Creating a scoped-down Salesforce account

The Conveyor Salesforce integration uses OAuth to grant authorization for Conveyor's Salesforce Connected App. We then use that authorization to fetch your Salesforce data.

Whichever account you use to authenticate, Conveyor will get the permissions on that account when fetching your Salesforce data. That means if, for example, you authenticate using your Salesforce admin's account, Conveyor will likely get permissions to fetch more Salesforce data than we need. If that does not pose an issue for your organization, then authenticating Conveyor using your Salesforce admin's account is the quickest way to complete setup.

However, if scoping down to the minimum permissions is important to your organization, we recommend creating a new user that has only the minimum permissions Conveyor needs to make this integration work.

Creating a scoped-down Salesforce user to integrate with Conveyor

In order to create a user with the minimum permissions required for the Conveyor integration to work, you need to:

  1. Create a new Salesforce profile;
  2. Grant access to Conveyor's required tables;
  3. Check the Field Accessibility for each of Conveyor's required fields; and,
  4. Create a new user with the new profile assigned.

Note that, at the time of writing, these steps need to be done in Salesforce Classic and not the Lightning Experience.

Create a new Salesforce profile

  1. Go to "Setup"
  2. In the left panel's quick search input, type "Profiles"
  3. Click on the search result "Profiles" under "Manage Users"
  1. On the "Profiles" page, click the button "New Profile"
  2. Choose an existing profile to clone from. If you pick a profile that already has very minimal permissions, it will be easier to modify it to what Conveyor needs
  3. Enter a "Profile Name" - something like "Conveyor Integration" would suffice

Grant access to Conveyor's required tables

  1. After you have cloned a profile, you need to click "Edit"
  2. You need to uncheck everything except the following:
  • "API Enabled" under "Administrative Permissions"
  • "Accounts", "Contacts", and "Opportunities" under "Standard Object Permissions" (check only "View All", which will automatically also check "Read")
  1. Set whatever your organization's policies dictate for "Session Settings" and "Password Policies"
  2. Click "Save"

Check the Field Accessibility for each of Conveyor's required fields

Unfortunately, just granting View All / Read access to the table might not cover everything. We need to check that the specific fields Conveyor needs are allowed. To do this, we need to check Field Accessibility.

  1. In the left panel's quick search input, type "Field Accessibility"
  2. Click on the search result "Field Accessibility" under "Security Controls"
  1. For each of "Account", "Contact", and "Opportunity", do the following:
  • Click the table name
  • Click "View by Fields"
  • Select each of the fields in the below table (one at a time) in the "Field" dropdown

Table

Fields

Account

Account Name, Annual Revenue, Website

Contact

Email

Opportunity

Opportunity Name, Stage, Amount, Close Date

If you see that it says "Hidden" next to the profile you created, you need to:

  • Click the "Hidden" text, which is a link
  • Mark the field as "Visible"
  • Click "Save"

If it doesn't say "Hidden", no action is required on your end, and that field is going to be visible to users who are assigned this profile. Remember to check each field in the table above, for each of the tables.

Create a new user

  1. In the left panel's quick search input, type "Users"
  2. Click on the search result "Users" under "Manage Users"
  3. Click "New User"
  1. Enter the details you would like for the service account user
  2. Make sure that the "Profile" is set to the one you created for Conveyor. Note that the "User License" determines which profiles can be selected. Check the profile you created to see which user license it falls under.
  3. Click "Save"

That's it! You now have a user with the minimum permissions that Conveyor needs, and no more.

Next step

Return to the Salesforce documentation to finish setting up your Salesforce account.


Did this page help you?