Skip to main content
All CollectionsData backup and ArchivingArchiving
Gearset archiving solution - user permissions
Gearset archiving solution - user permissions

We're commonly asked "Which permissions should be added to the authenticated user for Archiving"? Here, we address that question!

Laurence Boyce avatar
Written by Laurence Boyce
Updated over 5 months ago

This article details the user permissions required for using Gearset’s archiving solution.

When authenticating a Salesforce org against Gearset for archiving, we’d advise use of a dedicated ‘Integration' or 'Service’ user, following the principle of ‘least-privileges’ to align security best practices and enable traceability.

Assignment of additional permissions to users is most common via a permission set. An example of how permissions sets can be created and assigned can be found here.

Recommended permissions for integration / service user:

  • Bulk API Hard Delete (to ensure archived records bypass the recycle bin).

  • Manage Users & Modify All Data (for data archival & restoration).

    • N.B. The user will require ability to 'Read' & 'Edit' all fields & record types (where 'Update' ability is also required) for all 'Standard' & 'Custom' objects.

  • Query All Files (for archival & restoration of files & attachments).

Org / Use-Case Specific Permissions for Archiving

  • A Knowledge User license (for knowledge articles) with Manage Articles permission.

  • CRM Analytics Plus Admin (for CRM / Einstein analytics).

  • Manage Experiences (for Community cloud / Digital experiences).

ONLY if Security Clearance is Granted

  • View Encrypted Data (for Archival & Restoration Encrypted Salesforce Data).

  • Org-Wide Permissions: Create Audit Fields' & 'Set Audit Fields upon Record Creation (for restoration of Audit fields with their original field values).

  • Update Records with Inactive Owners (to allow restored records to be 'owned' by Inactive Users).

  • Password Never Expires - ONLY if using a dedicated Integration or Service User.

Did this answer your question?