Data Import Wizard match by Name doesn't work when Name field is encrypted with Deterministic Case Sensitive or Insensitive
Platform Encryption , Data Import Wizard
Last updated 20 days ago ·Reference W-7890661 ·Reported By 4 users
No Fix
Summary
When the standard Name field on an object is encrypted with Platform Encryption Deterministic schema, Data Import Wizard (DIW) should be able to match existing records with Name or Name+Site for Account as an example.
However, despite the import showing as successful the records are not actually processed by the import wizard.
While matching the CSV data against the Name data, the CSV data is text, but the actual record data is encrypted text at the database level. Due to this inconsistency, DIW is unable to identify the corresponding account ID and the operation is ignored.
Repro
Prerequisites:
- Create an Account record with the following details.
Name: LeadImportTestAccount
Account Site: Headquarters
- Enable Shield Platform Encryption
https://trailhead.salesforce.com/en/content/learn/modules/spe_admins/spe_admins_get_started
- Enable "Deterministic Encryption" in Setup > Platform Encryption > Advanced Settings
- Choose Tenant Secret Type: Data in Salesforce (Deterministic) and "Generated Tenant Secret"
- Encrypt the Account Name Standard Field with Encryption Scheme: Deterministic - Case Insensitive or Sensitive
- Gather Statistics and Sync to encrypt the existing record's Name.
Steps to reproduce existing Account not being updated when using Name as matching criteria via DIW:
1. Create a CSV with the following columns populated:
Account Name: LeadImportTestAccount
Account Site: Headquarters
Account Description: If this is showing in the Account Description Field the Update was successful.
2. Navigate to the Data Import Wizard and Launch Wizard!
3. Make the following selections for the each step:
A) What kind of data are you importing?: Account and Contacts
B) What do you want to do?: Update existing records
Match Account by: Name & Site
Update existing Account information: Checked
C) Where is your data located?: CSV and select the file you created in step 1.
4. Check to ensure the columns in the CSV are properly mapped to the Account: Account Name, Account: Account Site, Account: Description fields and click Next and then Start Import.
Actual Results: On reviewing the BULK job results, they show that the update operation was successful however, on reviewing the Details tab of the only matching Account record you will find that the Detail field was not populated with the value contained in the update file, "If this is showing in the Account Description Field the Update was successful."
Expected Results: Matching the existing Account based on Name field would properly update the record when Deterministic encryption is enabled on the Account Name field.
Steps to reproduce Custom Lookup field not being properly populated when using Name as matching criteria for related Account record on Lead creation via DIW:
1. Created a new custom lookup field to Account on the Lead object with Field Label: RelatedAccount
2. Create a CSV file for Lead Import with the following columns populated
Name: Test Lead
RelatedAccount: LeadImportTestAccount
Company: LeadImportTest
3. Launch the Data Import Wizard and choose the following selections:
A) What kind of data are you importing?: Leads
B) What do you want to do?: Add new records
Which Account field in your file do you want to match against to set the RelatedAccount lookup field?: Account Name
C) Where is your data located?: Select the CSV from step 2.
4. Ensure the columns your CSV are mapped accordingly and Start the Import.
Actual Result: The operation shows as successful however, the custom lookup field (RelatedAccount) is not properly populated on the newly created Lead record.
Expected Result: If using Name as matching criteria is a limitation of Shield Platform Encryption and the matching related records by Name via Data Import Wizard, it would be documented or if this should work, the import would be successful.
Workaround
Match based on other criteria such as Salesforce Record Id or consider disabling encryption on the target object's Name field.
Reported By (4)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.