You may come across a Salesforce validation/deployment error like this:
Cannot modify managed object: entity=CustomPermissionSet, component=<ID>, field=Description, state=installed
This is usually seen when you are not explicitly deploying the permission set(s) that have failed the Salesforce validation/deployment, but only selecting something like Custom field permissions
, with the failing permission sets being brought in automatically.
We suspect you are seeing this because:
in the new Salesforce API v48, Salesforce has added support for permission sets to be added into managed packages and/or unlocked packages, and
your managed package (or unlocked package) that contains the permission set is on different versions in the source and target
What can I do?
Exclude all permission sets from the comparison and therefore the deployment
To work around the issue, if you do not need to deploy any permission sets, you can remove permission sets from your comparison, which means they then cannot be brought in automatically.
Go back to your comparison results page
Click
Refresh comparison
in the bottom leftRemove the
Permission set
metadata type from your metadata comparison filterClick
Refresh comparison
in the bottom right of the modal to re-run the comparison
This is the comparison filter with Permission set
selected:
Exclude specific permission sets from the comparison and therefore the deployment
If you do want to include some permission sets in your validation/deployment, just not the specific permission sets that are causing the error, you can modify the metadata filter (described/shown above) in a different way.
If you need to include permission sets but don't need to include managed package metadata, and it's managed package permission sets causing the error, you could set
Include managed packages
toNone
.If you need to include permission sets from managed package A, and the permission sets giving the error are from managed packages B and C, you could set
Include managed packages
toChoose
, and specify only managed package A to be included.If you need to include permission sets from the same managed package(s) as the permission set(s) causing the error, in the metadata filter for the
Permission set
metadata type you could switch fromAll items
toNamed items
, and then specify the particular permission set(s) you want to include or exclude.
Update the package
Check if the packages (managed or unlocked) are on the same version in the source and target, and synchronize them before deploying the permissions set.