Gearset

This article details the user permissions required for using Gearset’s Salesforce backup &amp; restore solution. 

When authenticating a Salesforce org against Gearset for data &amp; metadata backup &amp; restore, we’d advise use of a dedicated <code>Integration</code> or <code>Service</code> user, following the principle of <code>least-privileges</code> to align security best practices and enable traceability.

Assignment of additional Permissions to Users is most common via a Permission Set. An example of how permissions sets can be created and assigned <a href="https://docs.gearset.com/en/articles/9009944-setting-up-salesforce-user-permissions-for-gearset-archiving">can be found here</a>.

Recommended permissions for Integration / Service user:

<a href="https://help.salesforce.com/s/articleView?id=000385064&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Manage Users</code></a> &amp; <a href="https://help.salesforce.com/s/articleView?id=000384401&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Modify All Data</code></a> (for Data &amp; Metadata Backup &amp; Restore).

- N.B. The user will require ability to 'Read' &amp; 'Edit' all Fields &amp; Record Types (where 'Update' ability is also required) for all 'Standard' &amp; 'Custom' Objects.

<a href="https://help.salesforce.com/s/articleView?id=000381258&amp;language=en_US&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Query All Files</code></a> (for backup &amp; restore of files &amp; attachments)

- <a href="https://help.salesforce.com/s/articleView?id=000385064&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Manage Users</code></a> &amp; <a href="https://help.salesforce.com/s/articleView?id=000384401&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Modify All Data</code></a> (for Data &amp; Metadata Backup &amp; Restore). 
 - N.B. The user will require ability to 'Read' &amp; 'Edit' all Fields &amp; Record Types (where 'Update' ability is also required) for all 'Standard' &amp; 'Custom' Objects.
- <a href="https://help.salesforce.com/s/articleView?id=000381258&amp;language=en_US&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Query All Files</code></a> (for backup &amp; restore of files &amp; attachments)

Org / Use-Case Specific Permissions for Backup and Recovery

A <code>Knowledge User</code> license (for Knowledge Articles) with <code>Manage Articles</code> permission.

<a href="https://help.salesforce.com/s/articleView?id=sf.bi_edd_setup_user_permissions.htm&amp;type=5" rel="nofollow noopener noreferrer" target="_blank"><code>CRM Analytics Plus Admin</code></a> (for CRM / Einstein Analytics).

<code>Manage Experiences</code> (for Community Cloud / Digital Experiences).

<code>Manage All Private Reports and Dashboards</code> (for Backup &amp; Restoration of all Reports &amp; Dashboards).

- A <code>Knowledge User</code> license (for Knowledge Articles) with <code>Manage Articles</code> permission.
- <a href="https://help.salesforce.com/s/articleView?id=sf.bi_edd_setup_user_permissions.htm&amp;type=5" rel="nofollow noopener noreferrer" target="_blank"><code>CRM Analytics Plus Admin</code></a> (for CRM / Einstein Analytics).
- <code>Manage Experiences</code> (for Community Cloud / Digital Experiences).
- <code>View All Custom Settings</code>.
- <code>Manage All Private Reports and Dashboards</code> (for Backup &amp; Restoration of all Reports &amp; Dashboards).

<code>View Encrypted Data</code> (to Back up encrypted Salesforce data).

Org-Wide Permissions: <a href="https://help.salesforce.com/s/articleView?id=000386699&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Create Audit Fields</code> &amp; <code>Set Audit Fields upon Record Creation</code></a> (for restoration of Audit fields with their original field values).

<code>Update Records with Inactive Owners</code> (to allow restored records to be 'owned' by Inactive Users).

<code>Password Never Expires</code> - ONLY if using a dedicated ‘Integration' or 'Service’ User.

- <code>View Encrypted Data</code> (to Back up encrypted Salesforce data).
- Org-Wide Permissions: <a href="https://help.salesforce.com/s/articleView?id=000386699&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Create Audit Fields</code> &amp; <code>Set Audit Fields upon Record Creation</code></a> (for restoration of Audit fields with their original field values).
- <code>Update Records with Inactive Owners</code> (to allow restored records to be 'owned' by Inactive Users).
- <code>Password Never Expires</code> - ONLY if using a dedicated ‘Integration' or 'Service’ User.

We're commonly asked "Which Permissions should be added to the authenticated user for backup & restore"? Here, we address that question!

Recommended permissions for Integration / Service user:

Org / Use-Case Specific Permissions for Backup and Recovery

ONLY if Security Clearance is Granted