My organization is hiring an agency to help us with our marketing efforts. We plan to give them access to our Marketo instance. Our instance is synced with Salesforce and we have sensitive customer data (two specific fields) synced into our Marketo instance that we do not want the agency to have access to.
We're considering creating a 'Role' for the agency to set the appropriate permissions and 'hiding' the two sensitive fields. However, while testing these permissions, I've noticed that although the two sensitive fields are 'hidden', the agency would still have visibility into their values via peoples' Activity Log where there are rows for Activity Type = Change Data Value and the field names and values are listed.
Question 1: Is it possible to hide a field *and* prevent it from appearing in the activity log (so that we can truly prevent access to these data points in this manner)?
Question 2: Alternatively, is there a better way to give access to the agency and restrict access to these two specific fields?
Thanks for taking a look!
Marc,
Hiding a field simply hides the field from the UI such as showing up as a filter in a smart list. However, all references to the field will need to be removed before a field is hidden, so I would not recommend this option.
Thanks for the response, Devraj Grewal.
Because our Marketo instance is new, we haven't started referencing these particular fields; I've successfully hidden them. It feels misleading to me that "hiding" the fields doesn't remove them from the Activity Log.
Please holler if you have any other suggestions for restricting access to specific fields as I described above.
Hi Marc Asmus,
What is your reason for syncing the fields to the Marketo? Will they be used for reporting in Marketo or for triggers etc...
If the fields are required to be synced to Marketo will the marketing agency not need access to them to effectively set up smart campaigns, flows and reports etc?
Is the field a manual text input or a picklist? If its the later the only work around I can think of is to change the value of those fields in SF to some type of lookup key that your staff know the meaning, but no one else (agency) would.
You could also recreate the orginal fields in SF with the proper words and then have those fields visible to the SF user and hide the originals that you have just updated.
You could then create some rules in SF:
If a user selects this value in the new field then change the value of your hidden field to "Lookup Key Value".
That value then syncs back to Marketo.
A bit of a pain, but thats the only solution I could think of.
Thanks for taking the time to reply, Gerard Donnelly.
What is your reason for syncing the fields to the Marketo? Will they be used for reporting in Marketo or for triggers etc...
We synced the fields to Marketo before we decided to hire an agency. At that point, they seemed like "nice-to-haves"; we didn't anticipate this issue.
If the fields are required to be synced to Marketo will the marketing agency not need access to them to effectively set up smart campaigns, flows and reports etc?
Syncing these fields is not a requirement. We, and the agency, would still be able to use Marketo effectively in their absence. I understand that we could stop syncing the fields, but how would we clear out the historical values from places like the activity log?
Is the field a manual text input or a picklist?
Both of the fields are numeric.
Interesting ideas about coding the values to obfuscate what they mean, but I don't know that doing so is practical with numeric values.
Hi Marc Asmus,
If your instance is only new I'm assuming you could live with losing the current activity history. Have you spoke to Marketo about the possibility of wiping the activity history from you instance? I'm not sure if they could do this but might be worth an ask. You could then turn the sync off for those fields and run a batch campaign to clear out the current values.
Good luck,
Gerard