Salesforce B2C Commerce 24.7 > B2C Commerce Release Notes > 22.7 Release

Track Internal User Access to Sensitive Business Manager Functionality

The Commerce Cloud Security model regarding actions taken by Salesforce employees on customer realms have been enhanced to include transparent logging of all sensitive areas. When any read or write action is taken on a sensitive area, the Business Manager username of the Salesforce employee, the area, and the action is recorded in the security log available for customer use. The goal of the security control is to make the actions of Salesforce employees, via observation or through changes of realm-specific customer information, more apparent.

  • Sensitive areas are defined by Salesforce only at this time and include, but aren’t limited, to security settings, access to shopper or order data, as well as access to campaigns or coupons.
  • All access (regardless of read or write action) is logged.
  • All access to any custom module the merchant has installed in Business Manager is logged.
  • Access is recorded and stored in the Business Manager security log.
  • The Business Manager username of the Salesforce employee (email address) is logged.
  • All WebDAV accesses based on one of the functional permissions (for example, WebDAV_Transfer_Files’) are logged.
    • We don’t log access based on the WebDAV-paths (the granular permissions for the Impex folder).

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.