Explanation of the error
You may come across this Salesforce validation or deployment error:
Cannot modify managed object: entity=CustomPermissionSet, component=<ID>, field=Description, state=installed
This is usually seen when you are not explicitly deploying the permission set(s) that have failed the Salesforce validation/deployment, but only selecting something like Custom field permissions, with the failing permission sets being brought in automatically.
โ
We suspect you are seeing this because:ย
in the Salesforce API version 48, Salesforce has added support for permission sets to be added into managed packages and/or unlocked packages, and
your managed package (or unlocked package) that contains the permission set is on different versions in the source and target.
What can I do to resolve it?
Exclude all permission sets from the comparison and therefore the deployment
To work around the issue, if you don't need to deploy any permission sets, you can remove permission sets from your comparison, which means they then cannot be brought in automatically.
In Compare now (legacy), which is the old UI version of our 'Compare and deploy' feature:
Go back to your comparison results page
Click
Refresh comparisonin the bottom leftRemove the
Permission setmetadata type from your metadata filterClick
Refresh all selected typesin the bottom right to re-run the comparison withPermission setmetadata excluded from the filter:
In Compare now (which is the new UI version also referred to as Compare 2.0):
On the comparison results page click the gear icon (top left corner); this setting is to
Manage custom filters:
Remove the
Permission setfrom the filter (menu the left hand side), and selectUpdate comparison(bottom right):
If you have a long list of metadata types retrieved, you can use the filter option (top left on above screenshot) to look up Permission set metadata.
Exclude specific permission sets from the comparison and therefore the deployment
If you do want to include some permission sets in your validation/deployment, just not the specific permission sets that are causing the error, you can modify the metadata filter (described/shown above) in a different way.
If you need to include permission sets but don't need to include managed package metadata, and it's managed package permission sets causing the error, you could set
Include managed packagestoNone.If you need to include permission sets from managed package A, and the permission sets giving the error are from managed packages B and C, you could set
Include managed packagestoChoose, and specify only managed package A to be included.If you need to include permission sets from the same managed package(s) as the permission set(s) causing the error, in the metadata filter for the
Permission setmetadata type you could:
โ1. InCompare now (legacy)interface: Switch fromAll itemstoNamed items, and then specify the particular permission set(s) you want to include or exclude.
โ2. In theCompare now(Compare 2.0) interface: On the comparison results page selectManage custom filters(gear icon), then click onPermission setmetadata (menu on the left), selectSpecify named items and rules, and in theNamed itemssection choose the particular permission set(s) you want to include or exclude:
Update the package
Check if the packages (managed or unlocked) are on the same version in the source and target, and synchronize them before deploying the permissions set.
Disclaimer: This error is returned directly by Salesforce, rather than Gearset. Even so, we offer guidance based on our combined experience with the Metadata API. Where possible, we try to help guide you to fix or avoid this error. In the case that this isn't possible, we may need to direct you to Salesforce support for further clarification.