Salesforce

Network Policies: Dangling References for Policies with Replication & Failover/Failback

Printable View
« Go Back

Information

 
Summary
Last Modified DateJanuary 21, 2023
Article Body

This behavior change is in the 2022_08 bundle. In the 6.35 release, the bundle is disabled by default.

For the most up-to-date details about the version and date in which it will be enabled, as well as other release-related details, see the Behavior Change Log.

The behavior of replication and network policies along with failover/failback and network policies has changed as follows:

Previously:

With network policies and their references (i.e. assignments to the primary account and users in the primary account):

  • Specify USERS and NETWORK POLICIES in the replication/failover group when there are user-level network policies.
  • Specify NETWORK POLICIES in the replication/failover group when there are only account-level network policies.
  • Replication and failover/failback occurred even if the result was a dangling reference in the target account. 

A dangling reference means that an object in the secondary account references an object that does not exist in the same account. For example:

  • A user/username in the secondary account references a network policy that is not in the secondary account. This scenario occurs when a network policy is assigned to a user in the primary account and the replication/failover group specifies USERS but not NETWORK POLICIES.
  • A network policy is attached to the primary account and the replication/failover group does not include NETWORK POLICIES.

Currently:

The current behavior has changed as follows:

  • Specify ACCOUNT PARAMETERS, USERS, and NETWORK POLICIES in the replication/failover group when there are user-level network policies.
  • Specify ACCOUNT PARAMETERS and NETWORK POLICIES in the replication/failover group when there are only account-level network policies.
  • Replication and failover/failback fail in the secondary account if the result is a dangling reference.

For example, if the primary account has an an account-level network policy set and a user-level network policy set on a user and dangling references would be created in the target account for both the account-level parameter and the user:

Dangling references in the snapshot. Correct the errors before refreshing again. The following references are missing (referred entity <- [referring entities]): 

ACCOUNT PARAMETERS <- [NETWORK POLICIES]. Add ACCOUNT PARAMETER into the replication group to fix it.  

NETWORK_POLICY 'MYACCOUNT.P2' <- [USER 'MYACCOUNT.USERNAME']

 

Otherwise, the error message specifies either the account parameter statement or the user statement depending on how the replication group is configured and what the result would be in the target account.

 

 

Ref: 859

TitleNetwork Policies: Dangling References for Policies with Replication & Failover/Failback
URL Namedangling-reference-network-policy-replication-failover-failback
Category 
Sub Category 
Article Record TypeRelease Notes
Powered by