Data Quality user documentation | Assign permissions

There are two packaged EDQ permission sets you need to assign users to, as well as an individual permission to be configured for non-admin users to use External Credentials.

In situations where it is preferable for non-admin permissions to be applied to existing permission sets or profiles, we also detail how to configure the necessary permissions manually.

Assigning users to permission sets

Users should be assigned to one of the two EDQ permission sets that are packaged with the application. This includes system administrators who will be configuring the application as well as end users who will be performing validations using the application's components.

EDQ Admin: Assign this permission set to all users that require administrative access to all EDQ objects and settings.
EDQ Non-admin: Assign this permission set to all other end users who will be utilizing the EDQ components. This gives them the lowest level of access required for the four objects listed below that come with the application:
- EDQ Error Logs – Read and Create permissions necessary to work with any errors generated by the application
- EDQ Logs – Read, Create and Edit permissions necessary to work with the logs used to store the result of our Validation API calls
- EDQ Profile Settings – Read permission to check whether the user profile has been granted permission to perform address/email/phone validation or retrieve enriched address data
- EDQ State Settings – Read permission to the EDQ State objects used to facilitate the integration with Salesforce State Picklists

Note that the tabs for the four EDQ objects listed above as well as EDQ Global Settings are all set to Hidden for the EDQ Non-admin permission set, as end users aren't required to see or control these objects and settings.

Non-admin permissions implementation

The use of our EDQ Non-admin permission set is optional, but without it, the permissions must be configured manually. You are of course free to use your existing profiles or permission sets and update them to include our requirements. We provide extra instructions for doing so below. An additional note, do watch out for default permissions at the profile level overriding our EDQ Non-admin permission set.

The steps to assign a permission set are as follows:

Go to the Setup screen and type Permission Sets in the Quick Find box and select it.
Click either the EDQ Admin or EDQ Non-admin permission set.
Click Manage Assignments.
Click the Add Assignment button.
Tick your chosen users and click Next.
Choose your preferred expiration date for the assigned users and click Assign to see an Assignment Summary.
Click Done.

Configuring existing permission sets or profiles

When an org has large numbers of non-admin users it may not be practical to assign them all to a new permission set, or you may already have existing permission sets or profiles you would prefer to use. If so, you must configure the following permissions for non-admin users.

Object Settings

Set Tab Settings to Tab Hidden for all EDQ objects.

Enable the following Object Permissions:

EDQ Error Logs – Read and Create
EDQ Logs – Read, Create and Edit
EDQ Profile Settings – Read
EDQ State Settings – Read
User External Credentials - Read, Create, Edit and Delete

Ensure all Field Permissions are also set to Read Access and Edit Access based on the required object permissions detailed above.

Apex Class Access

Enable the following Apex Classes:

TExperianLEDQ.LEDQ_ServiceLayerController
TExperianLEDQ.LEDQ_TouchPointsController
TExperianLEDQ.LEDQ_WebToObjectService

Custom Metadata Types

Enable the following Custom Metadata Types:

TExperianLEDQ.LEDQ Address Fields Map
TExperianLEDQ.LEDQ Countries
TExperianLEDQ.LEDQ Settings

Enabling User External Credentials

New requirement since Winter '23

The Winter and Summer '23 releases of Salesforce introduced changes to Named/External Credentials, which requires an additional permission for non-admin users. This change can't be incorporated into the EDQ Non-admin Permission Set, so must be configured manually.

To make use of the External Credentials configured later in this setup process users must have Read, Create, Edit and Delete permissions for the User External Credentials Object Setting.

System Administrators have this permission by default, but any non-admin users who will be interacting with EDQ components will need to have this configured manually. You are free to apply this permission in a way that is appropriate to your own custom profile/permission set configuration, by following the instructions provided by Salesforce, but below we have detailed the example steps necessary for the permission set-based method:

Go to the Setup screen and type Permission Sets in the Quick Find box and select it.
Click the New button to create a new permission set.
Give it the Label EDQ User External Credentials and the API Name will be populated automatically.
Click Save.
Within the Apps section click Object Settings.
Scroll down and click User External Credentials.
Click Edit.
Enable Read, Create, Edit and Delete permissions and click Save.
Click Manage Assignments and add an assignment for all appropriate non-admin users.

Was this helpful?

Previous: Configure global settings

Next: Create an External Client App

Assign permissions