Before you connect Code42 to Salesforce, you set up a custom profile in Salesforce with a number of permissions. This article lists the permissions the Code42 service account requires as well as what those permissions allow Code42 to do in your Salesforce environment.
Permissions required by the Code42 service account user
Code42 monitors your Salesforce environment for report download activity via a series of secure API calls. As a service account API user, Code42 requires certain permissions in your Salesforce environment in order for those calls to be accepted and responded to by the Salesforce Event Manager. The following table lists the permissions the Code42 service account requires along with what those permissions allow the Code42 service account to do.
|API Enabled||Allows the Code42 service account to make API calls to retrieve event information from the Salesforce Event Manager's reporting stream, such as organization configuration details, user and group information, and event metadata.|
|Customize Application||Required in order for the Code42 service account to be granted the "View Setup and Configuration" and "View Roles and Role Hierarchy" permissions.|
|Manage All Private Reports and Dashboards||Allows the Code42 service account to retrieve metadata on the reports that users generate within Salesforce.|
|Manage Custom Permissions||Allows the Code42 service account to use Salesforce's metadata API.|
|Modify Metadata Through Metadata API Functions||Allows the Code42 service account to determine whether streaming of the required events is enabled in the Salesforce Event Manager for the organization. If streaming of any of these events is disabled, the Code42 connection enters the Error status. After you enable streaming of the events in your Salesforce environment, the error clears and the connection returns to the Monitoring status.|
|View Roles and Role Hierarchy||
Allows the Code42 service account to:
|View Setup and Configuration||Allows the Code42 service account to identify your organization's configuration settings to help diagnose errors with the Code42 connection.|
|Run Reports||Allows the Code42 service account to retrieve information about the public and private reports generated by users in your Salesforce environment.|
|View Real-Time Event Monitoring Data||
Allows the Code42 service account to subscribe to the Salesforce Event Manager's reporting stream in order to identify that a report download event has occurred.
Code42 monitoring requires the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions
You must have either the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions to use the Code42 Salesforce data connection. Only these subscriptions include the View Real-time Event Monitoring Data permission required to collect information about reports downloaded from your Salesforce environment.