How Amazon Q Business connector crawls Salesforce ACLs
Connectors support crawl ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security.
Amazon Q Business supports crawling ACLs for document security by default. Turning off ACLs and identity crawling are no longer supported. In preparation for connecting Amazon Q Business applications to IAM Identity Center, enable ACL indexing and identity crawling for secure querying and re-sync your connector. Once you turn ACL and identity crawling on you won't be able to turn them off.
If you want to index documents without ACLs, ensure that the documents are marked as public in your data source.
When you connect an Salesforce data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your Salesforce instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.
You can apply ACL based chat filtering using Salesforce standard objects and chatter feeds. ACL based chat filtering isn't available for Salesforce knowledge articles.
For standard objects, the _user_id and
_group_ids are used as follows:
-
_user_id– The username of the Salesforce user. -
_group_ids– The group names in Salesforce.-
Name of the Salesforce
Profile -
Name of the Salesforce
Group -
Name of the Salesforce
UserRole -
Name of the Salesforce
PermissionSet
-
For chatter feeds, the _user_id and
_group_ids are used as follows:
-
_user_id– The username of the Salesforce user. Only available if the item is posted in the user's feed. -
_group_ids– Group IDs are used as follows. Only available if the feed item is posted in a chatter or collaboration group.-
The name of the chatter or collaboration group.
-
If the group is public,
PUBLIC:ALL.
-
For more information, see:
