Permissions and Access

For information on common topics, expand the related section below.

Integration User Permission Requirements

The GRAX "Integration User" is the Salesforce User entity that GRAX performs all operations against your org as. This means that data is created, read, updated, and deleted in the context of this user's permissions. To best protect your org and its data, a high degree of access is required, often including permissions that are not commonly granted to Salesforce integrations that operate in a more focused capacity.

For more information on how to set up an Integration User or its profile/permission sets, as well as how to use the Missing Field Permissions and Auto Config tools, see the Integration User page.

Connecting a GRAX application to a Salesforce org with an Integration User also depends on the GRAX OAuth Connected app being properly configured, which is explained on the Connected App page.

Role Based Access Control for End Users

Whether monitoring Backup progress, managing Archive jobs, running Searches, viewing the Lightning Web Components, or otherwise using the application, every end-user will need to log in. For typical use, this is accomplished by Single Sign On via the Salesforce Org that is attached to the app. To control the features that each user can access, GRAX supports Role Based Access Control via assigning special Permission Sets to each Salesforce user.

For more information on the available roles, the features each role has access to, and how to manage the required Permission Sets with Auto Config, see the Roles for End Users page.

The ability for users to SSO within the GRAX application also depends on the GRAX OAuth Connected app being properly configured, which is explained on the Connected App page.

Tokens for API Access

For integration with third-party systems or the construction of customized user experiences that include GRAX data, developers can take advantage of the APIs served on every GRAX application server. These APIs are private per application. Administrators can:

  • Create named tokens with different feature access levels

  • Exclude a token from Field Level Security restrictions

  • Review all existing tokens, who created them, and their permissions

  • Disable an existing token immediately

For more information on API Tokens including how to create them and how to use them, see the API Tokens page.

For more information on the GRAX API including an OpenAPI specification, see https://api.grax.com. For an interactive version of this documentation, add /scalar to your app's domain.

Local Users

Under normal conditions, the GRAX application depends on Salesforce to serve as an identity provider for the purposes of login and authentication. For the purposes of recovery when disconnected from Salesforce, access when running in "disconnected" mode, and access by teams that may not have Salesforce users, GRAX allows the creation of "Local" users.

For more information about local users including how to create them and delete them, see the Local Users page.

Last updated

Was this helpful?