Loading

Metadata API Deployment Does Not Apply Object Permissions for Non-Salesforce License Profiles in CRM Analytics.

게시 일자: Apr 30, 2026
상세 설명

How does the process of creating a new profile currently function?

  • The creation of profiles, excluding those for Salesforce Licenses, begins with a cloning of the corresponding standard profile within the organization. This results in the inclusion of the viewAllData user permission, as well as Read and ViewAllRecords permissions for all entities within the Analytics Cloud Integration User profile.
  • Subsequently, an upsert operation is executed for each UserPermission provided in the payload. It should be noted that the viewAllData permission will remain unchanged, unless specified in the profile's metadata payload to be set to false.
  • Following this, an upsert is also performed for ObjectPermissions. However, as viewAllData is set to true by default, the Read and ViewAllRecords permissions are automatically enabled, rendering any changes to the ObjectPermissions in the profile's metadata XML obsolete.
솔루션

We recommend manually adding following attributes in the profile metadata before deploying to ignore all the objects being populated with ViewAll Data.

In the profile metadata XML file, add a userPermissions entry that sets ViewAllData to false and a second entry setting QueryAllFiles to false. This prevents the deployment process from automatically granting View All Data permissions to all objects.

    This measure will effectively prohibit the automatic updating of all object permissions to "View All Data" during the deployment process.

    As a result of this limitation, it is recommended that all object permissions be manually updated after deployment.

    추가 자원

    Ref: Profile Metadata

    Knowledge 기사 번호

    005093100

     
    로드 중
    Salesforce Help | Article