Once a week, for every full backup, the permissions report uses the Field-Level-Security (FLS) feature to analyze the field-level permissions in your Salesforce Org. This report lists the fields the authenticated user does not have permission for in their Salesforce Org. FLS allows a layer of permission complexity to exclude the reading of specific fields, even for users with object permissions. By default, specific fields are excluded from the System Admin by particular objects.
If any fields need to be excluded, an error appears on the report page. You can exclude specific fields if you do not want the authenticated user to have permission for them or if the business does not consider them critical.
We aim to provide clients with a complete backup of all Data, Metadata, Attachments, Content Documents, and Knowledge Articles. To ensure this, we automatically analyze the field-level security upon completion of every Full Backup.
If unreadable fields are detected due to changes made to profiles and/or permissions, an email identifying the fields unreadable due to permission exceptions is sent to the user and the service's Permissions Report page shows a warning that the data has been excluded.
To immediately see the changes reflected and not wait until the next Full Backup, manually run an "Analyze Profile Permissions" job directly by clicking the Analyze Permissions button.
An actionable remediation tool is also provided. The Field-Level Security Report can be exported as a ZIP package to update the integration user's permission set. Click Download Package to export the Field-Level Security Report. The permissions report only shows fields the integration user cannot access. It does not show what object permissions are missing.
This enables admins to update the permission set to any user with missing field permissions, using Force.com IDE and other similar tools. See the steps below on how to deploy the Package as a permission set in Workbench. To fix these exceptions within Salesforce, first ensure that the authenticated user complies with these settings.
By downloading the Salesforce-compatible package, you can easily update a permission set that applies to the authenticated user.
Part 1: Review Report and Download Package
View the permission report in the application to see the field list and download the data as a Salesforce-compatible Package.
The downloaded package may include fields that are marked as excluded. You can remove these fields from the package by opening the package and removing them manually from the permissionset file.
Part 2: Deploy with WorkBench
Via Workbench, create a new Permission Set called "IntegrationUserMissingFields" with the permission to 'Read' and edit all the missing fields.
A success message will appear under the 'Results' when the package has been successfully deployed.
In Salesforce, assign the permission set to the authenticated user.