Sync salesforce and Box folder permissions

By July 7, 2016Latest News

box_google_white-bg1-copyRecently, we had a client who was looking to sync user permissions for records in Salesforce with the respective folder; in other words: match the permissions for a Salesforce record with the record’s corresponding related files in If a user can edit and / or view a record in Salesforce, he or she should be allowed to edit and / or view the corresponding folder and its contents in; if the user is restricted from the record in Salesforce, restrict them from the folder and its content in This is entirely possible out-of- the-box with the Salesforce integration. While this client specifically has folders respective to account records, you can also do this with leads and opportunities. The important piece is that there is one folder per record.

NOTE: It is easiest to implement this when first using (prior to creation of any folders that are to be related to Salesforce records), but this can also be done if your team is already using and has folders created. We wrote a blog article for relating a Salesforce record with an existing folder.

Step-by-step details are as follows:

  • First, you must set the object in question to Private and use Sharing Rules to open up permissions. The collaboration setting will further be defined by the permissions a user has to a record: if the user can only view the record (read only), then the user will only have read-only permissions in the corresponding folder and its contents. Important: updating collaborators in will remove the control of adding / removing permissions from Salesforce.
  •  Salesforce users will be added as a collaborator to the corresponding folder when they view a record in Salesforce, either by auto-collaboration (if enabled) or by the user manually requesting to be added as a collaborator. To remove collaborators who gained access to record folder content through the integration but no longer have access to a given record, and the admin user can use the ‘Sync Now’ button or schedule a regular cleanup. To schedule, select Schedule Updates and complete the fields required to set the update time table. Use Apex Class “BoxBatchScheduler”,  a component of the managed package.
  •  Each Salesforce user needs a corresponding user; no two Salesforce user should be connected to the same user. Also, no Salesforce user can be connected to the user used for the integration.
  • The Salesforce user that is used to setup the integration needs to have the standard System Administrator profile.
  • A root folder in should be created to house all folders related to Salesforce records. The integration user (should be a different user than any user anyone uses) should own this folder. Do not invite any other collaborators.
  • Folder structure in is important and should be consistent. Each Salesforce record, regardless of object, should have one and only one corresponding folder.

Need some assistance with salesforce and  Looking to do something custom?  Fill out the form below.  We’d love to chat!