Recover User Guide

September 5, 2021 Copyright © 2021 OwnBackup Inc.

Proprietary & Confidential Table of Contents Introduction ...... 4 Logging in to OwnBackup ...... 5 Adding Backup Services ...... 6 Adding and Managing a High Frequency Backup in Salesforce ...... 8 Setting up a High-Frequency Backup Service ...... 8 Best Practices for Effective High-Frequency Backups ...... 9 Backup Types ...... 10 Automatic Backups ...... 10 Full Backup ...... 10 Synthetic Full Backup ...... 10 Manual Backup ...... 10 Dashboard ...... 12 Options ...... 14 Configuring Automatic Backups ...... 15 Data Classification ...... 15 Retention ...... 16 Edit Retention Policy ...... 17 API Consumption ...... 18 Limit ...... 18 Bulk API Batches ...... 19 Knowledge Articles ...... 20 Excluded Items ...... 21 Backup History ...... 22 Filtering ...... 22 Export to CSV ...... 23 Backup Summary ...... 24 Downloading a Backup ...... 24 Exporting a Backup ...... 26 Create a new My-SQL Endpoint in OwnBackup ...... 28 Export to Amazon S3 ...... 30 Create a new S3 Endpoint in OwnBackup ...... 30 Export a Full Backup to your S3 Bucket ...... 32 Objects Excluded from Export to SQL and Amazon S3 ...... 35 Exporting Your Metadata ...... 37 Scheduled Exports ...... 38 Creating a New Scheduled Export ...... 38 Scheduled Exports List ...... 41 Edit a Scheduled Export ...... 41 Delete a Schedule Export ...... 42 Compare ...... 44 Smart Alerts ...... 45 My Notifications ...... 46 GDPR Subject Requests ...... 47 Permissions Reports ...... 48 Field Level Security ...... 50 Re-authenticate Service ...... 52 Comparing Data & Metadata ...... 53 Identifying Abnormal Behavior ...... 53 Comparing Data ...... 53 Comparing Metadata ...... 55 Finding Records & Attachments ...... 58 Data Restore ...... 60 Recovering Deleted Records and Their Children ...... 60

2 Recovering from a Field-Level Corruption ...... 63 Retry Restore Job ...... 66 Metadata Restore ...... 67 Recovering Deleted/Modified Metadata Records ...... 67 Settings ...... 70 Account Settings ...... 70 Users ...... 70 Business Units ...... 71 IP Restrictions ...... 73 Security ...... 73 Advanced Key Management ...... 75 Endpoints ...... 75 Auditing ...... 75 Overview ...... 75 My Notifications ...... 76 Edit Profile ...... 77 Help & Support ...... 79 Customer Portal ...... 79 Submit a Case ...... 79 System Status ...... 79 Limitations ...... 81 Additional Resources ...... 82

3 Introduction

This guide outlines the key activities required to administer the OwnBackup for Salesforce Backup and Recovery platform. These include the initial setup and configuration, the OwnBackup functionality tools for running backups, visualizing data, comparing data and metadata backups, finding records and attachments and exporting backups. The restore tools for recovering data and metadata, as well as restoring from production to sandbox environments.

Introduction 4 Logging in to OwnBackup

1. Log in to your OwnBackup account using the following link: https://app1.ownbackup.com/log_in 2. Select the region you require.

3. Enter your Email and Password. 4. Click Log In.

Logging in to OwnBackup 5 Adding Backup Services

NOTE Ensure you are logged out of your cloud service provider.

When you log in to your OwnBackup account for the first time, you will be prompted to add a backup service.

1. Click the Salesforce icon.

2. Select the Service Type: Production Data / Metadata / Sandbox Data / Metadata:

3. Click Add Service. You are prompted to authenticate with the cloud service provider, authorizing OwnBackup to access your org using oAuth.

Adding Backup Services 6 Once authenticated, the daily backups run automatically, you will be notified by email after the first backup completes successfully.

NOTE You must authenticate an admin user that has the “Modify All Data” permission and at least Read Access to all Standard & Custom fields to ensure the backups complete properly.

Adding Backup Services 7 Adding and Managing a High Frequency Backup in Salesforce

A High-Frequency Backup (HFB) Service is an add-on feature that aims to solve specific use cases for backing up your highly transactional, frequently-changing data as often as up to every hour.

OwnBackup HFB protects specific, highly transactional objects, such as financial transactional data, customer support cases, or eCommerce data, which are often created or updated multiple times a day.

Setting up a High-Frequency Backup Service 1. Ensure the feature is enabled in your plan. a. In OwnBackup, click on your user name. b. Select Account Settings from the drop-down list. c. Select the Overview tab. d. Review the Plan Features section. 2. Navigate to the 'Backup' tab. 3. Click the Add a new service icon .

4. Click the Salesforce icon. 5. Select the Data or Sandbox Data Service Type. 6. Check the Selected Objects checkbox. 7. Enter up to five objects, separated by spaces, exactly according to their Salesforce API name, keep in mind case-sensitivity matters! e.g Account Contact CustomObject__c 8. Select the frequency of the backup which matches the contract purchased from OwnBackup

Adding and Managing a High Frequency Backup in Salesforce 8 9. Select the Business Unit to allocate the service to. 10. Click Add Service. You are prompted to authenticate with Salesforce, authorizing OwnBackup to access your org using oAuth.Once authenticated, the daily backups run automatically, you will be notified by email after the first backup completes successfully.

