To get most of the Elements features, we require you to run the Org sync with certain permissions. We will explain who, what, why and how in this article.

Article outline

  • Prerequisites

  • Org sync modes

  • Permissions Required to run the Sync in Default Mode

  • General user permissions

  • Object specific permissions

  • Apex class permissions

  • You might also be interested in

Prerequisites

  • To run the Org Sync, it is best to have either "System Administrator" permissions or "Standard User" permissions with additional permissions (listed below)

Org sync modes

There are two modes in which the sync can run:

  • Default

  • Managed

This article covers the permissions required to sync a Salesforce Org in Default mode.

Managed mode allows the sync to run where the Salesforce user account performing the sync has not been given rights to view the object data. To enable the sync in managed mode, contact the Elements success team (success@elements.cloud) to discuss the implications and enable this feature.

Permissions Required to run the Sync in Default Mode

When connecting Elements to an Org, Salesforce user account is required to authenticate the connection to Salesforce.  This results in an OAuth refresh token being provided to Elements which is stored and subsequently used to login to Salesforce for each Sync. 

  • A user with the System Administrator permission will have all required permissions by default.

  • Standard User profile will require all the permissions listed below to run the sync.

General user permissions

The user account that is used to run the sync has to have the following permissions in order for the sync to work:

  • View All Data - this is required to allow the field data population analysis

  • View All Users - this is required for the analytics reporting

  • View Setup and Configuration

  • View All Custom Settings

  • Author Apex

  • API Enabled

  • Manage Sharing

  • Manage Users

  • Manage All Private Reports and Dashboards

  • Modify Metadata Through Metadata API Functions - this is required to execute the sync

  • Run Reports - this is required to be able to access the report definition

Object specific permissions

The following Object permissions will also be required if the Elements managed package has been installed.

Assigning the Q9Elements permission set will allocate the permissions below:

  • The Batch Log object requires Read, Create, Edit and Delete permissions

Apex class permission

The following Apex classes have to be enabled if the Elements managed package is installed

  • Q9.ElementsREST

  • Q9.ElementsSettingsControllerBundle

You might also be interested in

Did this answer your question?