Knowing which setup changes were made when, especially in your Production organization, can prevent hours spent trying to piece together the story of what happened. This feature comes in handy, especially for companies with more than one Salesforce admin.
In this post, we’ll go through what Setup Audit Trail entails, what changes can be tracked, and why it is an out-of-the-box functionality you should definitely make use of.
Setup Audit Trail vs. Field History Tracking
Field History Tracking can be enabled on individual Salesforce Objects and allows you to track when and how up to 20 fields are changed on a record. On the other hand, while Setup Audit Trail follows a similar concept of reviewing changes, it applies to – you guessed it – setup changes. This means that this functionality tracks updates to metadata rather than just record data.
The good news is that you don’t have to enable it, but users who need access to this section need the View Setup and Configuration permission.
On the Setup page itself, you will quickly see the last twenty changes, but you can always export the last 180 days worth of setup entity records as a CSV file. Depending on what you’re looking for, you can filter on one of the columns or simply use CTRL + F to identify the particular change. You will notice a Section column, which allows you to directly drill into one of the change categories, such as Object customizations or Manage Users.
What Can Be Monitored in the Setup Audit Trail?
While the list of what can be monitored is quite extensive to know by heart, you should keep in mind that the most important updates can be found here, alongside the user who conducted them. Generally speaking, most changes range from user permissions and permanent deletions to other key settings.
Keep in mind that Setup Audit Trail provides great insights that are quickly accessible, but it should not replace a version control solution considering that some of the information is quite limited in a few areas and exact changes are not available.
Access and Permissions
Knowing who assigned which permissions to users is certainly one of the top security use cases for the Setup Audit Trail. Not only this, but making changes to Profiles, Permission Sets or Permission Set Groups will also have a significant impact on access. Luckily, field-level security is tracked individually for every field, and even more so, other permissions are as well. For example, enabling a System Permission within a Permission Set will appear as being changed from disabled to enabled.
Additionally, if the Permission Set you’re making changes to is part of a Permission Set Group, you will also notice the calculation will be started and tracked. As you would also expect, any of these being assigned or unassigned from a user will also show up.
Chances are that you are using sharing rules to open up record access to various roles or groups. These, alongside the org-wide defaults, are changes that are also available for review. You might notice that in this case, there is exact information on default access switching from one option to another, but no extra details about sharing rules – you wouldn’t be able to tell from Setup Audit Trail which specific team the sharing rule grants additional access to.
On top of the actual permissions, it’s important to know that if the Login-As functionality is used within the organization, this will be visible as well. While the User column will always be the user performing the action, there is a ‘Delegate User’ column available that will note the email address of the actual user logging in as someone else.
Setup Changes and Object Management
Aside from user management, a high number of customizations made by Salesforce Admins will revolve around particular objects, entailing items such as custom fields, Validation Rules, Page Layout or Record Page changes, as well as assignments.
Of course, field changes, creations, and deletions will all be here. Additionally, picklist value changes are going to be displayed individually for added clarity when analyzing these in particular. As seen below, a nice addition is that when new custom fields are created, the field type will appear in brackets – removing the need to navigate to Object Manager to find this information.
Page layout assignment and actual page layout changes will be noted too. However, keep in mind that for page layout changes and similarly for Lightning Record Pages, you will only see that a change happened, not what the change was.
Certain updates might also be made within the actual Setup and not necessarily the Object Manager. Lead Assignment Rules are one of those examples, as well as activating multiple currencies. In both cases, the details will be fairly limited – for Lead Assignment Rule you will only know which of them changed, and with currencies, it will be tracked if a new one is created or the rates are changed, even if the exact change is not available.
If you are using Custom Metadata Types, the changes are not only very detailed as far as fields or record changes go. But when exporting the CSV file, you can rapidly use the ‘Section’ column to filter directly by the name of the Custom Metadata record and obtain a clear view of how the records were changed in the past six months.
Development and Automations
It comes as no surprise that automations and any custom development reaching an org will also appear within the audit trail to a certain extent. For example, you will be able to see if an Apex Class has been created, changed, or deleted, but that’s about it. Once again, you will have to leverage your version control solution to see exactly what was updated in the code itself.
On the other hand, when it comes to Salesforce Flow, there is an additional level of detail available, specifically with the versions. Since each flow version is separate, you will be able to follow when each of them is created, activated, deactivated, or deleted.
Data Management
Even though the main focus is certainly around metadata updates or deletions happening within the org, some data changes are also tracked and visible within the Setup Audit Trail. Reporting snapshots, mass transfers and even using the Data Import Wizard are a few of the ones being captured.
On top of this, reviewing the Setup Audit Trail for a sandbox will have to be done in that particular sandbox; the production org’s audit trail can tell you when a sandbox was deleted.
As things may change along the way, don’t forget to take a closer look at the full list of changes that can be monitored in Setup Audit Trail.
Summary
Setup Audit Trail is perhaps one of the most helpful out-of-the-box features Salesforce offers to admins as a tool to know at all times what is going on in an org. With it, admins can closely monitor what changes users with administrative permissions are making, whether it be in a sandbox or a production org.
When was the last time the Setup Audit Trail helped you resolve the mystery behind a change? Let us know in the comments section!