Best Practices for Effective High-Frequency Backups • Consider High-Frequency Backups for highly transactional objects in order to provide a restore point in the case of data corruption. • Map out the schema and include important related objects that may be required for an effective restore. For example, if backing up the Account object, consider if Contact or Cases should be included as well in the same frequency to preserve the relationship. Unlike the regular service backups, if an object that has related objects isn't included within the 5 object limit, the backup will omit the related objects and can not be used to restore from a data loss. • Review the Permission Report which reviews the Field Level Security for the object(s) on a regular basis or at least after every new deployment to your org for changes. • It is strongly recommended to use a separate authenticated user for each HFB in order to limit query request concurrency from Salesforce and collisions with the full object (regular) service backup. • Backup SLA - A HFB will attempt to initiate a backup at the dictated interval, as long as the backup run time is below the interval. If the backup time is above due to the object's size, the next backup will commence after the current backup finishes regardless of the settings.

Adding and Managing a High Frequency Backup in Salesforce 9 Backup Types

OwnBackup provides clients with automatic daily backups of all Data and Metadata services, including attachments, content documents, and Knowledge Base articles.

Automatic Backups OwnBackup performs a full weekly backup followed by synthetic backups until the next full backup date, on a specified day and time of your choosing. You can rename the backup service as well as schedule the start time of the backup through the Options page.

• OwnBackup recommends choosing a start time at the least busy period of the day/week. For example, Sunday 2:00 AM • Ensure your time zone is configured correctly: 1. At the top of the page, click the down arrow next to your username. 2. Click Edit Profile. 3. Edit your Time Zone.

Full Backup A Full Backup is taken by copying the full set of sObject data, this takes longer than the synthetic full backup and is done periodically to maintain a very high level of data integrity.

Synthetic Full Backup An incremental backup is taken and merged with a previous full or synthetic full backup to create an updated full backup, thereby reducing runtime and API consumption, while giving all the benefits of a full backup.

Manual Backup A manual, on-demand backup is a synthetic full backup triggered via a manual action.

There are three types of On-Demand backups:

Backup Types 10 • Back Up Now: Runs a manual backup on command. • Back Up Now with Label: Adds the option to name the manual backup upon creation.

• Back Up Now Specific Objects: Allows for Specific Object to backup without Hierarchy. This type of backup should NOT be used as a restore point.

Backup Types 11 Dashboard

When selecting a backup service from the OwnBackup multi-org dashboard, the dashboard for that service appears.

Dashboard 12 • Click Show This Backup to show details of the last backup. • Recent Backups: Select one of the to view details of that backup. • Statistics: • Select any object from the top left drop-down menu.

• Select a custom range using the Date picker menu, or select a default timeframe.

• Click the Added, Changed, Removed, or Total metrics below the chart to filter which data sets to display.

• Click and drag your mouse over the mini graph below the main graph to zoom into a specific timeframe in the timeline.

Dashboard 13 Options

In the main Options menu, you can control the following parameters for a specific backup service:

• Name and Subtitle: Change the Name and Subtitle from the default names given when creating the backup service. • Change User: Click Change User to change the Authenticated User. If you click change user, it takes you back to your cloud service provider login where you can select to switch users. • Time and day for automatic backups. • Data Classification. • Retention. • API Consumption. • Knowledge Articles. • Excluded Items. • Analyze Profile Permissions, see Analyzing Profile Permissions [50].

NOTE Remember to click Save Changes or any changes made will not be saved.

Options 14 Configuring Automatic Backups

In the Options menu, you can set the time and day you want the backup to run.

1. Select the time you want the backup to begin. 2. From the drop-down menu, select the day you want the Full backup to run. Alternatively, select "Auto".

Data Classification You can select whether the service contains production data.

Configuring Automatic Backups 15 Retention

A data retention policy is an established protocol for retaining information for operational or regulatory compliance needs.

OwnBackup retention policies vary depending on your pricing plan. Retention policies can be set to meet any internal requirements set by your organization for keeping data backed up.

Your backups are stored on encrypted volumes for a default number of years. Admins can edit backup retention periods as well as their frequency. The Retention feature specifies how long OwnBackup retains a copy of the backup for your use. For example, for a retention policy set to six months, once a backup is six months old, OwnBackup automatically purges it to ensure you remain compliant with internal data policies.

Once a month OwnBackup checks which attachment files are related to backups. Files that are not related to ANY backup are purged.

Retention 16 Configure daily, weekly, monthly, and yearly frequencies, specifying how often OwnBackup checks and acts on the retention period policy. The frequency can be driven via a matrix to achieve specific business use case policy configurations.

Edit Retention Policy You can edit backup retention periods as well as their frequency.

1. Click Edit Retention Policy. 2. Select whether to Always keep last 15 backups. 3. Select the Retention period from the drop-down list. 4. Click Apply Policy.

Retention 17 API Consumption

In the Options menu, you can set the API Consumption limit and elect whether to use bulk API batches.

OwnBackup allows admins to set limits for API consumption for files and attachment download via the REST API as well as optimize the service run time via Bulk APIs.

Admins should first verify API usage in their Salesforce environment. In Salesforce in the Setup menu, navigate to the System Overview, Company Information, Storage Usage, and Bulk Data Load pages.

These pages will help you understand the number of APIs your organization uses, your daily limits, as well as your total number of files and attachments. These numbers are used to decide on your API limit strategy with OwnBackup.

