Salesforce backup and restore for data, files and metadata
Post Reply
Homes32
Enthusiast
Posts: 34
Liked: 15 times
Joined: Oct 29, 2013 6:35 pm
Full Name: Jonathan Holmgren
Contact:

Salesforce User Permissions

Post by Homes32 »

Hello,

I'm looking to clarify some things in regard to permissions required when setting up the API integration

The user guide says:
Veeam Backup for Salesforce requires a Standard User with the Salesforce license type to connect to a Salesforce organization to perform backup and restore operations for Salesforce resources. Note that free Salesforce Integration Users cannot perform backup and restore operations.
The user whose credentials are used to authorize the connection must be assigned full permissions required to read and modify data:
• System Administrator profile (grants broad permissions immediately, but not all the required ones).
• Permission set that has the following permissions enabled:
--o Query All Files permission to back up all files.
--o View and Edit Converted Leads permission to restore converted leads.
--o Permissions for all custom record types of objects to restore records of custom types.
--o Set Audit Fields upon Record Creation permission to restore original values in audit fields when restoring deleted records.
--o Update Records with Inactive Owners permission to restore deleted records owned by inactive users.
does VBS require the System Administrator profile? or can a Standard User profile be used in addition to assigning a permission set with the listed permissions?

one of our instances is Salesforce-as-a-service and they only grant me 2 System Administrator users for the entire org.
MIvanov
VP, Product Management
Posts: 270
Liked: 77 times
Joined: Dec 12, 2008 2:39 pm
Full Name: Maxim
Contact:

Re: Salesforce User Permissions

Post by MIvanov »

Hey 👋
You can use a regular account and extend permissions with a permission set that includes modify all data, and other permissions that are in the help, and needed for editing (restoring) your data.
Homes32
Enthusiast
Posts: 34
Liked: 15 times
Joined: Oct 29, 2013 6:35 pm
Full Name: Jonathan Holmgren
Contact:

Re: Salesforce User Permissions

Post by Homes32 »

Coming back to this again, it turns out the Salesforce Platform license dosn't allow View All Data, so I'm still back to having to use one of my precious 2 licenses...

Is it required for the VBSF account to be it's own account or can it share the account with one of our administrators being it's using oAuth tokens to connect?

Pros/Cons?

Thank you!
anastasia.belyaeva
Veeam Software
Posts: 17
Liked: 8 times
Joined: Mar 14, 2023 9:05 am
Full Name: Anastasia Belyaeva
Contact:

Re: Salesforce User Permissions

Post by anastasia.belyaeva »

It's possible to use non-administrator user and assign all required permissions using permission set. I would then recommend assigning same permissions as in administrator profile, plus permissions mentioned in VBSF user guide; this includes "view all data" permissions. Though, there are might be few settings / objects that are only available to a user with standard administrator profile.

It's also possible to use your administrator user to connect to an Org in application. But there are some limitations:
- you are loosing visibility of what data was modified by user vs application;
- if you access VBSF using Salesforce SSO, then the same account (user) can't be used to connect an Org and to access VBSF, because this way access token expires after 5 logins and you'll need to re-authorise connection;
- during restore an application changes alias of a user which could break automations you have on an Org.

Regards.
Homes32
Enthusiast
Posts: 34
Liked: 15 times
Joined: Oct 29, 2013 6:35 pm
Full Name: Jonathan Holmgren
Contact:

Re: Salesforce User Permissions

Post by Homes32 »

Thanks Anastasia, that is helpful.
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests