To get most of the Elements features, we require you to run the Org sync with certain permissions. We will explain who, what, why and how in this article.
Article outline
Prerequisites
Org sync modes
Permissions Required to run the Sync in Default Mode
General user permissions
Object specific permissions
Apex class permissions
You might also be interested in
Prerequisites
To run the Org Sync, it is best to have either "System Administrator" permissions or "Standard User" permissions with additional permissions listed below
The minimal Elements.cloud integration user recommendations are:
“Read Only” Salesforce profile enhanced by the permissions listed below
“ElementsAdmins” permissions set
If the minimal permissions levels are required the “Read Only” profile should be cloned and the new clone used only for Elements.cloud integration purposes.
The “ElementsAdmins” permission set allows the integration user to view the Objects and Apex Classes within Elements.cloud Managed Package itself. Elements.cloud Managed Package objects and classes view permission is necessary to support the sync as well as Elements Application on Salesforce, without applying View all data permission to the integration user.
Please note: to process Org sync with the enhanced “Read Only” profile Elements.cloud Managed Package must be installed. Otherwise, if the Managed Package is not installed, the list below must be extended by View all data permission.
Org sync modes
There are two modes in which the sync can run:
Default: can be processed without Elements.cloud Managed package installed
Managed: requires Elements.cloud Managed package installed
This article covers the permissions required to sync a Salesforce Org in Default mode.
Managed mode allows the sync to run where the Salesforce user account performing the sync has not been given rights to view the object data. To enable the sync in managed mode, contact the Elements success team (success@elements.cloud) to discuss the implications and enable this feature.
Permissions Required to run the Sync in Default Mode
When connecting Elements to an Org, Salesforce user account is required to authenticate the connection to Salesforce. This results in an OAuth refresh token being provided to Elements which is stored and subsequently used to login to Salesforce for each Sync.
A user with the System Administrator permission will have all required permissions by default.
Standard User profile will require all the permissions listed below to run the sync.
General user permissions
The user account that is used to run the sync has to have the following permissions in order for the sync to work:
Below is the list of permissions required for sync completion:
System Section:
API Enabled - required to use Salesforce APIs
Author Apex - required for syncing Apex Classes and Apex Triggers
Manage All Private Reports and Dashboards - required for syncing Private Reports and Dashboards
Manage Flow - required for syncing Flows and Flow tests
Modify Metadata Through Metadata API Functions - required for syncing Apex Classes and Apex Triggers
Run Reports - required for syncing Reports and Dashboards
View All Custom Settings - required for syncing Custom Settings
View Dashboards in Public Folders - required for syncing Reports and Dashboards and their respective dependencies
View Roles and Role Hierarchy - required for syncing Roles
View Setup and Configuration - required for syncing Apex Classes, Apex Triggers, Matching Rules, and Flows
View Event Log Files and View Real-Time Event Monitoring Data - required for viewing Adoption insights about the Org
Users Section:
Manage Sharing - required for syncing Sharing Rules and Restriction Rules
View All Users - required for user provisioning
The following Object permissions will also be required if the Elements managed package has been installed.
Assigning the ElementsAdmins permission set will allocate the permissions below:
The Batch Log object requires Read, Create, Edit and Delete permissions
Apex class permission
The following Apex classes have to be enabled if the Elements managed package is installed
Q9.ElementsREST
Q9.ElementsSettingsControllerBundle
Disclaimer:
Elements.cloud periodically reviews the minimal permissions necessary for sync functionality to ensure we only require to use the absolute minimum for our customer and partners convenience.
You might also be interested in
Data Security and Compliance Document - find out what do we do to make sure you are in good, secure hands
Our data security policies and certifications - find out what steps we take to ensure your and your data security while working with Elements
Connect your Org and start the sync - step-by-step guide how to start using Org sync feature