Skip to content

Class Name: UserObfuscator

Last Updated: 2025-10-22 Source Code: UserObfuscator.cls

API Name: UserObfuscator Type: Utility Test Coverage: Not specified Author: Dorin Petrusca Created: 09/26/2024

Business Purpose

This class provides GDPR-compliant user data obfuscation through Salesforce's native System.UserManagement.obfuscateUser API. It enables automated user privacy rights processing by removing personally identifiable information from user records while maintaining system functionality through Process Builder and Flow integration.

Class Overview

Scope and Sharing

  • Sharing Model: with sharing
  • Access Modifier: public
  • Interfaces Implemented: None

Key Responsibilities

  • Obfuscate user records for GDPR compliance
  • Integrate with Process Builder and Flow automation
  • Handle errors gracefully during obfuscation
  • Support bulk processing of multiple users
  • Log failures for troubleshooting

Public Methods

obfuscateUsers

@InvocableMethod(label='Obfuscate User' description='This method obfuscates the given user(s) by their ID')
public static void obfuscateUsers(List<Id> userIds)

Purpose: Obfuscates user personal data using Salesforce's native obfuscation API, callable from Flow and Process Builder.

Parameters: - userIds (List): List of User record IDs to be obfuscated

Returns: - void: No return value (method is fire-and-forget)

Usage Example: 

// From Apex
List<Id> usersToObfuscate = new List<Id>{'005xx000000001', '005xx000000002'};
UserObfuscator.obfuscateUsers(usersToObfuscate);

// From Flow
// Use "Obfuscate User" action and pass User ID collection variable

Business Logic: - Returns immediately if userIds list is empty - Iterates through each user ID individually - Calls System.UserManagement.obfuscateUser(userId) for each user - Catches exceptions per user (prevents one failure from stopping batch) - Logs errors with user ID and error message to debug log - Continues processing remaining users after failures

Exception Handling: - Exception: Catches all exceptions during obfuscation, logs to debug, continues processing

Private/Helper Methods

This class contains no private methods.

Dependencies

Apex Classes

  • None

Salesforce Objects

  • User: Records being obfuscated

Custom Settings/Metadata

  • None

External Services

  • System.UserManagement: Salesforce native user management API
  • obfuscateUser(Id userId): Core obfuscation method

Design Patterns

  • Invocable Pattern: Uses @InvocableMethod for Flow/Process Builder integration
  • Utility Pattern: Static method for reusable functionality
  • Fail-Safe Pattern: Individual try-catch to prevent cascading failures

Governor Limits Considerations

SOQL Queries: None DML Operations: None (System.UserManagement.obfuscateUser is not counted as DML) CPU Time: Low - simple iteration and API calls Heap Size: Low - processes IDs only

Bulkification: Yes - accepts list of user IDs Async Processing: None - processes synchronously

API Limits: - System.UserManagement.obfuscateUser may have platform limits (verify Salesforce documentation)

Error Handling

Strategy: - try-catch per user prevents single failure from stopping entire batch - Generic Exception catch allows graceful degradation

Logging: - Debug logs error message with user ID - Format: 'Error obfuscating user with ID: {userId} - {errorMessage}'

User Notifications: - None - calling Flow must implement notification logic

Missing: - No error propagation to calling process - No audit trail or permanent error logging - No validation of user eligibility for obfuscation

Security Considerations

Sharing Rules: Enforces sharing (with sharing) - respects user access Field-Level Security: Not applicable (uses system API) CRUD Permissions: Not enforced - System.UserManagement API handles permissions Input Validation: Validates empty list only

Data Privacy: - Irreversible operation - obfuscated data cannot be recovered - Complies with GDPR right to erasure requirements - Uses Salesforce standard obfuscation (maintains referential integrity)

Test Class

Test Class: Not specified (likely UserObfuscatorTest.cls) Coverage: Not specified Test Scenarios Needed: - Single user obfuscation - Multiple users obfuscation - Empty list handling - Invalid user ID handling - Exception handling (mock System.UserManagement failures) - Flow integration testing

Changes & History

  • 2024-09-26: Initial implementation by Dorin Petrusca

Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • NO ERROR PROPAGATION: Failures only logged, not reported back to calling Flow/Process Builder
  • NO VALIDATION: Doesn't check if users are eligible for obfuscation (active, deactivated, etc.)
  • IRREVERSIBLE: No rollback mechanism - ensure proper backup procedures exist
  • NO AUDIT TRAIL: No permanent record of obfuscation events for compliance

HIGH - Address Soon After Go-Live

  • Add custom logging to Object or Platform Event for permanent error tracking
  • Implement validation for user obfuscation eligibility
  • Add notification mechanism for compliance team
  • Create audit trail for obfuscation activities (Custom Object or Big Object)
  • Add return type to report success/failure counts back to Flow

MEDIUM - Future Enhancement

  • Add pre-validation checks (user status, license type)
  • Implement batch processing for large volumes (Database.Batchable)
  • Add integration with external compliance systems
  • Create reporting dashboard for obfuscation tracking
  • Add support for bulk error reporting to calling process

LOW - Monitor

  • Monitor System.UserManagement API limits and usage
  • Track success/failure rates in production
  • Review debug log patterns for common failure scenarios
  • Consider standardizing error message format

Maintenance Notes

Complexity: Low Recommended Review Schedule: Annually Key Maintainer Notes: - This is a critical GDPR compliance component - all changes require legal review - System.UserManagement.obfuscateUser is a platform API - monitor Salesforce release notes - Obfuscation is irreversible - cannot restore obfuscated user data without backups - Individual try-catch pattern is intentional - allows partial success - Empty list returns silently - calling Flow should validate input - No return value means Flow cannot detect failures - consider enhancement - Test thoroughly in sandbox with real user records before production use - Coordinate with legal/compliance team on obfuscation timing and requirements - Document which fields are obfuscated by System.UserManagement API (Salesforce standard behavior) - Consider creating wrapper Flow for additional validation and notification logic