This is an archive version of the document. To get the most up-to-date information, see the current version.

Permissions

To perform backup and restore operations, Veeam Backup for Salesforce requires the following permissions to be provided.

Salesforce API Integration

Account	Required Permissions
Salesforce User	Veeam Backup for Salesforce requires to connect to Salesforce organization to perform backup and restore operations for Salesforce resources. The user whose credentials are used to authorize the connection must be assigned full permissions required to read and modify data: System Administrator profile (grants broad permissions immediately, but not all the required ones). Permission set that has the following permissions enabled: Query All Files permission View and Edit Converted Leads permission Permissions for all record types of objects Permission set licenses for any managed application license that is required for accessing the data (for example, HVS, CPQ). Feature-based user permissions: Marketing User, Service Cloud User, Knowledge User, Salesforce CRM Content User. For sandboxes, any managed application needs to be enabled and license provided to the user. For example, High Velocity Sales requires application activation.
Salesforce Connected App	Secure and encrypted connection to Salesforce is established using the Connected App tokens. The Connected App must be assigned the following OAuth scopes: Full access (full). Perform requests at any time (refresh_token, offline_access). For more information on OAuth scopes in Salesforce, see Salesforce Documentation. To learn how to create the app, see this Veeam KB article.

Account

Required Permissions

Salesforce User

Veeam Backup for Salesforce requires to connect to Salesforce organization to perform backup and restore operations for Salesforce resources. The user whose credentials are used to authorize the connection must be assigned full permissions required to read and modify data:

System Administrator profile (grants broad permissions immediately, but not all the required ones).
Permission set that has the following permissions enabled:

Query All Files permission
View and Edit Converted Leads permission
Permissions for all record types of objects

Permission set licenses for any managed application license that is required for accessing the data (for example, HVS, CPQ).
Feature-based user permissions: Marketing User, Service Cloud User, Knowledge User, Salesforce CRM Content User.

For sandboxes, any managed application needs to be enabled and license provided to the user. For example, High Velocity Sales requires application activation.

Salesforce Connected App

Secure and encrypted connection to Salesforce is established using the Connected App tokens. The Connected App must be assigned the following OAuth scopes:

Full access (full).
Perform requests at any time (refresh_token, offline_access).

For more information on OAuth scopes in Salesforce, see Salesforce Documentation. To learn how to create the app, see this Veeam KB article.

Veeam Backup for Salesforce Components

Account	Required Permissions
PostgreSQL Database User	Veeam Backup for Salesforce creates databases and database schemas to store Salesforce data and metadata. Therefore, the database user must be granted permissions to create schemas and databases. Note: If you do not grant the user permissions to create databases, you will have to manually create databases on PostgreSQL servers first, and then add databases to Veeam Backup for Salesforce as described in section Adding Databases, before you create any backup policies.

Account

Required Permissions

PostgreSQL Database User

Veeam Backup for Salesforce creates databases and database schemas to store Salesforce data and metadata. Therefore, the database user must be granted permissions to create schemas and databases.

Note: If you do not grant the user permissions to create databases, you will have to manually create databases on PostgreSQL servers first, and then add databases to Veeam Backup for Salesforce as described in section Adding Databases, before you create any backup policies.