hardis:org:user:freeze
Description
Command Behavior
Freezes Salesforce user logins, temporarily revoking access for selected users.
This command allows administrators to freeze Salesforce user logins. It provides a controlled way to temporarily revoke user access without deactivating the user record itself. This is useful for managing user access during leaves, security incidents, or when a user's access needs to be temporarily suspended.
Key functionalities:
- User Selection: You can select users to freeze based on their assigned profiles.
--includeprofiles: Freeze users belonging to a comma-separated list of specified profiles.--excludeprofiles: Freeze users belonging to all profiles except those specified in a comma-separated list.- If no profile flags are provided, an interactive menu will allow you to select profiles.
- Interactive Confirmation: In non-CI environments, it prompts for confirmation before freezing the selected users.
- Bulk Freezing: Efficiently freezes multiple user logins using Salesforce's Bulk API.
- Reporting: Generates CSV and XLSX reports of the users that are about to be frozen.
Technical explanations
The command's technical implementation involves:
- SOQL Queries (Bulk API): It executes SOQL queries against the
UserandProfileobjects to identify active users based on the provided profile filters. It then queries theUserLoginobject to find active login sessions for these users. - Interactive Prompts: Uses the
promptslibrary to guide the user through profile selection and to confirm the freezing operation. - Bulk Update: It constructs an array of
UserLoginrecords with theirIdandIsFrozenset totrue, then usesbulkUpdateto perform the mass update operation on the Salesforce org. - Reporting: It uses
generateReportsto create CSV and XLSX files containing details of the users to be frozen. - Logging: Provides clear messages about the number of users found and the success of the freezing process.
Parameters
| Name | Type | Description | Default | Required | Options |
|---|---|---|---|---|---|
| debug -d |
boolean | Activate debug mode (more logs) | |||
| excludeprofiles -e |
option | List of profiles that you want to NOT freeze, separated by commas | |||
| flags-dir | option | undefined | |||
| includeprofiles -p |
option | List of profiles that you want to freeze, separated by commas | |||
| json | boolean | Format output as json. | |||
| maxuserdisplay -m |
option | Maximum users to display in logs | 100 | ||
| name -n |
option | Filter according to Name criteria | |||
| skipauth | boolean | Skip authentication check when a default username is required | |||
| target-org -o |
option | undefined | |||
| websocket | option | Websocket host:port for VsCode SFDX Hardis UI integration |
Examples
$ sf hardis:org:user:freeze
$ sf hardis:org:user:freeze --target-org my-user@myorg.com
$ sf hardis:org:user:freeze --includeprofiles 'Standard'
$ sf hardis:org:user:freeze --excludeprofiles 'System Administrator,Some Other Profile'