OwnBackup Permissions Report

    OwnBackup aims to provide its clients with a Full & Complete backup of all the Data, Metadata, Attachments, Content Documents & Knowledgebase Articles. To ensure this - OwnBackup automatically analyzes the field-level-security on completion of every Full Backup.
    If unreadable fields are detected due to changes made to profiles and/or permissions, a warning is shown on the service's dashboard that the data has been excluded. A link is provided to a new tab ("Permissions Report") containing the report. OwnBackup also provides an actionable remediation tool.

    When selecting “see report”, the option exists to export the Field Level Security Report as an XML for Profile updates. 

    This enables admins to update any profile with missing field/object permissions using Force.com IDE and other similar tools. See The guide below on how to deploy the XML as a permission set in Workbench.
    To fix these gaps within Salesforce, first ensure the user leveraged for the backup complies with these settings.

    To immediately see the changes reflected and not wait until the next Full Backup, run a manual "Analyze Profile Permissions" job directly from the  Backup-->Options-->Analyze Profile Permissions button.

    Deploy Missing FLS via Workbench

    By downloading the Salesforce compatible XML you can achieve an easy method to update a permission set that can be applied to the authenticated user.

    Note: Security assignments, permission sets, and profile management are the sole responsibility of the user.

    Part 1: Review Report and Download XML

    View the permission report in OwnBackup to see the field list and download the data as a Salesforce compatible XML.

    Part 2: Prepare the Workbench zip to Deploy

    To create a package that Workbench can consume, you must create a specific file/folder structure. First, create an additional file titled: package.xml which contains the package definitions:

    <?xml version="1.0" encoding="UTF-8"?>
    <Package xmlns="http://soap.sforce.com/2006/04/metadata">
        <types>
            <members>IntegrationUserMissingFields</members>
            <name>PermissionSet</name>
        </types>
        <version>46.0</version>
    </Package>

    Once the file is created, update the paired payload:

    1. On your desktop, open the permissions_update.xml with a text editor.
    2. Create a permission set instead of updating the profile, search and replace the
      <Profile xmlns= ... with <PermissionSet xmlns= .... and  </Profile> with </PermissionSet>
    3. Insert the following two lines before the closing tag </PermissionSet>:
      <hasActivationRequired>false</hasActivationRequired>
      <label>IntegrationUserMissingFields</label>
      
    4. Save As” the ‘permissions_update.xml’ file to ‘IntegrationUserMissingFields.permissionset’
      • Note - Renaming the file will not work as it will keep the .xml format and fail to work when uploaded.
      You should have something similar to this:
      <?xml version="1.0" encoding="utf-8"?>
      <PermissionSet xmlns="http://soap.sforce.com/2006/04/metadata">
      	<fieldPermissions>
      		<editable>true</editable>
      		<field>Account.HiddenField__c</field>
      		<readable>true</readable>
      	</fieldPermissions>
      	<fieldPermissions>
      		<editable>true</editable>
      		<field>Account.Account_L1__c</field>
      		<readable>true</readable>
      	</fieldPermissions>
      	<fieldPermissions>
      		<editable>true</editable>
      		<field>Case.CaseClosedOnCreate</field>
      		<readable>true</readable>
      	</fieldPermissions>
      	<fieldPermissions>
      		<editable>true</editable>
      		<field>Case.CaseReason</field>
      		<readable>true</readable>
      	</fieldPermissions>
      	<hasActivationRequired>false</hasActivationRequired>
      	<label>IntegrationUserMissingFields</label>
      </PermissionSet>
      
    5. Create a folder called ‘permissionsets’ and move the - IntegrationUserMissingFields.permissionset file into that folder.
      • Note: The folder name is case sensitive and must be lowercase
    6. Select both the permissionsets folder and the package.xml and create a zip file:

    Part 3: Deploy with WorkBench

    Via Workbench, create a new Permission Set called "IntegrationUserMissingFields" with the permission Read and Edit on all the missing fields from the edited XML.

    1. Login to your target organization.
    2. Click Migration menu
    3. Select "Deploy".
    4. Choose the package zip file and select the following options:
      1. Allow Missing Files 
      2. Single Package
    5. Click Next and then Deploy.
      • If deploying to production Rollback On Error must be selected. And the test level should be ‘Run Specified test’
      • A test class that will run successfully must be used in order for the permission set to deploy to production.
      • Further reading on adding a test class in Salesforce in this article.

      If the package deployed, a success message will appear under the Results.

      Part 4: Assign the Permission Set to the Authenticated User

      In Salesforce, assigne the permission set to the authenticated user.

      1. Log in to Salesforce.
      2. Select Setup > Permission Set > 
      3. Click the permission ‘IntegrationUserMissingFields’ and then Manage Assignments button.
      4. Add the authenticated user to this permission set.
      5. After assigning the permission, validate the permissions worked in OwnBackup by re-running the analyze permission job via Backup Services →  Options → Analyze Profile Permissions

      Part 5: Updating the Permission Set File with New Field Data

      When you need to update the IntegrationUserMissingFields permission set in Salesforce, creating a new one with the same name overwrites it.

      See the following steps to leverage the OwnBackup Metadata backup to append the history of the already available fields for this permission set.

      1. Select the Metadata backup for the specific service you wish to update.
      2. Access the most recent backup, then download the XML for permission sets by selecting the highlighted number next to permission sets.
      3. Open the zip file, and navigate to the permission sets folder.
      4. In the permissionsets folder, delete all of the permission sets except the IntegrationUserMissingFields.permissionset file.
      5. Download the SFDC Compatible XML of the fields from the permission report for the affected backup.
      6. Open the SFDC Compatible XML and copy everything in between the opening and closing tag for <profile></profile>
      7. Open the IntegrationUserMissingFields.permissionset and paste the contents at the end of the file, before <hasActivationRequired>false</hasActivationRequired>

      <label>IntegrationUserMissingFields</label>

      1. Save the  IntegrationUserMissingFields.permissionset
      2. Resume from Part 2 to Part 4 to deploy via Workbench and update the current permission set.
      « Previous ArticleNext Article »


      Contact Us

      Our Customer Support team is available by phone for urgent Production issues

      Standard Plan: Monday – Friday: 9:00 AM – 6:00 PM Local Business Hours

      Premier Plan: 24/7