Customer Managed Permission Sets

Why This Is Needed

When you install or upgrade the AlumnIQ Sync package, any permission sets included in the package are refreshed with the permissions defined in that package version.

  • Local changes you make to packaged permission sets will be overwritten during upgrades.

  • We cannot include permissions for custom fields in your org (such as custom fields on Constituent/Contact) in the package, because those fields do not exist in every subscriber org.

To ensure your designated Integration User retains access to the necessary data, you should create a separate permission set in your org. This custom permission set will not be touched by package upgrades and can safely grant access to local objects and fields.

What the Permission Set Should Include

For the integration to function properly, grant the following access:

  • Object-level access (at minimum Read):

    • Constituent/Contact

  • Field-level access (at minimum Read):

    • External ID field used by the integration (for example: AQB_ContactExternalID__c or your equivalent)

You may also include access to other objects or fields required for your specific integration setup.

Step-by-Step: Creating the Permission Set

  1. Go to Setup In Salesforce, click the gear icon → Setup.

  2. Open Permission Sets In the Quick Find box, type Permission Sets, then click Permission Sets.

  3. Create a New Permission Set

    • Click New.

    • Label: AlumnIQ Sync Integration Access (or a name of your choice)

    • API Name: Auto-generated, or set as needed.

    • User License: If you are planning to assign the User License type of Salesforce Integration to the designated integration user you must select Salesforce API Integration, otherwise leave as None (to make it assignable to any user).

    • Click Save.

  4. Grant Object Access

    • In the permission set, under AppsObject Settings, click Contacts (or your constituent object).

    • Click Edit and check Read access (and any others needed).

    • Save your changes.

  5. Grant Field Access

    • Still in Object Settings, click into the Contacts object again.

    • Scroll to Field Permissions.

    • Check Read Access for the External ID field used by the integration.

    • Save your changes.

  6. Assign the Permission Set to the Integration User

    • In the permission set, click Manage AssignmentsAdd Assignments.

    • Select your designated Integration User.

    • Click Assign.

Maintenance Tips

  • If you add new fields or objects that the integration needs to read, update this permission set instead of modifying the packaged ones.

  • This permission set is yours to manage—package upgrades will not overwrite it.

PreviousIntegrationNextSecurity

Last updated