Once a week, for every full backup, the permissions report uses the Field-Level-Security (FLS) feature to analyze the field level permissions in your Salesforce Org. This report lists the fields that the authenticated user does not have permission for in their Salesforce org. FLS allows a layer of permission complexity to exclude the reading of specific fields, even for users who have object permissions. By default, specific fields are excluded by certain objects for the System Admin.
If there are any fields that need excluding, an error appears on the report page. You can choose to exclude certain fields if you do not want the authenticated user to have permission for them, or they are not deemed critical by the business.
We aim to provide clients with a Full & Complete backup of all the Data, Metadata, Attachments, Content Documents and knowledgebase Articles. To ensure this -we automatically analyze the field-level-security on completion of every Full Backup. If unreadable fields are detected due to changes made to profiles and/or permissions, a warning is shown on the service's dashboard that the data has been excluded. A link is provided to a new tab ("Permissions Report") containing the report. An actionable remediation tool is also provided.
When selecting “see report”, the option exists to export the Field Level Security Report as an XML for Profile updates.
This enables admins to update any profile with missing field/object permissions using Force.com IDE and other similar tools. See The steps below on how to deploy the XML as a permission set in Workbench. To fix these gaps within Salesforce, first ensure the user leveraged for the backup complies with these settings.
To immediately see the changes reflected and not wait until the next Full Backup, run a manual "Analyze Profile Permissions" job directly from the Backup-->Options-->Analyze Profile Permissions button.
By downloading the Salesforce compatible XML you can achieve an easy method to update a permission set that can be applied to the authenticated user.
Note: Security assignments, permission sets, and profile management are the sole responsibility of the user.
View the permission report in the application to see the field list and download the data as a Salesforce compatible XML.
To create a package that Workbench can consume, you must create a specific file/folder structure. First, create an additional file titled: package.xml which contains the package definitions:
<?xml version="1.0" encoding="UTF-8"?> <Package xmlns="http://soap.sforce.com/2006/04/metadata"> <types> <members>IntegrationUserMissingFields</members> <name>PermissionSet</name> </types> <version>54.0</version> </Package>
Once the file is created, update the paired payload:
<hasActivationRequired>false</hasActivationRequired> <label>IntegrationUserMissingFields</label>
<?xml version="1.0" encoding="utf-8"?> <PermissionSet xmlns="http://soap.sforce.com/2006/04/metadata"> <fieldPermissions> <editable>true</editable> <field>Account.HiddenField__c</field> <readable>true</readable> </fieldPermissions> <fieldPermissions> <editable>true</editable> <field>Account.Account_L1__c</field> <readable>true</readable> </fieldPermissions> <fieldPermissions> <editable>true</editable> <field>Case.CaseClosedOnCreate</field> <readable>true</readable> </fieldPermissions> <fieldPermissions> <editable>true</editable> <field>Case.CaseReason</field> <readable>true</readable> </fieldPermissions> <hasActivationRequired>false</hasActivationRequired> <label>IntegrationUserMissingFields</label> </PermissionSet>
Via Workbench, create a new Permission Set called "IntegrationUserMissingFields" with the permission Read and Edit on all the missing fields from the edited XML.
If the package deployed, a success message will appear under the Results.
In Salesforce, assign the permission set to the authenticated user.
Part 5: Updating the Permission Set File with New Field Data
When you need to update the IntegrationUserMissingFields permission set in Salesforce, creating a new one with the same name overwrites it.
See the following steps to leverage the Metadata backup to append the history of the already available fields for this permission set.
<label>IntegrationUserMissingFields</label>
Sometimes you just want to talk to someone. Our customer support team is available by phone: