Skip to main content
False permissions and CI jobs

Why you may see your permissions as deleted and therefore not deployed through a CI job

Thomas Giffin avatar
Written by Thomas Giffin
Updated over a week ago

In our article on deploying a new field with its field-level Security settings, there is a section at the bottom about deploying false field permissions.

What this states is that if the metadata for a field has the following permissions:

<editable>false</editable> 
<readable>false</readable>

Gearset will suppress the resulting XML and does not show this field permission in the comparison results at all.

This behavior is also extended for some other permissions too. This includes Apex Page and Apex Class Permissions, if enabled = false then the permission will not show in the comparison.

The reason for this is that from Salesforce's point of view having "enabled = false" is equivalent to "deleted/removed". And in the Salesforce UI this is usually done via deleting an Apex Class or removing a permission. Gearset shows this change under Deleted items rather than under Changed items to tie in with this view.

What this means in relation to Continuous Integration jobs is that if in the source environment, the permissions are set to false and in the target, they are set to true, the permission (FLS, Apex Page, Apex Class) will be showing as a deleted item:

This will then not be deployed under the standard set up of a CI job, which will only deploy new or changed items.

You can set the CI job to deployed deleted items but be aware that this will mean that any detected deleted items will be automatically deleted from the target environment.

Did this answer your question?