Enforce 'DeleteSandbox' Permission Set requirement for Sandbox Deletion #3471
laissaouibrahim
started this conversation in
Ideas
Replies: 1 comment
-
|
Please find here a PR to implement this requirement : salesforcecli/plugin-org#1565 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
As requested in IdeaExchange: Add system permission requirement for sf org delete sandbox command, we need to add a security layer to prevent accidental or unauthorized sandbox deletions via the CLI.
Problem
Currently, any user who has authenticated to a sandbox via the CLI can run sf org delete sandbox and delete it. There is no granular permission check within the Salesforce org to restrict this destructive action.
Proposed Solution
Modify the org delete sandbox command to enforce a permission check against the target sandbox before proceeding with deletion.
Acceptance Criteria
Permission Check : The command must verify if the authenticated user has the 'DeleteSandbox' Permission Set assigned in the target org.
Blocking: If the user does not have this Permission Set, the command must fail with an insufficientPermissions error and NOT delete the sandbox.
Implementation Details
Implement a hasPermission() method in the command class.
Query the PermissionSetAssignment object to check for the assignment of a Permission Set named 'DeleteSandbox' for the current user.
Beta Was this translation helpful? Give feedback.
All reactions