Summary
When you set up the Salesforce integration in Planhat, you'll need to authenticate via a chosen Salesforce User
Optionally, you may which to create a specific Salesforce User just for the integration (rather than use an existing one)
It's easiest to connect the integration with a Salesforce User who has full System Administrator Profile permissions, but if you would prefer to use a Profile with more limited permissions, we list the minimum here
Who is this article for?
It's for Planhat builders (e.g. CS Ops) or Salesforce admins configuring the Salesforce integration
Series
We have a series of articles on the Salesforce integration:
Salesforce integration User permissions ⬅️ You are here
Article contents
This is a technical deep-dive article
Read on if you'd like to learn about the Salesforce User permissions for connecting the Salesforce integration.
If you'd just like an overview of the Salesforce integration, please refer to our main article.
Salesforce User for connection
When you're setting up the Salesforce integration in Planhat, the first main step is to connect Planhat to your Salesforce org. You complete this authorisation as a specific named Salesforce User.
You may use an existing Salesforce User, or you may wish to create a specific new Salesforce User to carry out this authentication, to make it easier to track changes in Salesforce performed by the integration (as they will show in Salesforce as being modified by that User).
Whether you connect with an existing Salesforce User or a new specific one, ideally they should have full System Administrator Profile permissions, as this is the easiest way to ensure the integration has sufficient permissions, but if you would prefer to give only the minimum required permissions, we give details below. You can create a new Profile with these permissions, and apply them to the integration User.
Minimum permissions for the Salesforce integration User
If you don't want to use full System Administrator Profile permissions, the Salesforce User you use to link Salesforce and Planhat needs to have the permissions listed below as a minimum.
📌 Important to note
The User needs to be able to access all the required objects/fields, even if you are not syncing them, because the integration checks them all when loading
If you're only syncing from Salesforce to Planhat ("Receive from Salesforce") rather than from Planhat to Salesforce, you only need the "read" permissions
Note that these permissions need to be included in the "Profile" in Salesforce, rather than using Salesforce "Permission sets". This is due to how Salesforce makes the connection for integrations.
Object permissions
Read/edit/create for the following objects:
Account
Contact
Note, ContentNote and ContentDocumentLink
Case and CaseComment
FeedItem (to sync comments on Chatter for Cases; now it is optional)
Task
Opportunity - or whichever object you use for subscriptions to map to the Planhat License and Sale/NRR models
User
Profile
Any additional objects you have selected in the integration - e.g. OpportunityLineItem, Order, or custom objects
Field permissions
Read/edit permissions for all fields syncing via the integration - so this is fields syncing as default and fields you've set to sync in the custom field mapping sections.
This includes:
Account: Name, and the field used in the filter (example shown in the screenshot below)
Contact: FirstName, LastName, Email, Phone, Title, AccountId, and the field used in the filter
Task: Subject, Description, Status, and ActivityDate (label name "Due Date")
Administrative permissions
You also need to ensure that the "API Enabled" permission is turned on for the Profile.