Skip to main content

Gearset archiving solution - user permissions

We're commonly asked "Which permissions should be added to the authenticated user for Archiving"? Here, we address that question!

Laurence Boyce avatar
Written by Laurence Boyce
Updated over 11 months ago

This article details the user permissions required for using Gearset’s archiving solution.

When authenticating a Salesforce org against Gearset for archiving, we’d advise use of a dedicated ‘Integration' or 'Service’ user, following the principle of ‘least-privileges’ to align security best practices and enable traceability.

Assignment of additional permissions to users is most common via a permission set. An example of how permissions sets can be created and assigned can be found here.

Recommended permissions for integration / service user:

  • Bulk API Hard Delete (to ensure archived records bypass the recycle bin).

  • Manage Users & Modify All Data (for data archival & restoration).

    • N.B. The user will require ability to 'Read' & 'Edit' all fields & record types (where 'Update' ability is also required) for all 'Standard' & 'Custom' objects.

  • Query All Files (for archival & restoration of files & attachments).

Org / Use-Case Specific Permissions for Archiving

  • A Knowledge User license (for knowledge articles) with Manage Articles permission.

  • CRM Analytics Plus Admin (for CRM / Einstein analytics).

  • Manage Experiences (for Community cloud / Digital experiences).

ONLY if Security Clearance is Granted

  • View Encrypted Data (for Archival & Restoration Encrypted Salesforce Data).

  • Org-Wide Permissions: Create Audit Fields' & 'Set Audit Fields upon Record Creation (for restoration of Audit fields with their original field values).

  • Update Records with Inactive Owners (to allow restored records to be 'owned' by Inactive Users).

  • Password Never Expires - ONLY if using a dedicated Integration or Service User.

Did this answer your question?