Salesforce governs the total number of Bulk and REST API's used per rolling 24-hour period. Typically, there are other apps that utilize some of that API bank along with OwnBackup.

Limit The API Consumption limits the number of file / attachments that can be downloaded per day for various sObjects. Controlling the Rate of File & Attachments Download

OwnBackup intelligently separates the download of data objects from the file/attachment objects during a given backup. Since files & attachments only need to be downloaded once (unless changed), the backup service checks for the difference between files and new/changed files in your environment. This includes items such as Attachments, Content Notes, Content Versions, Documents, etc.

The default API consumption for downloading the file/attachment objects is 5,000 API calls, which can be increased up to 300,000 (note: each file consumes 1 REST API call). This means that with a 300,000 limit, every backup will attempt to use up to 300,000 API calls to download 300,000 potential records. This will continue for each backup until it finishes downloading all of the file/ attachment objects.

Example: If an org contains ~800,000 files to download and the API limit is 300,000 - it will take approximately three backups for all the files to download. Warnings for file download limits will display until all of the file/attachment objects are fully downloaded.

API Consumption 18 Bulk API Batches This option allows you to enable and optimize the number of API calls made when loading large data sets, up to the permitted Bulk API limits by Salesforce. Leveraging Bulk API can increase backup, therefore reducing the backup run times.

Using Bulk API Batches is automatically checked by default for every new Backup service created.

OwnBackup recommends using the default limit of 1,000 bulk batches and increase, only as needed, by 200 batch size increments.

You may review the Bulk API Batches usage in your Backup History tab within the Service.

If you have previously optimized your services with OwnBackup: Checking this feature will override the previous settings with new dynamic settings. Unchecking the feature restores the customized optimizations that were made. If you are unsure on how to best set these options, contact OwnBackup Support.

NOTE If you already have a customized bulk API function, selecting this option will override your current customization. Deselect the option to return to previous manual customizations.

API Consumption 19 Knowledge Articles

In the Options menu, you can select to backup Knowledge Articles.

For OwnBackup to backup your Knowledge Articles, you must have them enabled in Salesforce. This will backup KnowledgeArticleVersions and their associated *__sObjects. We currently backup US English language as default. If you need additional languages, contact OwnBackup support.

NOTE Ensure the authenticated user has permissions to "Knowledge Articles". See the Knowledge Base article for more details.

Knowledge Articles 20 Excluded Items

In the Options menu, you can select Items to be excluded from your daily backups.

The following items can be excluded:

• History tables: Excludes your *History sObjects from the daily backups. For example, CaseHistory, LeadHistory, LoginHistory, etc. • Feed tables: Excludes your *Feeds sObjects from the daily backups. For example, NewsFeeds, AccountFeeds, CaseFeeds, etc. • Share tables: Excludes your *Share sObjects from the daily backups. For Example, AccountShare, ContactShare, CaseShare, etc. • Tables unsupported by Salesforce: Some sObjects are excluded from the backup as they are not fully supported by the Salesforce API. See OwnBackup's Knowledge Base article for details. • Excluded field types: Two field types are excluded from the all backups: • Calculated fields (also known as formula fields): Read-only fields in the API. These are fields defined by a formula, which is an algorithm that derives its value from other fields, expressions, or values. You can filter on these fields in SOQL, but you should not replicate these fields. • Geolocation custom fields: These field types are not fully supported by the SFDC APIs. • Custom Big Objects: Excludes customer big objects from the backups. For example, CustomObject_b, or more generally *_b. Including these objects only backs them up during full backups.

NOTE Compare, Find, and GDPR are not supported for big objects. To enable this feature, contact OwnBackup Support.

Excluded Items 21 Backup History

In the Backup History menu, you can view a list of the backups performed.

The table contains the following information:

• Date and time. • The labels given to the backup by the user or system. • The duration. • Number of items backed up. • Size of the backup. • Number of API Calls. • Number of Bulk API Batches. • The type of backup: • Synthetic Full Backup : An incremental backup taken and merged with previous full or synthetic full backup to create an updated full backup. This backup reduces run time and API consumption, whilst giving all the benefits of a full backup. • Full Backup : A full backup taken by copying the full set of sObject data. This backup takes longer than the synthetic full back up, and is done periodically to maintain a high level of data integrity.

Filtering You can filter the backups with the following options:

Backup History 22 Export to CSV You can download all backups in CSV file format.

1. On the left-hand menu, click "Backup History". The Backups list opens.

2. At the top of the list, click Export to CSV. The Backups.csv file containing a list of backups downloads.

Backup History 23 Backup Summary

In the Backup History list, select the Backup you wish to view. The backup summary opens.

The summary table contains the following information:

• Object type. • Number of records. • If any records in the backup have been removed, changed or added. • Size of the backup. • Number of API Calls. • Number of Bulk API Batches. • The option to search for the objects . As you type, the options automatically filter. • You can select whether or not to Show empty sObjects . sObjects listed in the BackUp table with a "-" entry for Removed, Changed or Added is because those sObjects are not replicateable. sObjects listed with no entry in those column simply mean there are no changes.

To find out more about non replicateable objects in Salesforce click here.

Downloading a Backup 1. Above the table, click Download. The Download CSV window opens.

Backup Summary 24 2. Select whether to download All or Specific objects . 3. If you selected Specific objects tables, select the objects you wish to download. 4. Select whether to include attachments. 5. Click Run. The Backup Export job begins and opens in the Jobs tab.

6. Once the job completes, click the "Click here to download", to download the CSV.

Backup Summary 25 Exporting a Backup 1. In the Backup you wish to export, click Export. The Export Backup window opens.

2. Select the format to export.

Backup Summary 26 Export your data backup into a SQL database, via a generated SQL script for download. This script can then be inserted into your database, upon which all of your data and relationships will be inserted. OwnBackup supports this feature with MySQL, Oracle, PostgreSQL, and MS- SQL databases. If you have a My-SQL database, you can setup an endpoint, and then directly push your data from within OwnBackup to the database. This feature is currently only available for My-SQL. 3. Select the Endpoint. 4. Select whether to export All or Specific objects. 5. If you selected Specific objects, select the objects you wish to export. 6. Select whether to include attachments. 7. Click Export.

Backup Summary 27 Create a new My-SQL Endpoint in OwnBackup

1. In OwnBackup, click on your user name. 2. Select Account Settings from the drop-down list.

3. Select the Endpoints tab.

4. Select the MySQL Endpoints tab.

5. Click Add a new MySQL endpoint. The Add a new S3 endpoint window opens.

Create a new My-SQL Endpoint in OwnBackup 28 6. Enter the details of the MySql Endpoint. 7. Click Save. The MySql endpoint appears in the list. If the server is AWS server you need to download the certificate and populate the field SSL ca. After creating the certificate populate the SSL ca field to connect your My-SQL server.

Create a new My-SQL Endpoint in OwnBackup 29 Export to Amazon S3

Before you can upload data to Amazon S3, you must create a bucket in one of the AWS Regions to store your data. You can find further information here.

1. Create an S3 bucket. 2. Generate IAM Access Key. To export data to the AWS S3 Bucket you need an access key with write access. If you create the IAM Access Key as an admin user, the key has Read/Write access.

WARNING OwnBackup are not responsible for data exported from OwnBackup to external storage. OwnBackup cannot be held responsible for the security, privacy or protection of data in any external storage.

You are responsible for your S3 Bucket security and privacy. We are unable to check that the bucket is secure. (bucket policies, permissions, etc.)

Create a new S3 Endpoint in OwnBackup 1. In OwnBackup, click on your user name. 2. Select Account Settings from the drop-down list.

3. Select the Endpoints tab.

4. Select the S3 Endpoints tab.

Export to Amazon S3 30 5. Click Add a new S3 endpoint. The Add a new S3 endpoint window opens.

6. Enter the details of the S3 bucket. • Bucket Name: This must be the same name given to the bucket in AWS for example; ownbackup.com.supportnew • Path in Bucket: A directory created in S3 to copy the dataset. For example, production/ • AWS S3 Region: Enter the region where the bucket resides. For example, ; us-east-1 • AWS Access Key Id: From the IAM user. For example, ; FAKEKEYAKIA2EYKPPXN • AWS Secret Access Key: From the IAM user secret access key. 7. Click Save. The S3 endpoint appears in the list. 8. Click Test to test the endpoint. A success message is displayed.

Export to Amazon S3 31 Export a Full Backup to your S3 Bucket

1. Navigate to the service you wish to export.

2. Click Backup History.

3. Select the backup you wish to export.

Export a Full Backup to your S3 Bucket 32 4. Click Export backup.

5. Select "Export to S3".

6. Select the Endpoint from the drop-down list. 7. Select whether to export All or Specific objects. 8. If you selected Specific objects, select the objects you wish to export. 9. Select whether to include attachments.

NOTE When exporting specific objects of a full backup, if you select to export attachments, only attachments for those specific objects will be exported.

10. Click Export.

Export a Full Backup to your S3 Bucket 33 If your S3 bucket is not secure a warning message is displayed. 11. If you wish to proceed, click Export.

12. Click Yes, export to confirm The export starts a new job. 13. When the export job is complete, check your S3 bucket for the exported files.

Export a Full Backup to your S3 Bucket 34 The export creates a folder with the backup name under the path provided. The GZIP file created for each object is a zipped CSV file. The export uploads the files to this folder, if a file was previously uploaded (same backup, same object) the file is overwritten. To keep all historic versions of the object, enable versioning on the bucket. 14. If you have not set up the S3 bucket with the necessary permissions an error message is displayed when you click Export.

Objects Excluded from Export to SQL and Amazon S3 The following objects are skipped when exporting to SQL or Amazon S3:

Export a Full Backup to your S3 Bucket 35 AccountUserTerritory2View FlowInterview ApexClass' LoginIp ApexComponentApexTestQueueItem NavigationLinkSet ApexLog' ProcessInstanceWorkitem RecentlyViewed Profile ApexPage Publisher ApexPageInfo UserSetupEntityAccess ApexTestResult SetupEntityAccess ApexTrigger EmailTemplate AppDefinition TagDefinition AppMenuItem TabDefinition AsyncApexJobAuraDefinitionBundleInfo EventBusSubscriber AuraDefinitionInfo FormulaFunction AuthSession FormulaFunctionAllowedType DataType FormulaFunctionCategory']

Excluded sobject suffixes: Feed, Tag, Share, History

Export a Full Backup to your S3 Bucket 36 Exporting Your Metadata

Export for metadata is also available in any metadata backup.

Click Export to CSV to download a folder labeled ‘metadata’.

Each metadata object is listed separately, as well as the package.xml file. Use any of these files to deploy metadata using your preferred Integrated Development Environment.

