Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Authenticated User Permission Requirements for Archive

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Authenticated User Permission Requirements for Archive

            Archive connects to your Salesforce org through the API via an Authenticated User. This user account serves as the integration point for all Archive operations.

            We recommend that that Authenticated User be a dedicated Integration User, a full-licensed account created specifically so that all automated operations, such as purges, are logged to this user. This assignment provides a clean audit trail and distinguishes app-based actions from manual changes made by an admin.

            Important
            Important The standard Salesforce Integration User license isn't compatible with Archive. The user account designated as the Authenticated User must be assigned a full Salesforce license with a profile that grants the full required permission scope, such as a clone of the Salesforce System Admin profile.
            Note
            Note Verify that the Integration User has read and delete access to all objects that you want to archive. You can verify this access via the Field-Level Security (FLS) report.

            Basic Permissions

            Permission Permission Type Purpose
            Bulk API System Permissions

            Authenticated User with System Admin profile can activate Hard-Delete to permanently delete records and bypass the Recycle Bin during Archive operations.

            This permission is necessary for managing large datasets and directly purging records without them lingering in the Recycle Bin.
            Modify All System Permissions Grants full control over all records for a specified object. The user can view, edit, delete, and transfer ownership of records, regardless of sharing rules or other restrictions.

            Additional Permissions

            To handle ContentDocuments and restore unarchived records correctly, the Authenticated User requires these additional permissions.

            Permission Purpose
            Manage Multi-Factor Authentication (MFA) in API

            When MFA enforcement is enabled, Salesforce restricts access to org-level metadata fields.

            With this permission, Archive can read storage or limit fields, such as FileStorageMB, through the API.

            Without this permission, Archive processes that reference these fields can fail or return incomplete results.
            Query All Files Grants access to all files, bypassing sharing rules for complete capture during archiving.
            Set Audit Fields upon Record Creation Retains original metadata such as CreatedBy, CreatedDate, ModifiedBy, and ModifiedDate during unarchiving.
            Update Records with Inactive Owners Restores records assigned to inactive users.

            Enable Organization-Level Settings

            1. In Setup, go to User Interface.
            2. Select Set Audit Fields upon Record Creation and Update Records with Inactive Owners.
            Note
            Note Verify that the Integration User has read and delete access to all objects that you want to archive. You can verify this access via the Field-Level Security (FLS) report.

            Special Configuration for Veeva-Integrated Organizations

            If Archive is used with a Veeva-integrated Salesforce org, the Authenticated User requires these permissions to support Archive operations specific to Veeva.

            Permission Purpose
            Veeva Administrator Grants Veeva Administrator permissions to the Authenticated User.
            CALL_ARCHIVE_USER The Authenticated User can delete submitted Veeva calls, which is required for proper Archive functionality within Veeva.

            Archive Admin Permission Set

            The Archive Admin permission set gives Authenticated User access to comprehensive permissions for managing Archive and includes these permissions.

            Note
            Note Before continuing setup, make sure the Archive Admin permission set is assigned to these users.
            • Integration User—Required for the API user to run scheduled and background processes.
            • Salesforce Admin—Required for the admin to access and complete all setup and configuration steps.
            Permission Description
            Archive Abort Archive Activity Abort running archive activities with a status of Started.
            Archive Activities Access the Activities table.
            Archive Analyzer Run storage analysis via the home page.
            Archive Enable Export Export records from the archive.
            Archive Enable Unarchive

            Unarchive records from the Archive, or via the Archive SDK.

            If you need only one unarchive permission, you can enable one of these custom permissions, and then manually assign it to a custom permission set or profile.

            • Archive Unarchive—Permission to unarchive records from Archive only.
            • Archive Unarchive SDK—Permission to unarchive records via Archive SDK only.
            Archive Field-Level Security (FLS) Run an Archive FLS report.
            Archive Home Page Access the home page.
            Archive Legal Hold Admin Enable Legal Hold operations, such as hold, unhold, search, and export of legal hold data.
            Archive Legal Hold Table Access the Legal Hold report.
            Archive Override Widget Restriction Rule Override Archive Widget Restriction Rule.
            Archive Policy Permission Create archive policies.
            Archive Purge Policy Permission Create purge policies.
            Archive Search Search archived records.
            Archive Settings View and configure Archive settings.
            Archive View Archived Records View archived records on the Visualforce page.
            Export Abort Activity Abort running export activities with a status of Started.
            Unarchive Abort Activity Abort running unarchive activities with a status of Started.
            Note
            Note The Archive Analyzer permission grants read access to the entire archive. This permission is generally reserved for admins.
            Note
            Note The Archive Policy permission provides delete capabilities. This permission is generally reserved for admins.

            Archive Widget Access and Download Control

            Standard users can't access archived data through the Archive Widget and can encounter a system.security.NoAccessException error.

            Optionally, to turn on Archive Widget access, assign the Archive View Archived Records user permission.

            1. In Setup, locate Permission Sets.
            2. Select Archive View Archived Records.
            3. To assign the user permission to relevant users, click Manage Assignments.
            4. Click Add Assignments.

            Restrict File Downloads in Archive Widget

            To prevent users from downloading files via the Archive Widget, remove the download permission from a cloned permission set.

            1. In Setup, clone Archive View Archived Records.
            2. In the cloned set, remove DownloadFiles under Custom SystemPermissions.
            3. Save the changes.
            4. Assign the cloned set to the relevant users.

            See Also

             
            Loading
            Salesforce Help | Article