[SalesForce] files shared with a public link stored

In the org I am working on, we have a bunch of files attached to a custom object that represents a PDF report of the contents of that file. When the files are attached, we have some automation that fires to take the newly attached file and create a public link that shares it, and then puts that link into a URL field on the record so that we can share certain records with community users without exposing the whole list of files.

Recently, however, we have found there is some undersired data exposure on these pdfs and we are trying to go back and remove them from the files so that the data is no longer exposed. What I am finding now is that I am able to craft some apex to go through and grab these ContentDocuments and ContentDocument links to delete the files that are attached to the object without any issue, but even after deleting the attached files, I am finding that the public link still links to the pdf that has since been deleted from the object.

I believe that based off of this behavior, this means that Salesforce is storing that file somewhere other than on the object itself, so that regardless of whether I delete the attached version of the file or not, the public link is always going to point to an instance of the file elsewhere that I cannot find.

It easy enough to remove this URL from the record by clearing that field, but my concern is that anyone who already has the URL would still be able to access these files even though I have since attempted to delete them.

Can anyone elaborate a bit more on how exactly this public link system works? If my assumption is correct, it would be super helpful to at least know where these other instances of the file are stored so that we can clear them out. If there is a way to instead just deactivate these public links that we have created, that would also be very good to know. Any guidance would be appreciated.

Best Answer

ContentDistribution :- Represents information about sharing a document externally. This object is available in API version 32.0 and later.

If the shared document is deleted, the delete cascades to any associated ContentDistribution. The ContentDistribution is still queryable by using the QueryAll verb.

After deletion of contentdocument, you will get this error message when you try the public link:-

Supported Calls :- create(), delete(), describeSObjects(), query(), retrieve(), undelete(), update(), upsert()

Use this object to create, update, delete, or query information about a document shared externally via a link or via Salesforce CRM Content delivery.

The ContentDistribution object supports triggers before and after these operations: insert, update, delete. It supports triggers after undelete.

Make sure you have deleted the ContentDocument. Deleting contentdoumentlink will not have any effect on public link.

Reference:- ContentDistribution

Best Answer

Related Solutions

[SalesForce] Files with Content Delivery & Public Links as a CDN

[SalesForce] Generate a Public Accessible link from ContentDocument

Related Topic