Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Least privileged permissions needed for Salesforce connector

Jari_K
New Contributor III
New Contributor III

The Preparing for Integration (saviyntcloud.com) document tells us to log in as an administrator or as a service account user to authorize the application. The user that is used to do this authorization will be used as the user who performs the connector operations. This means for example that this user is shown as the creator or modifier of user accounts in Salesforce. The guide just says that "administrator" privileges is needed but does not specify the required permissions and therefore does not comply with the principle of least privileges. The connector will function if we assign "system administrator" privileges for the user but those privileges are way too broad for the need. It'll allow administration of the whole platform while only user administration should be required.

What is the least privilege required in Salesforce for the service account to be able to perform the connector operations? The permissions for connected app itself are clearly stated in the document, but what about the user that "uses" it?

OBJECT_TO_BE_IMPORTED: Profile,Group,PermissionSet,Role,PermissionSetLicense,FeatureLicense,PackageLicense,PermissionSetGroup

1 REPLY 1

rushikeshvartak
All-Star
All-Star

minimum permissions required for the service account include:

  • API Enabled: For communication between Saviynt and Salesforce.
  • View and Manage Users: To create, modify, and deactivate users.
  • View and Edit permissions on objects like Profile, Role, Group, Permission Set, and associated licenses.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.