Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/03/2024 09:04 AM - edited 10/03/2024 09:05 AM
The Preparing for Integration (saviyntcloud.com) document tells us to log in as an administrator or as a service account user to authorize the application. The user that is used to do this authorization will be used as the user who performs the connector operations. This means for example that this user is shown as the creator or modifier of user accounts in Salesforce. The guide just says that "administrator" privileges is needed but does not specify the required permissions and therefore does not comply with the principle of least privileges. The connector will function if we assign "system administrator" privileges for the user but those privileges are way too broad for the need. It'll allow administration of the whole platform while only user administration should be required.
What is the least privilege required in Salesforce for the service account to be able to perform the connector operations? The permissions for connected app itself are clearly stated in the document, but what about the user that "uses" it?
OBJECT_TO_BE_IMPORTED: Profile,Group,PermissionSet,Role,PermissionSetLicense,FeatureLicense,PackageLicense,PermissionSetGroup
10/04/2024 12:32 PM
minimum permissions required for the service account include: