I'm looking to clarify some things in regard to permissions required when setting up the API integration
The user guide says:
Veeam Backup for Salesforce requires a Standard User with the Salesforce license type to connect to a Salesforce organization to perform backup and restore operations for Salesforce resources. Note that free Salesforce Integration Users cannot perform backup and restore operations.
The user whose credentials are used to authorize the connection must be assigned full permissions required to read and modify data:
• System Administrator profile (grants broad permissions immediately, but not all the required ones).
• Permission set that has the following permissions enabled:
--o Query All Files permission to back up all files.
--o View and Edit Converted Leads permission to restore converted leads.
--o Permissions for all custom record types of objects to restore records of custom types.
--o Set Audit Fields upon Record Creation permission to restore original values in audit fields when restoring deleted records.
--o Update Records with Inactive Owners permission to restore deleted records owned by inactive users.
does VBS require the System Administrator profile? or can a Standard User profile be used in addition to assigning a permission set with the listed permissions?
one of our instances is Salesforce-as-a-service and they only grant me 2 System Administrator users for the entire org.
Hey
You can use a regular account and extend permissions with a permission set that includes modify all data, and other permissions that are in the help, and needed for editing (restoring) your data.
Coming back to this again, it turns out the Salesforce Platform license dosn't allow View All Data, so I'm still back to having to use one of my precious 2 licenses...
Is it required for the VBSF account to be it's own account or can it share the account with one of our administrators being it's using oAuth tokens to connect?
It's possible to use non-administrator user and assign all required permissions using permission set. I would then recommend assigning same permissions as in administrator profile, plus permissions mentioned in VBSF user guide; this includes "view all data" permissions. Though, there are might be few settings / objects that are only available to a user with standard administrator profile.
It's also possible to use your administrator user to connect to an Org in application. But there are some limitations:
- you are loosing visibility of what data was modified by user vs application;
- if you access VBSF using Salesforce SSO, then the same account (user) can't be used to connect an Org and to access VBSF, because this way access token expires after 5 logins and you'll need to re-authorise connection;
- during restore an application changes alias of a user which could break automations you have on an Org.