-
-
Notifications
You must be signed in to change notification settings - Fork 162
Assigning Permission Sets
Nebula Logger includes 4 permission sets - these are intended to cover the most common scenarios of granting users partial or full access to the logging system & its related objects.
This permission set provides explicit access to Nebula Logger's top-level Apex classes & metadata that are used to generate logging data through Apex, Lightning Components, Flow, and Process Builder, including:
- The
LoggerApex class, used when logging in Apex - The
@InvocableMethodclassesFlowCollectionLogEntry,FlowLogEntry, andFlowRecordLogEntry, used when logging in Flow - The
@AuraEnabledclassComponentLogger, used when logging in lightning web components (LWCs) and Aura components
In most cases, this permission set is not needed. Nebula Logger is designed to run in system mode to ensure that logging occurs regardless of the current user's permissions. However, in some situations, the Salesforce platform requires that this permission set be used for logging to work (or some other permission set/profile that grants explicit access). This includes:
-
Experience Cloud (Community Cloud): Salesforce requires Experience Cloud users to have explicit access to Apex classes, including guest users/profiles:
- In the Manage Users and Data Access docs page "Best Practices and Considerations When Configuring the Guest User Profile", it says "add guest user profile access to any
@AuraEnabledApex class used by an Experience Cloud site. - In the LWC developers docs page "Secure Apex Classes", it says "an authenticated or guest user can access an
@AuraEnabledApex method only when the user’s profile or an assigned permission set allows access to the Apex class." - In the Aura developers docs page "Granting User Access for Apex Classes", it also says "an authenticated or guest user can access an
@AuraEnabledApex method only when the user's profile or an assigned permission set allows access to the Apex class."
- In the Manage Users and Data Access docs page "Best Practices and Considerations When Configuring the Guest User Profile", it says "add guest user profile access to any
-
Platform Releases & Changes: Salesforce has previously required explicit Apex class access for internal user (non-Experience Cloud users). At the moment (2024-07), those changes have been reverted by Salesforce (see below), but just in case similar changes are ever re-introduced to the platform, the
LoggerLogCreatorpermission set can be assigned to grant the appropriate access.- Require User Access to Apex Classes Invoked by Flow (Release Update, Retired) - at one point, this release update required users to have explicit access to any invocable Apex class used by Flow
- Disable Rules for Enforcing Explicit Access to Apex Classes (Release Update) - this release update was made to effectively rollback the previous release update
This permission provides limited access to Nebula Logger's data, including:
- The same permissions as
LoggerLogCreator - Read-only access (but not view-all access) to any logging records that have been shared with the user
- By default, users with this permission set would only see their own records + any records that have been manually shared with them
- Some fields within Nebula Logger's custom objects have intentionally been excluded from this permission set
- This does not provide access to Nebula Logger's console app, but does include access to the custom objects' tabs
This permission set provides read-only access to Nebula Logger's data & custom features, including:
- View-all access (read-only) to all objects, fields, and records within Nebula Logger's data model.
- Read-only access to several custom tabs included within Nebula Logger's console app, which each display a custom LWC
- This does not provide explicit access to generate logging data. But since Nebula Logger runs in system mode, in most cases, users with this permission set can still generate logging data.
This permission set provides full control of Nebula Logger's data & custom features, including:
- The same permissions as
LoggerLogCreator - The same view-all permissions as
LoggerLogViewer - Modify-all access to all objects, fields, and records within Nebula Logger's data model
- Edit access to several custom tabs included within Nebula Logger's console app, which each display a custom LWC
- Assigning Permission Sets to Users
- Configuring Global Feature Flags
- Configuring Profile & User-Specific Settings
- Configuring Data Mask Rules
Manual Instrumentation
- Logging in Apex
- Logging in Flow & Process Builder
- Logging in Lightning Web Components & Aura Components
- Logging in OmniStudio
- Logging in OpenTelemetry (OTEL) REST API
ISVs & Package Dependencies
- Overview
- Optionally Use Nebula Logger (When Available) with
CallableInterface - Require Nebula Logger with Strongly-Coupled Package Dependency
Troubleshooting
Pub/Sub with Platform Events
Persisted Data with Custom Objects
- Logger Console app
- Assigning & Managing Logs
- Using 'View Related Log Entries' Component on Record Pages
- Deleting Old Logs
Official Plugins