tested to see if it meets the condition being monitored. If the condition is met, the method returns true.

For example, imagine a transaction security policy that checks for the same user logging in more than once. For each login event, the method would check if the user logging in already has a login session in progress, and if so, true is returned.

We recommend having test classes for the policy condition interface to ensure it works correctly. Testing is required regardless of whether the policy is moved from a sandbox to production, with a change set, or some other way. For example, test your policies in your development environment before moving the policies to production.

Don’t include DML statements in your custom policies because they can cause errors. When you send a custom email via Apex during transaction policy evaluation, you get an error, even if the record is not explicitly related to another record. For more information, see Apex DML Operations in the Apex Developer Guide.

PolicyCondition Methods

The following is the method for PolicyCondition.

evaluate(event)

Evaluates an event against a transaction security policy. If the event triggers the policy, true is returned.

Signature

public Boolean evaluate(TxnSecurity.Event event)

Parameters

event
Type: TxnSecurity.Event
The event to check against the transaction security policy.

Return Value

Type: Boolean

When the policy is triggered, True is returned. For example, let’s suppose the policy is to limit users to a single login session. If anyone tries to log in a second time, the policy’s action requires that they end their current session. The policy also sends an email notification to the Salesforce admin. The evaluate() method only checks the login event, and returns True if it’s the user’s second login. The Transaction Security system performs the action and notification, and not the evaluate() method.

Apex Policies for Legacy Transaction Security

Every Transaction Security policy must implement the Apex TxnSecurity.PolicyCondition or TxnSecurity.EventCondition interface.
Available in: Salesforce Classic and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.


Warning

Warning

Legacy Transaction Security is scheduled for retirement in all Salesforce orgs as of Summer ’20. For more information, see Legacy Transaction Security Retirement. You can no longer create, edit , or enable transaction security policies using the legacy framework and will receive an error message if you try to do so. To create transaction security policies using the new framework, refer to the Enhanced Transaction Security documentation. To migrate legacy policies to the new framework, refer to the migration documentation.

If you didn’t specify a condition value before you generated the Apex interface for a policy, you can add the condition later. To change the condition, you can edit the Apex code to include a condition before you activate your policy. If you don’t include a condition, your policy isn’t triggered.

Don’t include DML statements in your custom policies because they can cause errors. When you send a custom email via Apex during transaction policy evaluation, you get an error, even if the record is not explicitly related to another record. For more information, see Apex DML Operations in the Apex Developer Guide.

When you delete a transaction security policy, your TxnSecurity.PolicyCondition or TxnSecurity.EventCondition implementation isn’t deleted. You can reuse your Apex code in other policies.

If you use an API callout in the Apex class that implements TxnSecurity.PolicyCondition, you must select an action when you create the Transaction Security policy in Setup. If you select None as the action, the policy can’t execute. For more information, see Invoking Callouts Using Apex in the Apex Developer Guide.