Once a week, for every full backup, the permissions report uses the Field-Level-Security (FLS) feature to analyze the field level permissions in your Salesforce Org. This report lists the fields that the authenticated user does not have permission for in their Salesforce Org. FLS allows a layer of permission complexity to exclude the reading of specific fields, even for users who have object permissions. By default, specific fields are excluded by certain objects for the System Admin.
If there are any fields that need excluding, an error appears on the report page. You can choose to exclude certain fields if you do not want the authenticated user to have permission for them, or they are not deemed critical by the business.
We aim to provide clients with a Full & Complete backup of all the Data, Metadata, Attachments, Content Documents and Knowledgebase Articles. To ensure this, we automatically analyze the field-level-security on completion of every Full Backup. If unreadable fields are detected due to changes made to profiles and/or permissions, a warning is shown on the service's Permissions Report page that the data has been excluded.
To immediately see the changes reflected and not wait until the next Full Backup, manually run an "Analyze Profile Permissions" job directly, by clicking the Analyze Permissions button.
An actionable remediation tool is also provided. An option exists to export the Field Level Security Report as a ZIP package for updating the permission set of the integration user. Click the Download Package, to export the Field Level Security Report. The permissions report only shows fields the integration user cannot access. It does not show what object permissions are missing.
This enables admins to update the permission set to any user with missing field permissions, using Force.com IDE and other similar tools. See the steps below on how to deploy the Package as a permission set in Workbench. To fix these gaps within Salesforce, first ensure that the authenticated user complies with these settings.
By downloading the Salesforce compatible package, you can easily update a permission set that applies to the authenticated user.
Part 1: Review Report and Download Package
View the permission report in the application to see the field list and download the data as a Salesforce-compatible Package.
The downloaded package may include fields that are marked as excluded. You can remove these fields from the package by opening the package and removing them manually from the permissionset file.
Part 2: Deploy with WorkBench
Via Workbench, create a new Permission Set called "IntegrationUserMissingFields" with the permission Read and Edit on all the missing fields.
If the package has successfully deployed, a success message will appear under the Results.
In Salesforce, assign the permission set to the authenticated user.