OwnBackup Permissions Report

    OwnBackup aims to provide its clients with a Full & Complete backup of all the Data, Metadata, Attachments, Content Documents & Knowledgebase Articles.

    In order to ensure that - OwnBackup will automatically analyze the field-level-security upon completion of every Full Backup.


    If unreadable fields are detected due to changes made to profiles and/or permission, a warning will be shown on the service's dashboard that the data has been excluded with a link to a new tab ("Permissions Report") containing the report. OwnBackup also provides an actionable remediation tool.

     


     


    When selecting “see report”, the option exists to export the Field Level Security Report as an XML for Profile updates. 
     

    This enables admins to update any profile with missing field/object permissions using Force.com IDE and other similar tools. See The guide below on how to deploy the XML as a permission set in Workbench.

    In order to fix those gaps within Salesforce, please follow the instructions below:

    • Authenticated User must have the "Modify All Data" permission

    • A license of any installed package (that requires a license in order to access its data) must be assigned to the Authenticated User

    • At least Read Access to all Standard & Custom fields (can be configured from the Field Level Security page)

    • In case, you are using the Salesforce Knowledge Base module (KB Articles), the Authenticated User must be a Knowledge User.

    *Authenticated User = The user that connects OwnBackup to the client's Salesforce org.

    To immediately see the changes reflected and not wait until the next Full Backup, please run a manual "Analyze Profile Permissions" job directly from the  Backup-->Options-->Analyze Profile Permissions button.

     

    Deploy missing FLS via Workbench

    By downloading the Salesforce compatible XML you can achieve an easy method to update a permission set that can be applied to the authenticated user. Please note that Security assignments, permission sets, and profile management are the sole responsibility of the user.

    Part 1: Review report and download XML

    View the permission report in OwnBackup in order to see the field list and download the data as a Salesforce compatible XML.

    Part 2: Prepare the Workbench zip to deploy

    In order to create a package that Workbench can consume, we need to create a specific file/folder structure. First, create an additional file titled: package.xml which contains the package definitions:

     

    <?xml version="1.0" encoding="UTF-8"?>
    <Package xmlns="http://soap.sforce.com/2006/04/metadata">
        <types>
            <members>IntegrationUserMissingFields</members>
            <name>PermissionSet</name>
        </types>
        <version>46.0</version>
    </Package>

    Now that the file is created, we will update the paired payload:

    1. On your desktop, open the permissions_update.xml with a text editor.
    2. We will be creating a permission set instead of updating the profile, search and replace the
      <Profile xmlns= ... with <PermissionSet xmlns= .... as well as  </Profile> with </PermissionSet>
    3. Insert the following 2 lines before the closing tag </PermissionSet>:
      <hasActivationRequired>false</hasActivationRequired>

    <label>IntegrationUserMissingFields</label>

    1. Save As” the ‘permissions_update.xml’ file to ‘IntegrationUserMissingFields.permissionset’
      • Note - Renaming the file will not work as it will keep the .xml format and fail to work when uploaded.
    2. Create a folder called ‘permissionsets’ and move the - IntegrationUserMissingFields.permissionset file inside that folder.
      • Note - Folder name is case sensitive and must be lowercase
    3. Select both the permissionsets folder and the package.xml and create a zip file:

    You should have something like this:

     

    Part 3: Deploy with WorkBench

    Via Workbench, we will be creating a new Permission Set called "IntegrationUserMissingFields" with the permission Read and Edit on all the missing fields from the edited XML.

    1. Login to your target organization, click on the Migration menu→ Deploy.
    2. Choose the package zip file and select the following options:
      1. Allow Missing Files 
      2. Single Package 

    Click on Next and then Deploy.

    • If deploying to production Rollback On Error must be selected. And the test level should be ‘Run Specified test’
    • A test class that will run successfully must be used in order for the permission set to deploy to production.

     

    If the package deployed, a success message will appear under the Results.

    Part 4: Assign the permission set to the authenticated user

    In Salesforce, we will be assigning the permission set to the authenticated user.

    1. Login into Salesforce and select Setup > Permission Set > 
    2. Click on the permission ‘IntegrationUserMissingFields’ and then Manage Assignments button, please add the authenticated user to this permission set.
    3. After assigning the permission, validate the permissions worked in OwnBackup by re-running the analyze permission job via Backup Services →  Options → Analyze Profile Permissions

     

     

     

     

    Part 5: Updating the permission set file with new field data

    When you need to update the IntegrationUserMissingFields permission set in Salesforce, creating a new one with the same name will overwrite it. Creating various permission sets can be messy.

    See the steps below to leverage the OwnBackup Metadata backup to append the history of the already available fields for this permission set.

    1. Select the Metadata backup for the specific service you wish to update.
    2. Access the most recent backup, then download the XML for permission sets by selecting the highlighted number next to permission sets.
    3. Open the zip file, and go to the permission sets folder.
    4. In the permissionsets folder, delete all of the permission sets except the IntegrationUserMissingFields.permissionset file.
    5. Next download the SFDC Compatible XML of the fields from the permission report for the affected backup.
    6. Open the SFDC Compatible XML and copy everything in between the opening and closing tag for <profile></profile>
    7. Now open the IntegrationUserMissingFields.permissionset and paste the contents at the end of the file, before <hasActivationRequired>false</hasActivationRequired>

    <label>IntegrationUserMissingFields</label>

    1. After pasting the contents you can save the  IntegrationUserMissingFields.permissionset
    2. Resume from Part 2 to Part 4 to deploy via Workbench and update the current permission set.
    « Previous ArticleNext Article »


    Contact Us

    Sometimes you just want to talk to someone. Our customer support team is available by phone:

    Monday – Friday: 3:00 AM – 5:00 PM ET

    Sunday: 7:00 AM – 3:00 PM GMT