Exporting Your Metadata 37 Scheduled Exports

In the Schedule Exports menu, you can schedule an export of your backup to your existing endpoints.

When the Scheduled Export runs, it will run for your last successful full backup, and you can see the export in the Jobs tab under 'Scheduled backup export'.

NOTE Admin or Master Admin can create/edit/delete scheduled export.

Creating a New Scheduled Export

NOTE You can only create 2 scheduled exports per service.

When you reach the limit, the New Scheduled Export... button appears as follows:

Scheduled Exports 38 1. Select the service you wish to use.

2. Click New Scheduled Export.... The New Scheduled Export window opens.

3. Enter a scheduling name. 4. In the Export to drop-down list, select S3 Bucket or SQL. 5. Select the Endpoint from the drop-down list.

A success message appears:

Scheduled Exports 39 6. Select the Frequency from the following options: • Weekly: Select the day of the week, how often per weeks, and the hour. • Daily: Select the hour.

NOTE The time zone is set according to your default profile settings.

7. Select whether to export All or Specific objects. 8. If you selected Specific objects, filter or scroll to select the desired objects. 9. If applicable, select whether to include attachments.

NOTE The option to include attachments is only visible when you select to export to your S3 Bucket.

10. Click Save.

Scheduled Exports 40 Scheduled Exports List In the Schedule Exports list, you can view a list of the scheduled exports.

The table contains the following information:

• Name. • Endpoint. • The status of the last scheduled export: • Completed Successfully : The export of your backup to your endpoint was successful. • Failed : The export failed due to an error. If your export fails, check the endpoint validity or job status for more information. • You can select to edit or delete a scheduled export.

Edit a Scheduled Export 1. On the scheduled export you wish to use, click the three-dot menu icon. The Edit and Delete options are displayed.

2. Click Edit. The Edit Scheduled Export window opens.

Scheduled Exports 41 3. Click Save to publish your changes.

Delete a Schedule Export 1. On the scheduled export you wish to use, click the three-dot menu icon. The Clone and Delete options are displayed.

2. Click Delete. The Delete Template message is displayed.

Scheduled Exports 42 3. Click Yes, delete it.

Scheduled Exports 43 Compare

In the Backup summary, you can compare an entire org or a particular object against all its related objects across two snapshots.

See Comparing Data & Metadata [53] for more details.

Compare 44 Smart Alerts

OwnBackup Smart Alerts are based on the detection of statistical outliers in your data and/or defined thresholds based on More Than/Less Than scenarios. You can receive alerts on an object(s) of choice whenever a significant outlier from the distribution of the added, removed, or changed record counts is detected.

Outlier detection is a key element of modern statistics. At their core, outliers are major deviations from the general trend of your data. Major changes in the added, removed, or changed record counts could indicate a data loss or data corruption event.

1. Select the backup service you would like to add an alert to. 2. On the left-hand menu, select the “Smart Alerts” option.

3. Set Alert when to “statistical outlier”. 4. Select an object from the drop-down menu. 5. Click Add Alert. 6. Confirm the alert was added to the alerts list under the Alerts tab.

Smart Alerts 45 My Notifications

In the My Notifications menu, you can see a summary of your notifications related to this backup. You can change your default notifications based on what you already configured.

See My Notifications [76] for a full list of notifications available.

My Notifications 46 GDPR Subject Requests

In the GDPR Subject Requests menu, you can view the list of GDPR Requests. From the screen, you can handle both “Right to Rectification” and “Right to Erasure” requests.

See the GDPR User Guide for more details.

GDPR Subject Requests 47 Permissions Reports

For every full backup, the Field-Level-Security (FLS) feature automatically analyses the Salesforce org to identify fields hidden from the authenticated user, due to permissions. This lack of permissions prevents OwnBackup from giving you a Full & Complete Backup.

If unreadable fields are detected due to changes made to profiles and/or permissions, a warning is shown on the service's Dashboard that the data has been excluded. A link is provided to a new tab ("Permissions Report") containing the report. OwnBackup also provides an actionable remediation tool.

A full list of all the fields that are hidden for the authenticated user is displayed:

Permissions Reports 48 You can export the Field Level Security Report as an XML for Profile updates. This enables you to update any profile with missing field/object permissions using Force.com IDE and other similar tools.

See Analyzing Profile Permissions [50] for more information.

Permissions Reports 49 Field Level Security

In some instances, even though you have the “Modify all data” and “View all data” permissions, you may notice missing fields from your backup. If you have any hidden fields from this profile via Field Level Security (FLS) , you will need to unhide these fields for the profile of the authenticated user.

To view the FLS settings of the authenticated user:

1. Select the backup service from the OwnBackup multi-org dashboard.

2. Click “Options” on the left-hand side of the backup dashboard.

3. In the "Authenticated User" section, click Analyze Profile Permissions.

Field Level Security 50 A job starts that will provide a full list of all the fields that are hidden from the authenticated user.

NOTE This will not show if you have access to a field via a permission set. Use this list to update the user profile in Salesforce as required.

Field Level Security 51 Re-authenticate Service

1. Choose the backup service that encountered an error.

2. Click Re-authenticate Service. You are prompted to authenticate with Salesforce, authorizing OwnBackup to access your org using oAuth. You are prompted to select the relevant Microsoft account and sign in, authorizing OwnBackup to access your org using oAuth. Once authenticated, a success message appears, and the service is re-authenticated.

Re-authenticate Service 52 Comparing Data & Metadata

Identifying Abnormal Behavior The OwnBackup platform includes a powerful graphing system that represents events of every data and metadata object in your Salesforce org. This graph delivers a comprehensive view into changes of your data and metadata, letting you derive immediate insights and respond if necessary. You can also drill down into any specific backup to isolate specific objects and see specific added, changed, or removed records. This transparency allows administrators and database managers to easily spot abnormal, and potentially malicious or accidental, behavior.

The visual data reports are available on the Dashboard of each Backup service.

1. Click the Added, Changed, Removed, or Total metrics below the chart to filter which data sets you want to see. 2. Select any object from the top left drop-down menu. 3. Select a timeframe from the top-right menu, or select a default range of one week, one month, two months, or all backups. 4. Click and drag your mouse over the mini graph below the main graph to zoom into a specific region of the timeline.

Comparing Data The OwnBackup Smart sObject Compare tool lets you compare an entire org or a particular object (e.g. Account or Opportunity) against all its related objects across two snapshots. It is a very powerful way to identify changes to records, including additions, modifications, and deletions.

1. Navigate to the Compare tab. 2. Click Data Compare.

Comparing Data & Metadata 53 3. Select the Services you wish to compare. You can also compare with the same service.

4. Select the objects you wish to include in the comparison. 5. Select the Backup versions you wish to compare. 6. Click Compare. The job begins and you are transferred to the Jobs tab.

7. Use the restore button to the right of the number of records to initiate a Restore Job for that data.

Comparing Data & Metadata 54 NOTE Clicking the counterclockwise arrow to the right of removed records starts a Data Restore to repair data loss, while the arrow to the right of changed records start a Data Restore to repair data corruption.

See: Recovering Deleted Records and Their Children [60].

8. Click the number in the changed column to view the Field level changes.

Comparing Metadata The OwnBackup Smart Metadata Compare tool lets you compare all the metadata objects, such as reports and dashboards, triggers, process builder, and apex classes. It identifies changes between two snapshots of the same environment or across two different environments, such as your Production backup and a Sandbox backup.

1. Navigate to the Compare tab. 2. Click Metadata Compare.

Comparing Data & Metadata 55 3. Select the Services you wish to compare. You can also compare with the same service.

4. Select the Backup versions you wish to compare. 5. Click Compare. The job begins and you are transferred to the Jobs tab.

6. Click the number in the changed column to view the Changes in Clean Data Services Metadata Type. 7. Select the viewing options: Partial View, Full View, Side-by-Side, Inline.

Comparing Data & Metadata 56 8. Click Download All to select to download either a new or old snapshot. A snapshot zip file downloads.

Comparing Data & Metadata 57 Finding Records & Attachments

The Find capability, lets you easily search the entire backup history of data or attachments. You can quickly find and retrieve records and files that were deleted or archived. It also addresses legal, compliance, and audit inquiries relating to the backed-up data.

The Find feature is an advanced full-text search capability available in all your backup snapshots. The tool searches all fields, on all standard & custom objects, Chatter, multi-value picklists, rich text fields, and more. The tool can also search within attachments, including PDF, Microsoft Word, Microsoft Excel, and most text-based files. Any records that match the search criteria are subsequently displayed. If different versions of the same record appear across multiple backup snapshots, you can view and export the different versions to see the changes.

1. Navigate to the Find tab.

2. Specify whether you want to find a record or an attachment. 3. Click Next Step. 4. Select the Backup Service in which you would like to search. • Services marked with a are active backups. • Services marked with a are archived backups.

5. Specify the timeframe in which you want to search. • A single backup • A backup range (e.g., 10/1/2017 - 10/15/2017) • Entire backup history 6. Click Next Step.

Finding Records & Attachments 58 7. Enter the search term. OwnBackup searches for across all sObjects and fields that appear in the timeframe selected. You can also use the operator ‘object:’ to narrow the search to specific objects. Searches are NOT case-sensitive, and can be Boolean or string based. 8. Select whether to search history, feeds and share tables. 9. Click Next Step.

10. Review the search summary, and click Find. 11. The results are presented in the Job tab. 12. From the completed Find Job, click the three dots to the right of any row and take the following actions on that record. • Preview Restore: This starts a Restore job for that record and places it in a pause state, allowing you to review the data before it is written to your Salesforce org. • Forget Record: Allows you to comply with GDPR forget requests within your backed-up data. • Rectify Record: Allows you to comply with GDPR rectify requests within your backed-up data.

Finding Records & Attachments 59 Data Restore

Use the Data Restore tool to restore data corruption or data loss. You can choose full org or multiple objects and OwnBackup will create a restore job for the selected objects and descendant records between two points in time (before and after the data loss/corruption event).

When restoring data across environments, make sure that:

• You have backed up the environments that you need to restore data to and from. • To back up a new environment, follow the steps here [6].

Recovering Deleted Records and Their Children If a cascading deletion has occurred in your Salesforce environment, you will need to run a Data Restore. You may have already used the compare tool or dashboard statistics chart to identify the extent of the data loss. See Comparing Data [53].

To recover the deleted records:

1. Log in to your OwnBackup account. 2. Navigate to the 'Backup' tab. 3. Select the backup service for the org in which the data loss occurred. 4. Click Back Up Now, and wait for the backup to complete.

NOTE If you have a backup snapshot from after the data loss incident, you may skip this step.

5. Click the Restore tab.

Data Restore 60 6. Click Data Restore.

