How to Restrict EU Records from Primer

Some customers need to ensure that EU-based Leads and Contacts never leave Salesforce.

The most reliable way to enforce EU restrictions is by configuring row-level visibility in Salesforce so that the integration user Primer connects with cannot read those records in the first place.

This article walks you through how to set that up.

Why Enforce in Salesforce?

  • Compliance-first: If the user can’t see EU data, it never flows into Primer or Airbyte.

  • Auditable: Restriction rules and sharing settings are visible in Salesforce Setup, so you can prove compliance.

  • Defensive: Even if a sync misconfiguration happens, the integration user still has no access.

Step 1. Create a Dedicated Integration User

  1. In Salesforce Setup, go to Users → New User.

  2. Create an account called something like Primer Integration.

  3. Assign it a dedicated Profile (e.g., “Primer Integration Profile”).

  4. Limit its permissions to only the objects you want Primer to sync (Lead, Contact, Account, Opportunity, etc.).

👉 Do not reuse an admin or general-purpose user. Keeping this isolated makes restrictions easier.

Step 2. Enable State & Country/Territory Picklists (Recommended)

If not already enabled, turn on State & Country/Territory Picklists.

  • This ensures all Leads/Contacts have standardized CountryCode values (e.g., DE, FR, ES).

  • It makes it much easier to filter out EU records reliably.

  • Without picklists, you’d have to rely on messy free-text strings in the Country fields.

Step 3. Flag EU Records

Create a simple formula field on Lead and Contact (optional but recommended):

  • Field: Is_EU__c (Checkbox)

  • Formula: ISPICKVAL(CountryCode, "DE") || ISPICKVAL(CountryCode, "FR") || … (include all EU codes)

This gives you a clean true/false value you can use in restriction rules.

Step 4. Apply Restriction Rules

Restriction Rules (available in Salesforce Enterprise+ editions) let you hide records from specific profiles based on field criteria.

  1. Go to Setup → Restriction Rules → New Rule.

  2. Choose the object (Lead or Contact).

  3. Select the Primer Integration Profile.

  4. Rule criteria example:

    • Field: Is_EU__c

    • Operator: Equals

    • Value: False

  5. Save and activate.

Result: The integration user cannot read Leads/Contacts where Is_EU__c = TRUE (i.e., EU records).

Step 5. Test the Integration User

  • Log in as the integration user.

  • Navigate to a known EU record (e.g., a Lead with CountryCode = DE).

  • Confirm it is not visible.

  • Try a non-EU record — it should still be accessible.

Step 6. Connect Primer

  • Reconnect Salesforce through the Primer integration using the Primer Integration User credentials.

  • Primer will only sync the records this user can see — which now excludes EU records by design.

Notes & Alternatives

  • If your org doesn’t support Restriction Rules, you can use Sharing Rules with OWD = Private and then share only non-EU records with the integration user.

  • For very large orgs, some admins prefer to maintain an allow-list of regions (e.g., only US + Canada) rather than a deny-list of EU.

  • You can combine this with field-level security (FLS) if you also want to mask or hide sensitive fields from the integration user.

Summary

By enforcing EU record filtering inside Salesforce, you make it technically impossible for Primer (or any integration) to access EU Leads/Contacts. This gives you the strongest compliance guarantee and keeps the responsibility where it belongs — in the system of record.

PreviousTroubleshooting Connections ErrorsNextHow to Build an Audience

Last updated