Overview
In Salesforce, a Permission Set License (PSL) cannot be removed from a user unless all permissions granted by that specific license are first removed. Attempting to remove a PSL while permissions are still assigned results in an error similar to:
"You can't remove the [PERMISSION_SET_LICENSE_LABEL] permission set license from [USER_NAME] until you remove the permission that requires the permission set license."
To resolve this, you need to identify which Permission Sets assigned to the user contain CRM Analytics-specific permissions. CRM Analytics permissions include roles such as CRM Analytics user, admin, dashboard editor, upload user, and ELT editor. You can find these Permission Sets using a SOQL (Salesforce Object Query Language) query.
How to Identify and Remove CRM Analytics Permission Sets
The following SOQL query returns the list of Permission Sets assigned to a target user that contain one or more CRM Analytics permissions. Run this query in the Developer Console or Workbench.
SELECT Assignee.Name, PermissionSet.Label, PermissionSet.Id FROM PermissionSetAssignment WHERE PermissionSetId in (SELECT Id FROM PermissionSet WHERE PermissionsInsightsAppUser = true OR PermissionsInsightsAppAdmin = true OR PermissionsAddAnalyticsRemoteConnections = true OR PermissionsInsightsAppDashboardEditor = true OR PermissionsInsightsAppUploadUser = true OR PermissionsInsightsCreateApplication = true OR PermissionsInsightsAppEltEditor = true OR PermissionsWaveTabularDownload = true OR PermissionsManageTemplatedApp = true OR PermissionsUseTemplatedApp = true) AND AssigneeId = 'USER_ID'
The query searches the PermissionSetAssignment object, filtering for Permission Sets that include any of these CRM Analytics flags: InsightsAppUser, InsightsAppAdmin, AddAnalyticsRemoteConnections, InsightsAppDashboardEditor, InsightsAppUploadUser, InsightsCreateApplication, InsightsAppEltEditor, WaveTabularDownload, ManageTemplatedApp, or UseTemplatedApp — and filters to only the assignments for the target user by their User ID.
Replace "USER_ID" in the query with the 18-character Salesforce ID of the target user.
If your org has Trend Reports in Analytics enabled, also include the PermissionsWaveTrendReports flag in the query's inner SELECT to ensure those Permission Sets are also returned.
Once you have the list of Permission Sets from the query results, unassign each Permission Set from the user. After all CRM Analytics permissions are removed, you can successfully remove the CRM Analytics Permission Set License from the user.
Resources
Permission Sets
Manage Permission Set Assignments
PermissionSet Object
PermissionSetAssignment Object
000380812

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.