Skip to main content

What access does Gearset need when connecting to a Salesforce org?

Information on Salesforce org permissions required by Gearset to use metadata and data deployment tools, and Backup and restore feature.

Valerio Chang avatar
Written by Valerio Chang
Updated over a week ago

When Gearset first connects to a Salesforce org, it requests a range of permissions:

The primary permission that underlies this is the Modify all data permission. To use Gearset to deploy both metadata and data between your orgs, the user (actually, the user's profile) you used to authenticate against the org must have this permission.

Why does Gearset need this permission?

As a deployment tool, Gearset needs the ability to read and write org metadata and data.Β 

What if I'm not using data deployment?

There is an Administrative Permission named Modify Metadata Through Metadata API Functions.

In theory, this setting should be enough to allow you to use the metadata functionality of Gearset. However, we've found some inconsistencies with this setting. Even if you're only looking to utilize metadata, it's still sometimes necessary to grant the Modify All Data permission.

Our recommendation would be to grant the Modify All Data permission. But please be aware that unless you're using Gearset's data loader, the app will never read or write any org data.

What are the minimum required permissions?

Gearset can't provide a concise list of minimum permissions, due to two main factors:

  • Varying Requirements: Different teams have different requirements and licensing, which impacts the necessary permissions.

  • Changing Salesforce Metadata: Salesforce metadata types are numerous and constantly changing. Many interact with data, settings, and other parts of Salesforce in diverse ways. This means the required permissions can vary significantly depending on what you're regularly deploying.

Additionally, changing Salesforce API versions will affect permissions. A list of permissions that works for one API version might not work in a future API version.

You are welcome to test and build a custom set of permissions in Salesforce for the account used to connect Gearset and we recommend using the Modify All Data permission, as this is all inclusive and will help avoid the above issues.

Can I control this access?

Gearset's access to an org can be revoked from within the org at any point by the end user, via the Connected Apps OAuth Usage page.

What permissions are needed to use Backup and restore?

We have a separate documentation that outlines all the necessary permissions required to authenticate a Salesforce user to use our Backup solution along with the data and metadata restore functionality.

Check this article for more information:
​Gearset backup & restore - User permissions

Did this answer your question?