Login

Access Management

GRAX controls access levels via Permission Set assignments. At the bottom of this document, those permission sets are explained and broken down, but let's first cover what the resultant access would look like for users. Below is a summary of each high-level GRAX feature, and how access levels interact with them.

FeatureStandard UserSeeding UserPower UserPurge UserAdmin User
Auto Backup DashboardNoneNoneViewNoneView and Configure
ArchiveNoneNoneView and RunNoneView and Run
RestoreNoneNoneView and RunNoneView and Run
Delete TrackingNoneNoneViewNoneView
Sandbox SeedingNoneView and RunView and RunNoneView and Run
SearchView and RunView and RunView and RunNoneView and Run
PurgeNoneNoneNoneView and RunView and Run
History StreamNoneNoneViewNoneView and Configure
SettingsNoneNoneNoneNoneView and Configure

To summarize the main differences between these 4 access levels:

  • Admin User can see and do everything
  • Power User has nearly the same access as Admin User, but cannot see Settings and cannot configure objects for Search or History Stream
  • Seeding User can run Global Search and Seed records into a sandbox
  • Purge User can purge records from the GRAX Data Vault
  • Standard User can lookup records by the ID and see record details, but cannot see any other features

You can find a call-out in the GRAX navigation menu stating the current logged in user's access level. Note that the Permission Sets are cumulative, such that the user has the highest level of access granted.

Controlling Access

Any user that wants to access GRAX must first have the proper Salesforce permission set assignments. There are 2 supported ways to assign Salesforce permission sets.

GRAX Console Permissions

GRAX Auto Config creates the following user access permission sets in Salesforce when you connect the GRAX Application to your Salesforce org the first time.

  • GRAX Console Standard Permission: Standard User access per the table above
  • GRAX Console Seeding Permission: Seeding User access per the table above
  • GRAX Console Purge Permission: Purge User access per the table above
  • GRAX Console Power Permission: Power User access per the table above
  • GRAX Console Admin Permission: Admin User access per the table above
  • GRAX Console View All Fields: Do not apply Field Level Security checks to this user in the GRAX Application (see below for more details)

The GRAX Console Admin Permission permission set is assigned to the GRAX Integration user account automatically otherwise these are created but not assigned. Please be sure to assign the proper level of access to all users that you want to access the GRAX Application.

Manually Creating the Console Permissions

The following script can be used to create GRAX Permission Sets using the Salesforce Developer Console:

  1. Open the Salesforce Developer Console
  2. Open the Debug menu
  3. Select Open Execute Anonymous Window (or press CTRL + E)
  4. Copy the script below into the Enter Apex Code dialog
  5. Select the Open Log checkbox
  6. Click Execute
PermissionSet pa = new PermissionSet(Name = 'GRAX_Console_Admin_User', Label = 'GRAX Console Admin Permission', Description='Grants users Admin User permissions to the GRAX console');
insert pa;

PermissionSet pp = new PermissionSet(Name = 'GRAX_Console_Power_User', Label = 'GRAX Console Power Permission', Description='Grants users Power User permissions to the GRAX console');
insert pp;

PermissionSet pr = new PermissionSet(Name = 'GRAX_Console_Purge_User', Label = 'GRAX Console Purge Permission', Description='Grants users Purge permissions to the GRAX console');
insert pr;

PermissionSet ps = new PermissionSet(Name = 'GRAX_Console_Seeding_User', Label = 'GRAX Console Seeding Permission', Description='Grants users Sandbox Seeding permissions to the GRAX console');
insert ps;

PermissionSet pu = new PermissionSet(Name = 'GRAX_Console_Standard_User', Label = 'GRAX Console Standard Permission', Description='Grants users Standard User permissions to the GRAX console');
insert pu;

Field Level Permissions

In addition to the Access Levels above, GRAX applies field level permissions to all users logged in via SSO. This means you can restrict what fields they see in the GRAX Application the same way you'd do for any Salesforce user. The "View All Fields" modifier allows a user to see add fields on an object in GRAX, regardless of their Salesforce Field Level Security or the current object schema.

The following script can be used to create this GRAX Permission Set using the Salesforce Developer Console:

  1. Open the Salesforce Developer Console
  2. Open the Debug menu
  3. Select Open Execute Anonymous Window (or press CTRL + E)
  4. Copy the script below into the Enter Apex Code dialog
PermissionSet pv = new PermissionSet(Name = 'GRAX_View_All_Fields', Label = 'GRAX Console View All Fields', Description='Grants users access to view all fields in GRAX regardless of their Field Level Security permissions');
insert pv;

User Permission Sets Installed Via the GRAX Managed Package for Salesforce

These permission sets are installed when you install the GRAX Managed Package for Salesforce. They control user access within the managed package, as well as within the GRAX webapp and embedded experiences.

Managed Package Salesforce Permission SetStandard User AccessPower User AccessAdmin Access
GRAX_Configuration_Admin:white-check-mark::white-check-mark::white-check-mark:
GRAX_Advanced_User:white-check-mark::white-check-mark:
GRAX_User:white-check-mark:

Next Steps

To proceed with connecting GRAX to Salesforce and your storage platform of choice, start with our connection documentation.