This article will walk you through the definitions and components for the Leadspace Permission sets installed as part of your Leadspace for Salesforce package.
As a general rule, the package install or upgrade utilities should create these automatically as part of the setup process. However, it's important to know the definitions of these permission sets, and the permissions provided with each.
Note for Admins: LS4SF Package 5.45.1
Package 5.45.1 introduces a new way to manage FLS and CRUD permissions.
In previous packages, field-level security for all LS fields was added on the user profile level in SFDC. However, with 5.45.1, we have moved all field-level security Read/Write permissions for all LS fields to the Leadspace Permission Sets discussed in this article.
When you upgrade your LS4SF package to 5.45.1, existing FLS permissions will be removed from user profiles and you will need to assign one of the three Leadspace permission sets to users that need to view or edit LS fields. Please contact your CSM or submit a ticket to Leadspace Support if you have any questions, or would like a walk through of the updated functionality.
Definitions
There are three permission sets that are vital to the Leadspace for Salesforce application experience. Please note that SFDC profile permissions trump permission sets. For example, System Admins do not need any permission sets because their profile level permissions are higher priority than these permissions.
Leadspace Single Enrich
This gives users access to the Leadspace Enrich Button, and read/write permissions on all Leadspace custom fields. This permission set does NOT give users access to the Leadspace for Salesforce application.
For more information, please refer to the Leadspace Enrich Button article.
Leadspace Manager
The more restrictive permission set, this gives users access to basic functionality such as:
- Create & Run Sync Definitions
- View Sync Definitions, Sync Activities, and Sync Bulks
Leadspace Manager should be given to users that need to create and run enrichment jobs in LS4SF. If you are using Event Based Syncs, this permission set also needs to be given to any user that will be triggering an event based sync. For example, any user that is creating or updating accounts/leads/objects.
Leadspace Admin
The more permissive set, this gives users the ability to manage the package including:
- Create and Run Sync Defintions
- View Sync Definitions, Sync Activities, and Sync Bulks
- Manage and view the Input Field Mapping
- Manage and view Settings tab
- Manage and view all object Output Mapping tabs
- View LS Logs
Leadspace Admin should be given to users that do not have System Admin access, but that need to manage the package. Leadspace Admins have access to all the crucial mapping and setup information that makes the LS4SF integration run.
Create Leadspace Single Enrich
- Go to Setup > Permission Sets
- Click New
- Label = Leadspace Single Enrich
- API Name = LeadspaceSingleEnrich (no spaces)
- Click Save
Apex Class Access:
- leadspacesync.Utils_Leadspace
VisualForce Page Access:
- VF_EnrichAccount
- VF_EnrichContact
- VF_EnrichLead
Field Level Security
- Leadspace Manager should have Read/Write (Visible) to all LS package level fields and LS custom fields.
Create Leadspace Manager
It is recommended to create the Leadspace Manager permission set first and then 'clone' to create the Leadspace Admin permission set last.
- Go to Setup > Permission Sets
- Click New
- Label = Leadspace Manager.
- API Name = LeadspaceManager (no spaces)
- Description is optional. Click Save
- In the Permission Set Overview, we will work our way from the top and set the following values for each.
Assigned Apps:
- leadspacesync.Leadspace for Salesforce (leadspacesync__Leadspace_Sync)
- leadspacesync.Leadspace for Salesforce (leadspacesync__Leadspace_Data_Management)
Object Settings:
Account, Lead, and Contact Objects should have Read, Create, Edit, View All permissions for all of the following:
- Sync Definitions
- Sync Activity Bulks
- Sync Activities (+Delete Access)
- Search Criteria
- LS Logs
Available Tabs:
- LS Logs
- Sync Definitions
- Sync Activities
- Sync Activity Bulks
Apex Classes Access:
- leadspacesync.Batch_EnrichmentJob
- leadspacesync.Batch_PollingJob_ls
- leadspacesync.Batch_RertyBulk
- leadspacesync.LeadspaceResponseParser (Only for packages 4.35 and above)
- leadspacesync.Ctrl_DefineEnrichmentJob
- leadspacesync.StaticParser
Visualforce Pages:
- leadspacesync.VF_DefineEnrichmentJob
System Permissions:
- View All Custom Settings
- API Enabled
Field Level Security
- Leadspace Manager should have Read/Write (Visible) to all LS package level fields and LS custom fields.
Create Leadspace Admin
Now that you have created Leadspace Manager, you can clone this permission set to get a good start on the Leadspace Admin permission set.
- Go to Setup > Permission Sets
- Click on the Leadspace Manager permission set
- Click Clone
- Label = Leadspace Admin
- API Name = LeadspaceAdmin (no spaces)
- Description is optional. Click Save
- In the Permission Set Overview, we will work our way from the top and set the following values for each.
Assigned Apps:
- leadspacesync.Leadspace for Salesforce (leadspacesync__Leadspace_Sync)
- leadspacesync.Leadspace for Salesforce (leadspacesync__Leadspace_Data_Management)
Object Settings:
Account, Lead, and Contact Objects should have Read, Create, Edit, Delete, View All and Modify All permissions for all of the following:
- Sync Definitions
- Sync Activity Bulks
- Sync Activities
- Search Criteria
- LS Logs
Available Tabs:
- Sync Definitions
- Sync Activity Bulks
- Sync Activities
- Settings
- LS Logs
- Input Field Mapping
- Lead Output Mapping
- Contact Output Mapping
- Account Output Mapping
- Enrich Button Fields
Apex Class Access:
- leadspacesync.Batch_EnrichmentJob
- leadspacesync.Batch_PollingJob_ls
- leadspacesync.Batch_RertyBulk
- leadspacesync.Ctrl_ConnectionSetting
- leadspacesync.Ctrl_DefineEnrichmentJob
- leadspacesync.Ctrl_InputFieldMapping
- leadspacesync.Ctrl_ResultsFieldMapping_Account
- leadspacesync.Ctrl_ResultsFieldMapping_Contact
- leadspacesync.Ctrl_ResultsFieldMapping_Lead
- leadspacesync.LeadspaceResponseParser
- leadspacesync.StaticParser
- leadspacesync.Utils_RFM
Visualforce Pages Access:
- leadspacesync.ResultsFieldMapping_Account
- leadspacesync.ResultsFieldMapping_Contact
- leadspacesync.ResultsFieldMapping_Lead
- leadspacesync.VF_ConnectionSetting
- leadspacesync.VF_DefineEnrichmentJob
- leadspacesync.VF_InputFieldMapping
System Permissions:
- Customize Application
- Manage Custom Permissions
- Modify Metadata Through Metadata API Functions
- View Roles and Role Hierarchy
- View Setup and Configuration
- Manage Profiles and Permission Set
- API Enabled
Field Level Security
- Leadspace Manager should have Read/Write (Visible) to all LS package level fields and LS custom fields.
Questions?
If you are using an older version of LS4SF, not all of the above settings will apply. As a general best practice, you can add what you have available to you at the time of creation. For example:
Apex Class 'leadspacesync.LeadspaceResponseParser' ONLY applies if you are using version 4.45. If you are using 3.75, this is not available so you don't have to add.
If you have any questions or issues, please contact support!