Granting Org Permissions to Provar
The purpose of this article is to explain what permissions you need to grant for Provar to access your Salesforce org(s), why you need to grant them, and how you can manage this in a flexible manner using a Permission Set so that you can maintain this from a single point within your Salesforce setup. Note that in the majority of cases you can use an existing System Admin profile to provision the appropriate permissions. If this is not possible for your org, follow the steps below to assign these permissions in a Permission Set.
In order for Provar to automatically understand your Salesforce Org configuration, you need to connect Provar to your org with extended privileges. This allows Provar to automatically recognize your Salesforce metadata, including page layouts, flexipages, custom buttons, links, actions, fields, visualforce pages, Lightning components and more.
In Provar, we call this the ‘Metadata Cache’. Once downloaded, you can automatically synchronize any changes made as part of an application deployment each time you run your regression tests.
Creating a Provar Permission Set
To handle the provisioning of permissions to Provar, we recommend creating a Salesforce Permission Set which can be assigned to the admin user used for testing with Provar.
Note that this permission set only needs to be granted to Salesforce Connection users requiring admin level access, and should not be applied to users where you use the ‘Log-On As’ Connection functionality to test as a specific user/profile. Refer to Adding a Connection for more information on the different types of Salesforce Connections that Provar uses.
Follow the steps below to create your Permission Set.
Step 1: Create a new Permission Set
As a System Administrator, go into Setup, select the ‘Permission Sets’ menu item and click the ‘New’ button:
Complete the New form. We suggest a name of ‘Provar Metadata’ but this can be changed to whatever naming standard is preferred.
Step 2: Add Mandatory Permissions
Select each of the following permissions and add them to the Permission Set created above.
- Modify All Data
- API Enabled
- Modify Metadata (Beta) – note: We recommend adding this now so that it will be in place for the future. Refer to the FAQ section below for more information.
Select each property to add to the permission set and then click the ‘Edit’ button to activate the corresponding checkboxes. Note that checking ‘Modify All Data’ will automatically check the ‘Modify Metadata (Beta)’ permission and any other dependencies.
Remember to click the ‘Save’ button to complete the action.
Step 3: Optional Permissions
You may want to add additional permissions to this Permission Set based on your specific org implementation and test scenarios. Feel free to include any additional permissions required that you are aware of that are not automatically included in the profile of the user used in your ‘Provar Metadata’ Connection. These may include ‘Access Libraries’, ‘Lightning Console’, ‘Mass Email’, local custom fields and specific record types.
Below are some additional suggestions for commonly added permissions. Note that these are only required if you use or test these features in your Salesforce instance.Repeat the steps as above to add them to your ‘Provar Metadata’ Permission Set as required:
- Allow Access to Customized Actions – if using Custom Actions and Chatter-based profiles
- View Data Categories in Setup – if testing Salesforce Knowledge, this also exposes the Categories in the API
- Lightning Experience User – if testing with the Lightning UI theme and not already granted by default to your user(s)
Step 4: Assign Permission Set to users
The final step is to assign your Permission Set. To do this, simply click ‘Manage Assignments’ button from the Permission Set page and then click the ‘Add Assignment’ button. Select the primary user(s) needed for connecting from Provar and accessing metadata, then click the ‘Assign’ button.
You can remove the Permission Set from a single user from the corresponding user’s profile page or from multiple users from the Manage Assignments page.
Do these enhanced permissions give you access to our org in addition to giving the Provar tool access?
No, we only have access if you provide us access. The connection is exclusively for you to create, maintain and execute test cases. We only have access to your orgs if you share login details with us or if you export a Provar project and share it with us for the purposes of customer support. This is true regardless of whether or not you use the Permission Set.
If I use a System Admin profile for my Provar metadata user, do I still need to grant this Permission Set?
No, the System Admin profile has more permissions than granted by this Permission Set. You may need to add the optional permissions, however, such as for Lightning Experience User. See Step 3 above for more information.
Why do I have to grant Modify All Data? Isn’t the Modify Metadata permission sufficient?
The Modify Metadata permission is only a Beta feature and not complete without Modify All Data. (Refer to Modify Metadata Permission (Beta) for more information). We are actively working with the appropriate Salesforce Product Managers and other Salesforce Tool ISVs to ensure this provides the required level of access. In the future we anticipate that Modify All Data may no longer be required, though it would remain useful for complex test cases.
I’ve created and applied the Permission Set but I’m seeing the message “The connection test failed: Sorry, your administrator has blocked access to the client.”
Your Salesforce administrator may have disabled access to 3rd party applications. Please refer to Solving Administrator has Blocked Access to Client Errors for more information.