Sync salesforce and Box folder permissions

By July 7, 2016Blog

box_google_white-bg1-copyRecently, we had a client who was looking to sync user permissions for records in Salesforce with the respective Box.com folder; in other words: match the permissions for a Salesforce record with the record’s corresponding related files in Box.com. If a user can edit and / or view a record in Salesforce, he or she should be allowed to edit and / or view the corresponding folder and its contents in Box.com; if the user is restricted from the record in Salesforce, restrict them from the folder and its content in Box.com. This is entirely possible out-of- the-box with the Box.com Salesforce integration. While this client specifically has folders respective to account records, you can also do this with leads and opportunities. The important piece is that there is one folder per record.

NOTE: It is easiest to implement this when first using Box.com (prior to creation of any Box.com folders that are to be related to Salesforce records), but this can also be done if your team is already using Box.com and has folders created. We wrote a blog article for relating a Salesforce record with an existing Box.com folder.

Step-by-step details are as follows:

  • First, you must set the object in question to Private and use Sharing Rules to open up permissions. The Box.com collaboration setting will further be defined by the permissions a user has to a record: if the user can only view the record (read only), then the user will only have read-only permissions in Box.com the corresponding folder and its contents. Important: updating collaborators in Box.com will remove the control of adding / removing permissions from Salesforce.
  •  Salesforce users will be added as a collaborator to the corresponding Box.com folder when they view a record in Salesforce, either by auto-collaboration (if enabled) or by the user manually requesting to be added as a collaborator. To remove collaborators who gained access to record folder content through the integration but no longer have access to a given record, and the admin user can use the ‘Sync Now’ button or schedule a regular cleanup. To schedule, select Schedule Updates and complete the fields required to set the update time table. Use Apex Class “BoxBatchScheduler”,  a component of the managed package.
  •  Each Salesforce user needs a corresponding Box.com user; no two Salesforce user should be connected to the same Box.com user. Also, no Salesforce user can be connected to the user used for the integration.
  • The Salesforce user that is used to setup the Box.com integration needs to have the standard System Administrator profile.
  • A root folder in Box.com should be created to house all folders related to Salesforce records. The integration user (should be a different user than any user anyone uses) should own this folder. Do not invite any other collaborators.
  • Folder structure in Box.com is important and should be consistent. Each Salesforce record, regardless of object, should have one and only one corresponding folder.

Need some assistance with salesforce and box.com?  Looking to do something custom?  Fill out the form below.  We’d love to chat!