Salesforce was forced to shut off access to parts of its services over the weekend after an update gave all users permission to access and modify data in their company’s systems from which they should have been restricted.
The error was caused by database script deployment which “inadvertently gave users broader data access than intended,” the company said.
The issue, which affected users of Salesforce’s B2B marketing platform Pardot, meant employees may have been able to access and tamper with their company’s files.
“It has been confirmed on multiple orgs, spanning multiple shards that Salesforce has bugged out this morning and has given MODIFY ALL (so all permissions) to literally EVERY SINGLE PROFILE in some orgs. This includes Standard profiles and Custom as well,” according to a post on Reddit.
To remedy the problem Salesforce pulled the update, bringing down service for many users.
“While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data,” the company said.
When asked by Which-50 if the data of any Australian customers was compromised and if any local customers lost access to their services over the weekend Salesforce declined to say, instead directing us to the link trust.salesforce.com which contains information and updates on the issue.
Salesforce says the access for users with a System Administrator profile has been restored to affected customer organisations and it continues to work to restore permissions for affected organisations to where they were prior to this issue.
“A subset of customers may still be experiencing issues with user permissions and our teams continue to work on this,” the company said.
Salesforce CTO and co-founder Parker Harris apologised on Friday US time, tweeting “To all of our
@salesforce customers, please be aware that we are experiencing a major issue with our service and apologize for the impact it is having on you. Please know that we have all hands on this issue and are resolving as quickly as possible.
“We have had to disable access to our service to customers affected in order to help resolve the issue. We expect to be able to restore access soon as we continue to work through this issue.”
We have had to disable access to our service to customers affected in order to help resolve the issue. We expect to be able to restore access soon as we continue to work through this issue.
— Parker Harris (@parkerharris) May 17, 2019