Sloppy script sees Salesforce services shut-out

Salesforce closed access to many parts of its services as it scrambled to contain the fallout of a rogue database script that went off the rails and opened up data access to all users within customers' organisations over the weekend.

The customer relationship management giant has acknowledged the issue and was forced to block access to all instances that contained affected customer orgs while it worked out which of them had had their profiles modified.

Saleforce chief technology officer and co-founder Parker Harris apologised for the customer lock out and promised quick restoration of the problem.

We have had to disable access to our service to customers affected in order to help resolve the issue. We expect to be able to restore access soon as we continue to work through this issue.

— Parker Harris (@parkerharris) May 17, 2019

On Reddit, Salesforce admins urged others to check permission sets and profiles on all of their orgs, after the script gave modify all rights to every single user.

Customers also took to social media to vent their spleen at being locked out of Salesforce.

If you ever want to know how fragile a business can be when it relies on one system like @salesforce to conduct internal and external workflows. Let that ENTIRE system go down and things get dicey...QUICK! Especially a sales org. #Salesforce #SalesforceDown #Fail pic.twitter.com/e24h5ao2ml

— John Powell (@PowellJohnT) May 17, 2019

Salesforce said only customers that use or had used the Pardot B2B marketing automation tool were affected.

By Sunday Australian time, Salesforce said it had restored access for users with a System Administrator profile for orgs affected by the database script.

It had also restored full access to other customers that hadn't had their permissions modified. Systems administrators still unable to log into their orgs should contact Salesforce for help.

Orgs can restore production profiles and permissions from a sandbox copy but admins need to check that the backup data is valid.

If non-admin profiles have their Standard Object Permissions set to the full Read, Create, Edit and Delete ones, then the sandbox org was modified by the script and isn't a valid recovery source, Salesforce said.

The alternative in that case is for admins to manually modify profile and permission set configurations to allow appropriate access for their users.