7. Select Repair data loss. 8. Select the service that suffered the data loss. 9. Click Next Step.

Data Restore 61 10. Select all of the parent objects where data loss occurred. You can type in the object rather than scrolling to search. 11. Click Next Step.

12. Select the Before and After the data loss snapshots. The ‘Before’ snapshot contains the records you want to restore, the ‘After’ snapshot is the backup that identifies those records as being ‘Removed’. 13. Click Next Step.

14. Select Same environment if restoring these records back into Salesforce. Select Different environment to restore deleted records into a sandbox. 15. Click Next Step.

Data Restore 62 16. Review the details you selected. 17. Click Preview Restore to generate a complete preview. You are redirected to the Jobs tab. Once the initial processing of the data is complete, you are presented with additional on- screen instructions. 18. Disable any workflow rules, validation rules, and triggers in the destination environment that could affect a mass import on the objects you are restoring. 19. You can either restore all deleted records, a subset of records by uploading a custom CSV file, or a subset of records filtered by a SQL where clause.

If you modify the CSV, make sure to delete the entire rows you do not want to restore, rather than simply clearing the values from the cells. Save the file in CSV format and UTF-8 encoding. Upload the file to the job in OwnBackup. 20. Check the I have adapted my Salesforce environment for this job box when you are ready, then click Resume.

Recovering from a Field-Level Corruption If a field-level corruption has occurred in your Cloud service provider environment, you will need to run a Data Restore.

To restore the records that were overwritten:

1. Login to our OwnBackup account. 2. Navigate to the Backup tab. 3. Select the backup service for the Org that suffered a data corruption. 4. Click Back Up Now, and wait for the backup to complete.

Data Restore 63 NOTE If you have a backup snapshot from after the data loss incident, you may skip this step.

5. Navigate the Restore tab. 6. Click Data Restore.

7. Select Repair data corruption. 8. Select the Org that suffered the data-corruption. 9. Click Next Step.

10. Select all of the parent objects where data loss occurred. You can type in the object rather than scrolling to search. 11. Click Next Step.

Data Restore 64 12. Select the two snapshots for Before and After the data loss. The ‘Before’ snapshot will contain the records you want to restore, and the ‘After’ snapshot should be the backup that identifies those records as being ‘Changed’. 13. Click Next Step.

14. Select Same environment if restoring these records back into Salesforce. Select Different environment to restore deleted records into a sandbox. 15. Click Next Step.

16. Review the summary, then click Preview Restore to generate a complete preview. Once the initial processing of the data is complete, you will be presented with additional on-screen instructions. 17. Disable any workflow rules, validation rules, and triggers in the destination environment that could affect a mass import on the objects you are restoring. 18. You can either restore all deleted records, or use a subset of records by uploading a custom CSV file.

Data Restore 65 • If you modify the CSV, make sure to delete the entire rows you do not want to restore, rather than simply clearing the values from the cells. Save the file in CSV format and UTF-8 encoding. Upload the file to the job in OwnBackup. 19. Select the I have adapted my Salesforce environment for this job checkbox when you are ready, then click Resume.

Retry Restore Job After any Data Restore job (data loss or data corruption) has completed, if errors are present (e.g. Salesforce validation rule or apex code errors), you can review the Bulk Insert and Update logs to better understand why the errors occurred.

Once the errors are reviewed and environment has been adjusted to solve the errors, users are able to RETRY the Restore Job directly from the Results page. In order to kick off a Retry, users must click on the Retry Job button at the bottom right of the results. During the Retry, OwnBackup will re-run the Restore Job originally initiated.

NOTE Any records that were successfully inserted in the original Restore Job will be skipped (will not be updated and no duplicates will be created).

Data Restore 66 Metadata Restore

Use the Metadata Restore tool to restore your metadata to a previous snapshot, or revert changes that took place between two snapshots. You can also use this tool to restore your Sandbox.

Recovering Deleted/Modified Metadata Records If metadata records have been modified or deleted from your Salesforce environment, use the Metadata Restore tool to recover the modified/deleted records. You can use the Compare tool to identify which metadata records have been added, changed, or removed. Please see the ‘Compare Tool’ section of this guide for information on how to identify metadata changes.

Follow the instructions below:

1. Login to your OwnBackup account. 2. Navigate to the ‘Restore’ tab. 3. Click Start Metadata Restore.

4. Select the backup service that suffered the metadata corruption or deletion. 5. Click Next Step.

6. Select the two snapshots for Before and After the data loss. The ‘Before’ snapshot will contain the records you want to restore, and the ‘After’ snapshot should be the backup that identifies those records as being ‘Changed’. 7. Click Next Step.

Metadata Restore 67 8. Choose the metadata object that needs to be restored. You can type in the object rather than scrolling to search. • You may restore one of these objects with OwnBackup: Apex Class, Assignment Rules, Custom Labels, Dashboards, Email Templates, Layouts, Permission Sets, Profiles, Report Types, Reports and Workflows. For any other metadata object you need to restore, please refer to our metadata deployment guide using Workbench. 9. Click Next Step.

10. Select Same org if restoring these records back into Salesforce. Select Different org if you want to restore deleted records into a sandbox. 11. Click Next Step.

Metadata Restore 68 12. Review the details you selected, then click Preview Restore to generate a complete preview. Once the initial processing of the data is complete, you will be presented with additional on- screen instructions. 13. Check the I have adapted my Salesforce environment for this job checkbox when you are ready, then click Resume job.

