We leverage the Salesforce API. The Authenticated User is the user that connects our application to the client's Salesforce org. As a best practice, we recommend having a dedicated user as the Authenticated User.
The specific permissions for each user is defined either in the user’s profile, or via a permission set.
The recommended best practice for large data volumes, is to have a dedicated Authenticated User for the Backup product, and a separate dedicated Authenticated User for the Archive product.
This should enhance security and audit trail capabilities, assist in avoiding API concurrency collisions, and other similar user issues.
The Authenticated User must have the following permissions:
The Authenticated User must also have the required permissions as follows:
This initial login will require the credentials to be entered from the user's desktop, so if IP address restrictions are in place, make sure that the desktop used for the initial login is recognized as the Authenticated User. This will also be the case whenever you need to re-authenticate with Salesforce.
These permissions are NOT automatically included in the standard System Administrator profile in Salesforce:
Permission Name
Permission Type
Reason / Use Case
Documentation
Query All Files
App Permission
More efficient queries and access to private files.
View and Edit Converted Leads
Ability to see all leads
Edit Read Only Fields
System Permissions
Used to populate data on restore to fields that may normally be read only
Manage all Private Reports and Dashboards
Query / restore private reports/dashboards.
User Permissions for Sharing Reports and Dashboards
Manage Experiences
Needed if using Experience Cloud (formerly Community Cloud).
If using Salesforce Prompts (In App Guidance), this permissions allows backup of prompt versions. Prompts are common in managed packages.
NOTE: The user needs access to the target object where the prompt is pointing to or the backup of that prompt record will potentially fail. For example the object referenced in the ‘TargetPageKey1’ field on any prompt version record.
Define Prompts in Lightning Experience
Set Audit Fields upon Record Creation
Enable the 'Create Audit Fields' permission
Salesforce applications FAQs
Update Records with Inactive Owners
View All Custom Settings
Grant Read Access to All Custom Settings
View All Lookup Record Names
View Encrypted Data
Access Conversation Entries
Administrative Permission in the profile/permission set
Avoid problems with the issue described here
For more information on using the Salesforce Integration User License (API Only) as your Authenticated User see here
For more information on user profile permissions in Salesforce, see here.
For information on user profile permissions for an Authenticated User of Archive, see here.
For information on Salesforce user permissions for an Authenticated User of Seeding, see here.