This document addresses a use case which may causes errors for some users when generating documents due to enabling a critical update that prevents such users from accessing Custom Settings through Salesforce APIs.
UPDATE Feb, 19, 2020: IMPORTANT - You will want to assess whether you are using the Permission Sets that are included with the Nintex Drawloop DocGen page before upgrading. In some cases your Salesforce Admin may be using custom profiles or permission sets, in this case you will want make the changes outlined below in the Create a Custom Setting Definition section. Additionally, you have DocGen Packages configured to stored documents to Box, you will want to also box.Folder Details, box.Lead Setting, and box.SSO Setting to your Custom Setting Definition.
UPDATE Jan, 16, 2020: We have released Nintex Drawloop DocGen v16.1.2 with the appropriate Custom Settings Definitions added to our packages permissions sets and profiles. You can upgrade your Salesforce Org using the link below, as always, testing in a Sandbox first:
Customize Application Permission Critical Update
Control Who Receives Read Access to Custom Settings
View All Custom Settings permission
Who is Impacted
Nintex Drawloop DocGen customers with the following configurations may experience errors if action is not taken when enabling the Critical Update, or when the Update goes into permanent effect
The following option has been confirmed from Salesforce to essentially put your org and your user permissions into a state exactly as it would be found prior to the Summer ’19 release, which is to say all Users have read access to Custom Settings through the APIs.
Create a Custom Setting Definition
For the recommendation, you can add to already exiting Profiles or Permissions granular control to the Nintex DocGen Settings Custom Setting that can cause errors when generating documents if you users do not have access.
Customers using the Nintex LOOP Storage application will also want to add the LStore.Storage Settings setting to application Profiles and Permission Sets.
Enable the View All Custom Settings permission
One option is to add the View All Custom Settings permission to all necessary Profiles or Permission Sets to allow users access to the needed Custom Settings.
Potential Product Fix
Nintex is also currently investigating the possibility of including a Custom Setting Definition for the Loop.NintexDocGen option in the “DocGen Admin” and “DocGen User” permission sets the come bundled with Nintex Drawloop DocGen. We recommend that you subscribe/follow this for further updates regarding the status of a new package version.
Nintex has decided to not include the “View All Custom Settings” permission with the bundled DocGen Admin or DocGen User permissions because the permission allows access to all custom settings, not just those specifically for an Application’s namespace, which could lead to unintended security concerns.
Nintex has also learned from Salesforce that additional options for access to Custom Settings may be made available in upcoming releases, however details are not yet known. Until details are provided by Salesforce, the above options are our recommendations to prevent disruptions in service when the Critical Update goes into effect on January 3rd, 2020. As always, thoroughly test in a Sandbox first, and please reach out to us through the Nintex Customer Central portal if you require any assistance or have questions.
A simple use case to test whether your implementation of our recommendations are applied can be found below: