OwnBackup leverages the Salesforce API. The Authenticated User is the user that connects OwnBackup to the client's Salesforce org. As a best practice, OwnBackup recommends having a dedicated user as the OwnBackup Authenticated User.
The specific permissions for each user is defined either in the user’s profile, or via a permission set.
The recommended best practice for large data volumes, is to have a dedicated Authenticated User for the Backup product, and one Authenticated User for the Archive product.
This should enhance security and audit trail capabilities, assist in avoiding API concurrency collisions, and other similar user issues.
The Authenticated User must have the following permissions:
The Authenticated User must also have the required permissions as follows:
This initial login will require the credentials to be entered from the user's desktop, so if IP address restrictions are in place, make sure that the desktop used for the initial login is recognized as the OwnBackup Authenticated User. This will also be the case whenever you need to re-authenticate with Salesforce.
Permission / Settings Name
Permission Type
Reason / Use Case
Documentation
Query All Files
App Permission
More efficient queries and access to private files.
View and Edit Converted Leads
Ability to see all leads
Edit Read Only Fields
System Permissions
Used to populate data on restore to fields that may normally be read only
Manage all Private Reports and Dashboards
Query / restore private reports/dashboards.
User Permissions for Sharing Reports and Dashboards
Manage Experiences
Needed if using Experience Cloud (formerly Community Cloud).
Manage Prompts
If using Salesforce Prompts (In App Guidance). If they are in use in your org, prevent issues backup prompt versions.
NOTE: The user needs access to the target object where the prompt is pointing to or the backup of that prompt record will potentially fail. For example the object referenced in the ‘TargetPageKey1’ field on any prompt version record.
Define Prompts in Lightning Experience
Set Audit Fields upon Record Creation
Enable in the user interface when setting up, and assign via System Permissions
Populates original created date of record
Enable the 'Create Audit Fields' permission
OwnBackup for Salesforce FAQs
Update Records with Inactive Owners
Restores records with inactive owners
View All Custom Settings
Grant Read Access to All Custom Settings
View All Lookup Record Names
View Encrypted Data
Manage Flow
Manage Orchestration Runs and Work Items
Access to Flow orchestrations since Winter '23
Enable Sharing for Flow Orchestration Objects
Access Conversation Entries
Administrative Permission in the profile/permission set
Avoid problems with the issue described here
CRM Analytics Plus Admin
Modify All Data
'Modify All Data' permission
For more information on using the Salesforce Integration User License (API Only) as your OwnBackup Authenticated User see here
For more information on user profile permissions in Salesforce, see here.
For information on user profile permissions for an Authenticated User of Archive, see here.
For information on Salesforce user permissions for an Authenticated User of Sandbox Seeding (SBS), see here.
Sometimes you just want to talk to someone. Our customer support team is available by phone: