All Collections
Salesforce Metadata
Connecting and syncing Salesforce Orgs
Org connection basics
Salesforce Permissions Required to run the Sync
Salesforce Permissions Required to run the Sync

What Salesforce permissions are required to run the sync.

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

To get most of the Elements features, we require you to run the Org sync with certain permissions. We will explain who, what, why and how in this article.

Article outline

  • Prerequisites

  • Org sync modes

  • Permissions Required to run the Sync in Default Mode

  • General user permissions

  • Object specific permissions

  • Apex class permissions

  • You might also be interested in

Prerequisites

  • To run the Org Sync, it is best to have either "System Administrator" permissions or "Standard User" permissions with additional permissions listed below

  • The minimal Elements.cloud integration user recommendations are:

    • Read Only” Salesforce profile enhanced by the permissions listed below

    ElementsAdmins” permissions set

If the minimal permissions levels are required the “Read Only” profile should be cloned and the new clone used only for Elements.cloud integration purposes.

The “ElementsAdmins” permission set allows the integration user to view the Objects and Apex Classes within Elements.cloud Managed Package itself. Elements.cloud Managed Package objects and classes view permission is necessary to support the sync as well as Elements Application on Salesforce, without applying View all data permission to the integration user.

Please note: to process Org sync with the enhanced “Read Only” profile Elements.cloud Managed Package must be installed. Otherwise, if the Managed Package is not installed, the list below must be extended by View all data permission.

Org sync modes

There are two modes in which the sync can run:

  • Default: can be processed without Elements.cloud Managed package installed

  • Managed: requires Elements.cloud Managed package installed

This article covers the permissions required to sync a Salesforce Org in Default mode.

Managed mode allows the sync to run where the Salesforce user account performing the sync has not been given rights to view the object data. To enable the sync in managed mode, contact the Elements success team (success@elements.cloud) to discuss the implications and enable this feature.

Permissions Required to run the Sync in Default Mode

When connecting Elements to an Org, Salesforce user account is required to authenticate the connection to Salesforce.  This results in an OAuth refresh token being provided to Elements which is stored and subsequently used to login to Salesforce for each Sync. 

  • A user with the System Administrator permission will have all required permissions by default.

  • Standard User profile will require all the permissions listed below to run the sync.

General user permissions

The user account that is used to run the sync has to have the following permissions in order for the sync to work:

Below is the list of permissions required for sync completion:

System Section:

  1. API Enabled - required to use Salesforce APIs

  2. Author Apex - required for syncing Apex Classes and Apex Triggers

  3. Manage All Private Reports and Dashboards - required for syncing Private Reports and Dashboards

  4. Manage Flow - required for syncing Flows and Flow tests

  5. Modify Metadata Through Metadata API Functions - required for syncing Apex Classes and Apex Triggers

  6. Run Reports - required for syncing Reports and Dashboards

  7. View All Custom Settings - required for syncing Custom Settings

  8. View Dashboards in Public Folders - required for syncing Reports and Dashboards and their respective dependencies

  9. View Roles and Role Hierarchy - required for syncing Roles

  10. View Setup and Configuration - required for syncing Apex Classes, Apex Triggers, Matching Rules, and Flows

  11. View Event Log Files and View Real-Time Event Monitoring Data - required for viewing Adoption insights about the Org

Users Section:

  1. Manage Sharing - required for syncing Sharing Rules and Restriction Rules

  2. View All Users - required for user provisioning

The following Object permissions will also be required if the Elements managed package has been installed.

Assigning the ElementsAdmins permission set will allocate the permissions below:

  • The Batch Log object requires Read, Create, Edit and Delete permissions

Apex class permission

The following Apex classes have to be enabled if the Elements managed package is installed

  • Q9.ElementsREST

  • Q9.ElementsSettingsControllerBundle

Disclaimer:

Elements.cloud periodically reviews the minimal permissions necessary for sync functionality to ensure we only require to use the absolute minimum for our customer and partners convenience.

You might also be interested in

Related Articles
Connecting and syncing Salesforce Orgs
How to set up Salesforce DevOps Center integration in Elements
Setting Up a Salesforce Integration User for Elements Sync
Adding Metadata Descriptions in Elements
Users with dangerous permission
Did this answer your question?