Skip to main content

Netskope Help

Permissions Required for Salesforce

When you grant access to the Salesforce app instance, Netskope seeks consent for the following permissions from the Salesforce account:

Note

There is no read-only permission available to access the Salesforce Metadata API; the only available permission is 'Modify Metadata Through Metadata API Functions'. Netskope does not currently write any information to Salesforce, but reads in metadata from the Metadata API. A description of the data accessed is available here.

Table 19. Permissions Required by Netskope for Salesforce

Permissions required by Netskope

Description

Purpose

Trade-off if not allowed

API Enabled

Access any salesforce.com API.

This is a Basic permission to make API calls. The Netskope API Data Protection can connect to Salesforce. This feature is enabled by default for Unlimited, Enterprise, and Developer Editions.

Note

For the Professional Edition, you may need to contact Salesforce Support to enable API access.

Mandatory permission.

Modify Metadata Through Metadata API Functions

Read and write metadata.

Allow Netskope to access the data through Metadata API.

The Netskope SSPM asset fetching and evaluation process will fail due to the method to access the data is blocked.

View All Data

Allows the user to view all the data in the Organization. The user does adhere to the Organization wide defaults.

Evaluate and read the configuration values. Currently required for grant access for authentication (as part of API Data Protection).

The Netskope SSPM asset fetching and evaluation process will fail due to the data being not accessible.

View All Users

Allows the user to view all users' object, regardless of sharing settings configuration.

Get Salesforce user data. Currently required for grant access for authentication (as part of API Data Protection).

The Netskope SSPM asset fetching and evaluation process will fail due to the data being not accessible.