Permissions for Salesforce backup and restore

Help center - SalesforceBy

This reference table outlines the system, object, and license-level permissions recommended for the Authenticated User in order to support full backup and restore coverage within Salesforce. It includes relevant use cases, system behavior, and why these permissions are important.

Knowledge base Salesforce connector

🔧 Core System Permissions

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Modify All Data	System Permission	Required to query, access, and restore all data across all objects.	Critical	Enables bulk record access
API Enabled	Profile / Permission Set Setting	Enables API access required for all backup and restore operations.	Critical	None
API Only User	Profile / Permission Set Setting	Restricts UI access for the Authenticated User, improving security.	Optional (recommended)	Must be assigned via profile or permission set
Session Activation Required = False	Permission Set Setting	Prevents session disruption that blocks token-based integration access.	Critical	Must be set in permission set
Query All Files	App Permission	Required to access and restore private files efficiently.	Critical	None
View All Custom Settings	System Permission	Enables access to custom settings used in backup/restore relationships.	Critical	None
View All Lookup Record Names	System Permission	Needed to preserve lookup relationships and ensure record links are restorable.	Critical	None
Edit Read Only Fields	System Permission	Enables restore into fields like Case.ClosedDate or system audit fields.	Critical (if applicable)	None
Set Audit Fields on Record Creation	System Permission (UI-enabled)	Preserves CreatedDate and CreatedBy values during record restoration.	Optional	Must enable via UI
Update Records with Inactive Owners	System Permission (UI-enabled)	Prevents restore failures when records are owned by inactive users.	Optional	Must enable via UI

⚙️ Flow & Automation

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Manage Flow	System Permission	Required to access and back up Flow metadata and configuration.	Critical (if applicable)	None
Run Flows	System Permission	Required for runtime execution of flows (important for restore testing).	Critical (if applicable)	None
Manage Orchestration Runs and Work Items	System Permission	Supports Flow Orchestration object access since Winter ’23.	Optional (if applicable)	None

🌐 Platform Experience & UI

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Manage Experiences	System Permission	Required if Experience Cloud is enabled; enables restore of site data.	Optional (if applicable)	Requires Experience Cloud
Manage Prompts	System Permission	Required to back up Salesforce In-App Guidance (Prompt Versions).	Optional (if applicable)	Target object must be accessible
Access Conversation Entries	Administrative Permission	Resolves Summer '21 issue that triggers errors, even if unused.	Optional	Fixed in Patch 13 (Summer ’21)

📊 Reports, Dashboards, and Analytics

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Manage All Private Reports and Dashboards	System Permission	Enables access to and restore of user-specific reports and dashboards.	Optional	None
CRM Analytics Plus Admin	Permission Set License	Required to back up Einstein Analytics / Tableau CRM (force.com API-supported).	Optional (if applicable)	Requires license assignment

📚 Knowledge Management

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Knowledge User + View Articles	Feature License + System Permission	Needed to back up and restore Lightning Knowledge articles.	Optional (if applicable)	Requires Knowledge enabled

🔐 Security & Encryption

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
View Encrypted Data	System Permission	Required to back up and restore fields encrypted with Classic Encryption.	Critical (if applicable)	Requires encryption enabled
Manage Encryption Keys	System Permission	Required to back up the TenantSecret object.	Optional (if applicable)	None

📦 Metadata & Admin Functions

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
Customize Application	System Permission	Avoids cross-reference issues during metadata backup or validation rule evaluation.	Optional	None
Manage Users	System Permission	Enables retrieval of Profile metadata and supports Analyze Profile Permissions logic.	Optional	None
Modify Metadata Through Metadata API Functions	System Permission	Required if restoring Apex classes, triggers, or custom metadata.	Optional (advanced)	None
View Setup and Configuration	System Permission	Useful when backing up metadata like Apps, Tabs, and Layouts.	Optional (recommended)	None

✉️ Communication, Chatter, and Templates

Permission / Setting	Permission Type	Purpose / Use Case	Critical or Optional	Dependencies / Conflicts
View and Edit Converted Leads	App Permission	Allows access to lead data, including converted leads.	Optional	None
Access Email Templates and Letterheads	System/Object Permission	Required for email template and branding configuration backups.	Optional (if applicable)	None
Access Chatter Data (FeedItem, FeedComment)	Object-Level Access	Required to back up and restore Chatter posts and conversations.	Optional (if applicable)	None

Help center - SalesforceBy

Additional Notes

All required permissions should be assigned using Permission Sets and Permission Set Groups. Profiles may be used temporarily but will be deprecated by Spring ’26.
Permission dependencies may vary based on Salesforce edition, managed packages, or specific features in use.
Always test permissions in a sandbox environment before connecting to production.

Upcoming Salesforce shifts that may affect permission needs

As Salesforce phases out legacy tools and rolls in newer technologies, your permission models may need to evolve. Keep the following in mind:

Workflow Rules & Process Builder are deprecated → Increased reliance on Flow, which is more permission-intensive
Experience Cloud, Flow Orchestration, In-App Guidance, and Prompt Builder usage is growing → Requires specific permissions like Manage Prompts, Manage Experiences, Manage Orchestration Runs
AI-driven features and Einstein tools (like GPT summaries, Predictions) may expand API requirements
Profiles will be deprecated in Spring '26 → Use Permission Sets & Permission Set Groups for sustainable security models

⚠️ Security Note: If Multi-Factor Authentication (MFA) is enforced org-wide, the Authenticated User must be excluded via profile or permission set assignment. This ensures uninterrupted OAuth token issuance.

Monitor Salesforce release notes and roadmap updates to ensure future compatibility.

Knowledge base Salesforce connector

Salesforce workload

Permissions for Salesforce backup and restore

🔧 Core System Permissions

⚙️ Flow & Automation

🌐 Platform Experience & UI

📊 Reports, Dashboards, and Analytics

📚 Knowledge Management

🔐 Security & Encryption

📦 Metadata & Admin Functions

✉️ Communication, Chatter, and Templates

Permissions for Salesforce backup and restore

Additional Notes

Upcoming Salesforce shifts that may affect permission needs

Related articles

Create a Salesforce connector