Every few months on the blog, we recap some of the new features we’ve been working on. Here are some highlights from our recent product releases (April-June 2023) and how they can improve your experience using Own.
Enhanced Permission Report
The goal of the permissions report in Own Recover is to help identify what might be missing from a backup due to permission issues. Recently, we released an enhanced version of this report in a new table view format, which will improve the user experience in several ways:
Better UX: The table view format makes it easier to understand any actions needed for each item in the permissions report, giving our users unprecedented visibility into what’s missing from a specific backup.
Alerts on what is missing from a backup: Users will will receive an email alert whenever items are added or removed from the permissions report, since it may affect backup coverage.
Connects exclusions and permission warnings: With these enhancements, backup exclusions and permissions warnings are now interconnected. So, if all items under the permissions reports are excluded from the backup, then permissions warning would not appear on the backup history page. Running permissions report got easier since a user can now initiate a permissions report from that same table.
New and Improved Find Screen
Within Recover, customers can lookup any specific type of file, record, or perform a data subject request in their backups. While this process used to involve several steps, we've updated the Find capability screen to make it faster and more intuitive. Now, this functionality is a single screen and responsive as you fill in the form's fields.
A More Secure Authentication Method For ServiceNow Recover
Until recently, adding a ServiceNow instance for Recover used the basic authentication method, which required ServiceNow login credentials such as your username or password to enable access. This meant you'd be sharing those credentials between Own, ServiceNow, and any users that received the password with higher risk of exposing them
With the new authentication method, we removed the need for logging credentials to access Recover. So long as the customer's ServiceNow instance enables OAuth, ServiceNow will provide OAuth authorization code grant flow. This gives an access token that allows a customer to authenticate directly with an OAuth server that trusts the resource instead of authenticating and sharing username and passwords.
Side-By-Side Comparison Of Profiles, Permission Sets, And Permission Sets Groups
Starting in 2026, permissions and access in Salesforce will no longer be granted through profiles, but in permission sets. While it's an overall positive change for Salesforce customers, they'll need to review all their granted permissions and access across these entities to ensure they're up to date, accurate, and reflect the least privileged access principle as a best practice.
We are excited to share that Own Secure now enables side-by-side comparison of profiles, permission sets, and permission sets groups to simplify this process for our customers. This will allow users to easily view, compare, highlight, and filter down to just the differences between the two entities, making implementation and troubleshooting permissions and access even more straightforward. Better yet, customers can have confidence that their permissions and access are up to date, consistent and error-free, and reflective of the principle of least privileged access.
High-Risk Permission Alerts
High-risk permission assignments can potentially result in catastrophic events that undermine a Salesforce org's confidentiality, integrity, or availability. Now, we've added a new alert for high-risk permission assignments. After a security insight job runs, users will be notified via an in-app notification or an email if a new high-risk permission assignment has been detected and assigned to a new user, profile, permission set, or permission set group since the last job was run.
Overall, faster detection leads to more rapid remediation, which gives our customers peace of mind that we are monitoring these high-risk permissions on their behalf.
New Permission Set Lens in Who Sees What Explorer
One of the most common findings in our Salesforce security risk assessments is the persistent over-assignment of permissions and access facilitated by profile-based assignments. This directly violates the longstanding security principle of lease privilege access, which recommends that organizations limit user account privileges to only those necessary to perform their job functions. To audit, review, and update access or permissions, a user needs to be able to view this information efficiently.
Recently, we've added a new perspective to the Who Sees What Module, which provides a view to understand what access and permissions have been granted by a profile, permission set, or permission set group. Like the new side-by-side comparison tool mentioned previously, this enhancement will help customers to ensure they are ready for the move of permissions and access from profiles and permission sets coming in 2026.
Archive for nCino
Until recently, Own offered our Recover, Secure, and Sandbox Seeding products for nCino customers. Now, Own Archive is available for nCino as well. Using Archive, NCino customers can archive nCino-specific objects, including loan placeholders, relationship placeholders, and global placeholders, while maintaining the relationship between objects. They can also unarchive, search through the global search and widget, define purge policies, export, place a legal hold, and run an FLS report on their nCino schema. In short, we now provide our nCino customers with the same product and customer experience that we offer all of our Archive customers.
New Options for Viewing Archived Records in Salesforce
One of the most significant benefits of Archive is that customers will never lose access to their data. Even after data is relocated from the production organization, Archive allows users to view their archived records alongside their Salesforce records.
With our new release, we're providing two new options for viewing archived records in Salesforce.
The first option shows users a summary of all their archived records on one side of the screen, and on the other side, users can scroll down to view more, collapse, or un-collapse these sections of object types. These can also be customized, so customers drag and drop to determine which objects should be displayed and in what order. This also provides admins with more control over what their business users have access to in Salesforce.
The second option, the Single Object widget view, is recommended when users want to view their archived records directly next to their Salesforce records. For example, you can see your live cases in production next to your archived cases.
Anonymization is critical to protecting sandbox data. Traditional anonymization pulls from a realistic library of fake data–creating standardized field requirements. While that's helpful for some of your data, your org might have unique field requirements. If anonymization values deviate from a specified field format, say a specific email pattern or healthcare member ID number, your confidential, sensitive sandbox data could be exposed. In many organizations, if the anonymized data cannot be customized, it’s often cleared from the sandbox. Even worse, teams risk violating compliance regulations that require you to keep sensitive data out of the sandbox.
Our new Custom Anonymization functionality as part of Own Sandbox Seeding allows customers to create specific field formats unique to their org while upholding anonymization to keep sandboxes free of sensitive data. The intuitive drag-and-drop feature also saves time from manually creating test data or writing scripts. Learn more about Custom Anonymization here.
Today, customers often use 3rd-party systems to seed the same data into their Production and Sandboxes. However, while the data seeded may appear identical based on its actual field value, the record's ID in the destination do not match the source.
This eliminates duplicate account errors because a unique field has multiple fields with the same external ID in a sandbox. Errors like these require a user to troubleshoot and understand what went wrong with the seeding job instead of focusing on development or training.
Our new Field matching feature allows customers to select unique fields and match source records to the destination by external ID. This way, customers can have more control over their sandbox and reduce time spent troubleshooting errors.