Permissions Required for Salesforce
When you grant access to the Salesforce app instance, Netskope seeks consent for the following permissions from the Salesforce account:
Note
There is no read-only permission available to access the Salesforce Metadata API; the only available permission is 'Modify Metadata Through Metadata API Functions'. Netskope does not currently write any information to Salesforce, but reads in metadata from the Metadata API. A description of the data accessed is available here.
Permissions required by Netskope | Description | Purpose | Trade-off if not allowed |
|---|---|---|---|
API Enabled | Access any salesforce.com API. | This is a Basic permission to make API calls. The Netskope API Data Protection can connect to Salesforce. This feature is enabled by default for Unlimited, Enterprise, and Developer Editions. Note For the Professional Edition, you may need to contact Salesforce Support to enable API access. | Mandatory permission. |
Modify Metadata Through Metadata API Functions | Read and write metadata. | Allow Netskope to access the data through Metadata API. | The Netskope SSPM asset fetching and evaluation process will fail due to the method to access the data is blocked. |
View All Data | Allows the user to view all the data in the Organization. The user does adhere to the Organization wide defaults. | Evaluate and read the configuration values. Currently required for grant access for authentication (as part of API Data Protection). | The Netskope SSPM asset fetching and evaluation process will fail due to the data being not accessible. |
View All Users | Allows the user to view all users' object, regardless of sharing settings configuration. | Get Salesforce user data. Currently required for grant access for authentication (as part of API Data Protection). | The Netskope SSPM asset fetching and evaluation process will fail due to the data being not accessible. |