Gearset

This article details the user permissions required for using <a href="https://gearset.com/solutions/archiving/" rel="nofollow noopener noreferrer" target="_blank">Gearset’s archiving solution</a>.

When authenticating a Salesforce org against Gearset for archiving, we’d advise use of a dedicated ‘Integration' or 'Service’ user, following the principle of ‘least-privileges’ to align security best practices and enable traceability.

Assignment of additional permissions to users is most common via a permission set. An example of how permissions sets can be created and assigned <a href="https://docs.gearset.com/en/articles/9009944-setting-up-salesforce-user-permissions-for-gearset-archiving">can be found here</a>.

Recommended permissions for integration / service user:

<code>Bulk API Hard Delete</code> (to ensure archived records bypass the recycle bin).

- N.B. This permission is mandatory, with <a href="https://docs.gearset.com/en/articles/9009944-setting-up-salesforce-user-permissions-for-gearset-archiving">details for configuration of this found here</a>.

<a href="https://help.salesforce.com/s/articleView?id=000385064&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Manage Users</code></a> &amp; <a href="https://help.salesforce.com/s/articleView?id=000384401&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Modify All Data</code></a> (for data archival &amp; restoration).

- N.B. The user will require ability to 'Read' &amp; 'Edit' all fields &amp; record types (where 'Update' ability is also required) for all 'Standard' &amp; 'Custom' objects.

<a href="https://help.salesforce.com/s/articleView?id=000381258&amp;language=en_US&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Query All Files</code></a> (for archival &amp; restoration of files &amp; attachments).

- <code>Bulk API Hard Delete</code> (to ensure archived records bypass the recycle bin).
 - N.B. This permission is mandatory, with <a href="https://docs.gearset.com/en/articles/9009944-setting-up-salesforce-user-permissions-for-gearset-archiving">details for configuration of this found here</a>.
- <a href="https://help.salesforce.com/s/articleView?id=000385064&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Manage Users</code></a> &amp; <a href="https://help.salesforce.com/s/articleView?id=000384401&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Modify All Data</code></a> (for data archival &amp; restoration). 
 - N.B. The user will require ability to 'Read' &amp; 'Edit' all fields &amp; record types (where 'Update' ability is also required) for all 'Standard' &amp; 'Custom' objects.
- <a href="https://help.salesforce.com/s/articleView?id=000381258&amp;language=en_US&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Query All Files</code></a> (for archival &amp; restoration of files &amp; attachments).

Org / Use-Case Specific Permissions for Archiving

A <code>Knowledge User</code> license (for knowledge articles) with <code>Manage Articles</code> permission.

<a href="https://help.salesforce.com/s/articleView?id=sf.bi_edd_setup_user_permissions.htm&amp;type=5" rel="nofollow noopener noreferrer" target="_blank"><code>CRM Analytics Plus Admin</code></a> (for CRM / Einstein analytics).

<code>Manage Experiences</code> (for Community cloud / Digital experiences).

- A <code>Knowledge User</code> license (for knowledge articles) with <code>Manage Articles</code> permission.
- <a href="https://help.salesforce.com/s/articleView?id=sf.bi_edd_setup_user_permissions.htm&amp;type=5" rel="nofollow noopener noreferrer" target="_blank"><code>CRM Analytics Plus Admin</code></a> (for CRM / Einstein analytics).
- <code>Manage Experiences</code> (for Community cloud / Digital experiences).

<code>View Encrypted Data</code> (for Archival &amp; Restoration Encrypted Salesforce Data).

Org-Wide Permissions: <a href="https://help.salesforce.com/s/articleView?id=000386699&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Create Audit Fields</code>' &amp; '<code>Set Audit Fields upon Record Creation</code></a> (for restoration of Audit fields with their original field values).

<code>Update Records with Inactive Owners</code> (to allow restored records to be 'owned' by Inactive Users).

<code>Password Never Expires</code> - ONLY if using a dedicated Integration or Service User.

- <code>View Encrypted Data</code> (for Archival &amp; Restoration Encrypted Salesforce Data).
- Org-Wide Permissions: <a href="https://help.salesforce.com/s/articleView?id=000386699&amp;type=1" rel="nofollow noopener noreferrer" target="_blank"><code>Create Audit Fields</code>' &amp; '<code>Set Audit Fields upon Record Creation</code></a> (for restoration of Audit fields with their original field values).
- <code>Update Records with Inactive Owners</code> (to allow restored records to be 'owned' by Inactive Users).
- <code>Password Never Expires</code> - ONLY if using a dedicated Integration or Service User.

We're commonly asked "Which permissions should be added to the authenticated user for Archiving"? Here, we address that question!

Recommended permissions for integration / service user:

Org / Use-Case Specific Permissions for Archiving

ONLY if Security Clearance is Granted