You are here:
Learn about Internal Analytics Users
Analytics uses internal users, Integration User and Security User, to access Salesforce data, preview data in Data Prep recipes, and enforce row-level security on datasets.
Analytics uses the permissions of the Integration User to extract data from Salesforce objects and fields when a dataflow or recipe job runs. Because the Integration User has View All Data access, consider restricting access to particular objects and fields that contain sensitive data. If the dataflow or recipe is configured to extract data from an object or field on which the Integration User does not have permission, the job fails. The Integration User permissions restrict the data extracted from Salesforce only—they don’t affect access to the data in datasets. To restrict user access to data in datasets, set up row-level security.
To enable the interactive preview in recipes, Data Prep uses the Security User. When a user previews the results of a recipe, Data Prep shows only the results that the logged-in user has permission to access. The permissions of the Security User don’t affect the data shown in the preview.
When you query a dataset that has row-level security based on the Salesforce User object, Analytics uses the permissions of the Security User to access the User object and its fields. The Security User must have at least read permission on each User object field included in a predicate. (A predicate is a filter condition that defines row-level security for a dataset.) By default, the Security User has read permission on all standard fields of the User object. If the predicate is based on a custom field, then grant the Security User read access on the field. If the Security User does not have read access on all User object fields included in a predicate expression, an error appears when you try to query the dataset using that predicate.
