Loading

Error: Insufficient Privileges After Logging into a Salesforce Org — Caused by API Only User Permission

Veröffentlichungsdatum: Jul 1, 2026
Beschreibung

If a User is able to login, but is getting the 'Insufficient Privileges' error after login, the permission 'Api Only User' might be enabled in the User’s profile. To disable the permission, contact your company’s system administrator.

If there are no other Users who can edit profile permissions directly through Setup, you can use Data Loader to update profile permissions.

 

Notes:

Lösung

This article describes how to resolve the 'Insufficient Privileges' error caused by the 'API Only User' (PermissionsApiUserOnly) permission being enabled on a User's Profile. When this permission is enabled, users can only interact with Salesforce via API — they cannot log in through the UI. The steps below use Data Loader to update the Profile permission directly when no UI admin access is available.

Update 'API Only User' profile permission with Data Loader

  1. Run an Export on the Profile object and include:
  • ID
  • API Only User (PermissionsApiUserOnly)
  • Name (Optional)
  1. Change the API Only User column from True to False for the Profile associated with the impacted Users, and save the file.
  2. Use Data Loader to update the Profile permission. After logging in to Data Loader, click the Update button.
  3. Select the Show all Salesforce objects checkbox and then select Profile.
  4. Click Next after choosing the .csv file created in step 1.
  5. Click Create or Edit a Map.
  6. Map Profile ID and the Permission 'API Only User' to the fields you have in the .csv file.
  7. Click OK.
  8. Click Next and then Browse... to select the directory where the success and error files should be saved, then click Finish.
  9. When the pop-up appears asking you to proceed, click Yes.


After this process has completed, ask the impacted end user to attempt to login again. If they are still unable to login, repeat the above steps using the PermissionSet object to remove API Only User from any Permission Sets assigned to the impacted user. 

If the user is still unable to login after API Only User has been set to False for the impacted users Profile and Permission Sets, please log a Case with Support for further assistance.
 

Nummer des Knowledge-Artikels

000386367

 
Laden
Salesforce Help | Article