hardis:org:user:freeze
Description
Command Behavior
Freezes Salesforce user logins, temporarily revoking access for selected users.
This command allows administrators to freeze Salesforce user logins. It provides a controlled way to temporarily revoke user access without deactivating the user record itself. This is useful for managing user access during leaves, security incidents, or when a user's access needs to be temporarily suspended.
Key functionalities:
- User Selection: You can select users to freeze using one of the following methods:
--usernames: Freeze a specific comma-separated list of Salesforce usernames (takes priority over profile flags).--includeprofiles: Freeze users belonging to a comma-separated list of specified profiles.--excludeprofiles: Freeze users belonging to all profiles except those specified in a comma-separated list.- If no flags are provided, an interactive menu will allow you to select profiles.
- Interactive Confirmation: In non-CI environments, it prompts for confirmation before freezing the selected users.
- Bulk Freezing: Efficiently freezes multiple user logins using Salesforce's Bulk API.
- Reporting: Generates CSV and XLSX reports of the users that are about to be frozen.
Agent Mode
Supports non-interactive execution with --agent:
sf hardis:org:user:freeze --agent --usernames 'user1@myorg.com,user2@myorg.com' --target-org my-user@myorg.com
sf hardis:org:user:freeze --agent --includeprofiles 'Standard' --target-org my-user@myorg.com
In agent mode:
- All interactive prompts and confirmations are skipped.
- The freeze operation proceeds automatically for the matched users.
- You must provide
--usernames,--includeprofiles, or--excludeprofiles(interactive selection is not available).
Technical explanations
The command's technical implementation involves:
- SOQL Queries (Bulk API): When
--usernamesis provided, users are queried directly by username. Otherwise, it queries theUserandProfileobjects to identify active users based on the provided profile filters. It then queries theUserLoginobject to find active login sessions for these users. - Interactive Prompts: Uses the
promptslibrary to guide the user through profile selection and to confirm the freezing operation. - Bulk Update: It constructs an array of
UserLoginrecords with theirIdandIsFrozenset totrue, then usesbulkUpdateto perform the mass update operation on the Salesforce org. - Reporting: It uses
generateReportsto create CSV and XLSX files containing details of the users to be frozen. - Logging: Provides clear messages about the number of users found and the success of the freezing process.
Parameters
| Name | Type | Description | Default | Required | Options |
|---|---|---|---|---|---|
| agent | boolean | Run in non-interactive mode for agents and automation | |||
| debug -d |
boolean | Activate debug mode (more logs) | |||
| excludeprofiles -e |
option | List of profiles that you want to NOT freeze, separated by commas | |||
| flags-dir | option | undefined | |||
| includeprofiles -p |
option | List of profiles that you want to freeze, separated by commas | |||
| json | boolean | Format output as json. | |||
| maxuserdisplay -m |
option | Maximum users to display in logs | 100 | ||
| name -n |
option | Filter according to Name criteria | |||
| skipauth | boolean | Skip authentication check when a default username is required | |||
| target-org -o |
option | undefined | |||
| usernames -u |
option | Comma-separated list of Salesforce usernames to freeze (takes priority over profile flags) | |||
| websocket | option | Websocket host:port for VsCode SFDX Hardis UI integration |
Examples
$ sf hardis:org:user:freeze
$ sf hardis:org:user:freeze --target-org my-user@myorg.com
$ sf hardis:org:user:freeze --usernames 'user1@myorg.com,user2@myorg.com'
$ sf hardis:org:user:freeze --includeprofiles 'Standard'
$ sf hardis:org:user:freeze --excludeprofiles 'System Administrator,Some Other Profile'
$ sf hardis:org:user:freeze --agent --usernames 'user1@myorg.com,user2@myorg.com'
$ sf hardis:org:user:freeze --agent --includeprofiles 'Standard'