For example, imagine a transaction security policy that checks for the same user logging in more than once. For each login event, the method would check if the user logging in already has a login session in progress, and if so, true is returned.
We recommend having test classes for the policy condition interface to ensure it works correctly. Testing is required regardless of whether the policy is moved from a sandbox to production, with a change set, or some other way. For example, test your policies in your development environment before moving the policies to production.
Don’t include DML statements in your custom policies because they can cause errors. When you send a custom email via Apex during transaction policy evaluation, you get an error, even if the record is not explicitly related to another record. For more information, see Apex DML Operations in the Apex Developer Guide.
The following is the method for PolicyCondition.
public Boolean evaluate(TxnSecurity.Event event)
Type: Boolean
When the policy is triggered, True is returned. For example, let’s suppose the policy is to limit users to a single login session. If anyone tries to log in a second time, the policy’s action requires that they end their current session. The policy also sends an email notification to the Salesforce admin. The evaluate() method only checks the login event, and returns True if it’s the user’s second login. The Transaction Security system performs the action and notification, and not the evaluate() method.
Available in: Salesforce Classic and Lightning Experience |
Available in: Enterprise, Unlimited, and Developer Editions Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions. |
If you didn’t specify a condition value before you generated the Apex interface for a policy, you can add the condition later. To change the condition, you can edit the Apex code to include a condition before you activate your policy. If you don’t include a condition, your policy isn’t triggered.
Don’t include DML statements in your custom policies because they can cause errors. When you send a custom email via Apex during transaction policy evaluation, you get an error, even if the record is not explicitly related to another record. For more information, see Apex DML Operations in the Apex Developer Guide.
When you delete a transaction security policy, your TxnSecurity.PolicyCondition or TxnSecurity.EventCondition implementation isn’t deleted. You can reuse your Apex code in other policies.
If you use an API callout in the Apex class that implements TxnSecurity.PolicyCondition, you must select an action when you create the Transaction Security policy in Setup. If you select None as the action, the policy can’t execute. For more information, see Invoking Callouts Using Apex in the Apex Developer Guide.