To perform backup and restore operations, Veeam Backup for Salesforce requires the following permissions to be provided.

Salesforce API Integration


Required Permissions

Salesforce User

Veeam Backup for Salesforce requires a Standard User with the Salesforce license type to connect to a Salesforce organization to perform backup and restore operations for Salesforce resources. Note that free Salesforce Integration Users cannot perform backup and restore operations.

The user whose credentials are used to authorize the connection must be assigned full permissions required to read and modify data:

  • System Administrator profile (grants broad permissions immediately, but not all the required ones).
  • Permission set that has the following permissions enabled:
  • Permission set licenses for any managed application license that is required for accessing the data (for example, HVS, CPQ).
  • Feature-based user permissions: Marketing User, Service Cloud User, Knowledge User, Salesforce CRM Content User.

For sandboxes, any managed application needs to be enabled and license provided to the user. For example, High Velocity Sales requires application activation.

Salesforce Connected App

Veeam Backup for Salesforce establishes secure and encrypted connections to Salesforce using tokens of Connected Apps. When creating and configuring a Connected App, make sure the following OAuth scopes are added to the app:

  • Full access (full)
  • Perform requests at any time (refresh_token, offline_access)
  • Access unique user identifiers (openid)

To learn how to create the app, see Performing Initial Configuration.

Note: The Access unique user identifiers (openid) option applies only if you use Salesforce as an identity provider. For more information on OAuth scopes in Salesforce, see Salesforce Documentation.

Veeam Backup for Salesforce Components


Required Permissions

PostgreSQL Database User

Veeam Backup for Salesforce creates databases and database schemas to store Salesforce data and metadata. Therefore, the database user must be granted permissions to create schemas and databases.

Note: If you do not grant the user permissions to create databases, you will have to manually create databases on PostgreSQL servers first, and then add databases to Veeam Backup for Salesforce as described in section Adding Databases, before you create any backup policies.