Skip to main content
All CollectionsTroubleshootingSalesforce validation errors
Resolving validation errors - "Cannot modify managed object" on PermissionSet metadata type
Resolving validation errors - "Cannot modify managed object" on PermissionSet metadata type

Cause and resolution to this validation or deployment error related to PermissionSet metadata type

Valerio Chang avatar
Written by Valerio Chang
Updated over 3 months ago

Explanation of the error

You may come across this Salesforce validation or deployment error:

Cannot modify managed object: entity=CustomPermissionSet, component=<ID>, field=Description, state=installed


This is usually seen when you are not explicitly deploying the permission set(s) that have failed the Salesforce validation/deployment, but only selecting something like Custom field permissions, with the failing permission sets being brought in automatically.

We suspect you are seeing this because: 

  • in the Salesforce API version 48, Salesforce has added support for permission sets to be added into managed packages and/or unlocked packages, and

  • your managed package (or unlocked package) that contains the permission set is on different versions in the source and target.

What can I do to resolve it?

Exclude all permission sets from the comparison and therefore the deployment

To work around the issue, if you don't need to deploy any permission sets, you can remove permission sets from your comparison, which means they then cannot be brought in automatically.

  1. On the comparison results page click the gear icon (top left corner); this setting is to Manage custom filters:

  2. Remove the Permission set from the filter (menu the left hand side), and select Update comparison (bottom right):

If you have a long list of metadata types retrieved, you can use the filter option (top left on above screenshot) to look up Permission set metadata.

Exclude specific permission sets from the comparison and therefore the deployment

If you do want to include some permission sets in your validation/deployment, just not the specific permission sets that are causing the error, you can modify the metadata filter (described/shown above) in a different way.

  • If you need to include permission sets but don't need to include managed package metadata, and it's managed package permission sets causing the error, you could set Include managed packages to None.

  • If you need to include permission sets from managed package A, and the permission sets giving the error are from managed packages B and C, you could set Include managed packages to Choose, and specify only managed package A to be included.

  • If you need to include permission sets from the same managed package(s) as the permission set(s) causing the error, in the metadata filter for the Permission set metadata type you could select Manage custom filters (gear icon), then click on Permission set metadata (menu on the left), select Specify named items and rules, and in the Named items section choose the particular permission set(s) you want to include or exclude:

Update the package

Check if the packages (managed or unlocked) are on the same version in the source and target, and synchronize them before deploying the permissions set.

Disclaimer: This error is returned directly by Salesforce, rather than Gearset. Even so, we offer guidance based on our combined experience with the Metadata API. Where possible, we try to help guide you to fix or avoid this error. In the case that this isn't possible, we may need to direct you to Salesforce support for further clarification.

Did this answer your question?