Metadata Restore 69 Settings

Click the down arrow next to your username to access your account settings, profile and notifications.

NOTE Business Units, IP Restrictions and Endpoints can only be added and managed by the Master Admin.

Account Settings In the account Settings you can add and manage users, business units, IP’s, and Endpoints. You can also review and manage your Security settings and overview your OwnBackup tools and licenses.

Users 1. Click Add User and scroll to the bottom of the page.

2. Enter an email address for the user.

Settings 70 3. Select a Role from the drop-down list. 4. Select a Business Unit. You can change the Business Units membership later in the Account Business Units Settings tab. 5. Click Add User. The User unverified appears in the list. An email is sent to the user to verify the user credentials.

• Click the delete icon to delete the user. • Unselect the checkbox to disable the user. • Click Export Users to CSV to download a CSV of users. • Click Replace master admin to change the master admin user.

Business Units

1. Click Add Business Unit to add a new business unit. The Add Business Unit pop-up window opens.

2. Enter the business unit name. 3. Click Save. The Business Unit appears in the list of business units.

Move a Service to a Business Unit 1. In the Number of Services column, click View/Edit next to the Business Unit you wish to move a Service to.

Settings 71 2. Click Move a Service to this Business Unit. 3. Select a service from the drop-down list. 4. Click Add Service. The service appears in the Services list.

Add or Edit Users of a Service 1. In the Users column, click View/Edit to view, edit or add a user to the business unit.

2. Click Add User to Business Unit.

Settings 72 3. Select one of the existing users from the drop-down list. 4. Select the user role from the drop-down list. 5. Click Add User. The user appears in the business unit users list.

IP Restrictions In this tab you can an IP address and enable or disable restrictions.

1. Enter the IP Address you want to restrict. 2. Click Add Network. 3. Check the Enable IP restrictions checkbox.

Security In this tab you can configure the session timeout period, the authentication method, either Single Sign On (SSO) or Password.

Password

If you select password:

1. Configure the password expiration period. 2. Configure the number of previous denied passwords.

Settings 73 Single Sign On

If you select Single Sign On (SSO):

1. Select the Single Sign On (SSO) option. 2. Enter the Provider name. 3. Enter the SAML issuer. This is the unique identifier of your IDP 4. Click Upload Certificate . 5. Select the Certificate you wish to upload and click Open.

NOTE A current certificate can be uploaded. There is no need to generate a new certificate (the hashing that changes).

The SHA 256 Fingerprint appears in the Certificate fingerprint field. 6. Click SAVE.

NOTE The SHA 256 fingerprint can be distinguished from the SHA 1 function by its length.

Settings 74 SHA 1:

SHA 256:

Advanced Key Management See the Advanced Key Management Guide for more details.

Endpoints See Create a new My-SQL Endpoint in OwnBackup [28] for more details.

Auditing In this tab you can review all recent events. You can filter the results by user or service. You can download the events as a CSV.

Overview In this tab you can see an overview of your plan type and features according to your account ID. You can also apply for licenses for additional features.

Settings 75 My Notifications In this page, you can see your available notifications across all services. You can review, enable and disable the notifications you want to receive.

Settings 76 Edit Profile You can edit your time zone, change your password and set two factor Authentication.

Settings 77 Settings 78 Help & Support

Click the Help & Support down arrow to see the menu options.

Customer Portal Select this option to be transferred to the customer portal.

Submit a Case Select this option to open a ticket with OwnBackup Support.

System Status You can subscribe and see system updates.

1. Click Subscribe To Updates.

Help & Support 79 2. Select how you wish to be notified. Options are: Email, Phone, Slack, Web Hook and Atom or RSS Feed. 3. Enter the relevant details and subscribe.

Help & Support 80 Limitations

• Sandbox size: If your production data size exceeds the storage capacity of your destination sandbox, the restore will fail to complete after the sandbox storage capacity has been met. OwnBackup will insert the records to the destination sandbox object by object, in alphabetical order, until the sandbox reaches its storage limit. Sandbox storage limits are as follows (for data and file storage): • Developer: 200 MB • Developer Pro: 1 GB • Partial: 5 GB • Full: Equal to Production • OwnBackup functional limitations across environments: When restoring data across environments using OwnBackup, the ‘Parent & Child Data Loss Tool’ is usually the best option as it allows you to select a subset of the data. However, some records may fail. Children (Child3 in the example below) that also have dependencies on other objects (Parent 2 below) that are not also children of the selected Parent (Parent 1 below) may fail. In the example, if you select Parent 1 which has 3 child objects: • Records on the selected object Parent 1 will succeed. • Records on Child 1 and Child 2 will succeed. • Records on Child 3 will fail because they are dependent on Parent 2 which is not included in the restore, and does not exist in the destination sandbox environment.

• Assets with sharing enabled: • To restore an Asset object, either an AccountId or ContactIdn is required. (Salesforce default sharing setting for Assets requires a parent account and/or contact to be defined). If this restriction was removed and the default Asset sharing setting was changed OwnBackup cannot restore it. • Per account, the maximum number of jobs you can run simultaneously is 5.

Limitations 81 Additional Resources

Users of OwnBackup are supported by the backup and restore experts of the OwnBackup Customer Support department and an online knowledge base for self-serve information, http:// www.ownbackup.com/knowledge-base-2.

Please do not hesitate to contact our Customer Support team from your OwnBackup account or via email at [email protected].

Additional Resources 82