Forms Fledgling

ALERT!: Access to Nintex Drawloop DocGen for Salesforce Custom Settings


This document addresses a use case which may causes errors for some users when generating documents due to enabling a critical update that prevents such users from accessing Custom Settings through Salesforce APIs. 


UPDATE Feb, 19, 2020: IMPORTANT - You will want to assess whether you are using the Permission Sets that are included with the Nintex Drawloop DocGen page before upgrading. In some cases your Salesforce Admin may be using custom profiles or permission sets, in this case you will want make the changes outlined below in the Create a Custom Setting Definition section. Additionally, you have DocGen Packages configured to stored documents to Box, you will want to also box.Folder Detailsbox.Lead Setting, and box.SSO Setting to your Custom Setting Definition.


UPDATE Jan, 16, 2020: We have released Nintex Drawloop DocGen v16.1.2 with the appropriate Custom Settings Definitions added to our packages permissions sets and profiles. You can upgrade your Salesforce Org using the link below, as always, testing in a Sandbox first:


Customize Application Permission Critical Update 

  • The new Critical Update is scheduled to be rolled out and enabled in all Salesforce orgs on January 3rd, 2020 
  • The Customize Application permission is an elevated permission that allows several privileges. Understandably, this permission is granted on an “as needed” basis, typically to System Administrator, or similar users. 
  • Nintex Drawloop Docgen for Salesforce utilizes Custom Settings to store configurations related to the document generation process. These custom settings are sometimes accessed via the Salesforce REST API, and only accessed in a read-only method.  


Control Who Receives Read Access to Custom Settings 

  • The permission can be applied to a Profile or Permission set. 


View All Custom Settings permission 

  • The permission can be applied to a Profile or Permission set. 


Who is Impacted 

Nintex Drawloop DocGen customers with the following configurations may experience errors if action is not taken when enabling the Critical Update, or when the Update goes into permanent effect 

  • Storing generated documents to: 
    • Attachments back to the original record 
    • Veeva Vault 
    • CipherCloud 
  • Accessing the DocGen Queue Record details page if the user does not already have the DocGen Admin permission 



The following option has been confirmed from Salesforce to essentially put your org and your user permissions into a state exactly as it would be found prior to the Summer ’19 release, which is to say all Users have read access to Custom Settings through the APIs.  


Create a Custom Setting Definition 

For the recommendation, you can add to already exiting Profiles or Permissions granular control to the Nintex DocGen Settings Custom Setting that can cause errors when generating documents if you users do not have access.  

  1. In Salesforce Setup, navigate to Manage Users > Profiles or Permissions sets 
  2. Click the name of your desired Profile or Permission Set 
  3. Further down the page click on Custom Setting Definitions Custom_Setting_Definition.png


  4. Click the Edit button 
  5. Locate and add the Loop.Nintex DocGen option Nintex_Custom_Settings.png
  6. Click Save 
  7. Users assigned the Profile or Permission Set should no longer experience errors when running DocGen Packages. 

Customers using the Nintex LOOP Storage application will also want to add the LStore.Storage Settings setting to application Profiles and Permission Sets.  


Enable the View All Custom Settings permission 

One option is to add the View All Custom Settings permission to all necessary Profiles or Permission Sets to allow users access to the needed Custom Settings.  


Additional Information 

Potential Product Fix

Nintex is also currently investigating the possibility of including a Custom Setting Definition for the Loop.NintexDocGen option in the DocGen Admin and DocGen User permission sets the come bundled with Nintex Drawloop DocGen. We recommend that you subscribe/follow this for further updates regarding the status of a new package version. 


Nintex has decided to not include the “View All Custom Settings” permission with the bundled DocGen Admin or DocGen User permissions because the permission allows access to all custom settings, not just those specifically for an Application’s namespace, which could lead to unintended security concerns.   


Nintex has also learned from Salesforce that additional options for access to Custom Settings may be made available in upcoming releases, however details are not yet known. Until details are provided by Salesforce, the above options are our recommendations to prevent disruptions in service when the Critical Update goes into effect on January 3rd, 2020.  As always, thoroughly test in a Sandbox first, and please reach out to us through the Nintex Customer Central portal if you require any assistance or have questions. 



A simple use case to test whether your implementation of our recommendations are applied can be found below: 

  1. Create or run a document package that has “Store as” option, set to store the documents as an Attachment 
    • With the Critical Update OFF -> no errors should appear 
    • With the Critical Update ON -> errors with messaging of “Missing access to LoopSettings__c” will be displayed. 
  2. Enable the Critical Update 
  3. Add the Custom Setting Definition to desired Profile/Perm Set 
  4. Re-run document package -> no errors 
0 Kudos