Please enter search query.
Search <product_name> all support & community content...
Article: 100054431
Last Published: 2025-01-28
Ratings: 0 0
Product(s): Veritas Alta SaaS Protection
Description
Introduction
This document contains the steps to create a Connected App in Salesforce for use by Veritas Alta SaaS Protection. Veritas recommends creating a new Salesforce user (e.g., “Veritas Backup Admin “) to be used only for backup / restore purposes. A new custom profile needs to be created as a clone of the “System Administrator “profile (e.g., “Veritas Backup Admin profile “). This cloned custom profile should have “View encrypted data” permission granted. Then the newly created user (Veritas Backup Admin) needs to be assigned the custom profile (Veritas Backup Admin profile).
The 'ASP BackupAdmin'user must be assigned a Salesforce license,as Veritas Alta SaaS Protection does not currently support the SalesforceAPI integration License, which has limited access to objects and features.
If an organization's security policies prohibit cloning the 'SystemAdministrator'profile, a set of required permissions can be assigned to a permission set linked to the 'ASP BackupAdmin'user created with a standardprofile.It is strongly recommended to assign all the permissions listed to avoid limitations.If any permissions are excluded,Veritas assumes that the customer understands the risks and may not provide support for related issues.When using the 'PermissionSet' approach,the 'ASP BackupAdmin'user must receive all the listed permissions by the permission set before being assigned to the 'ConnectedApp' created for Veritas Alta SaaS Protection.In this case, a 'StandardUser' profile should be used instead of the 'SystemAdmin'profile.Refer to Veritas Alta SaaS Protection documentation for guidance on creating theConnected App (Setting up a ConnectedApp in Salesforce for use by Veritas AltaSaaS Protection). Assign the new permission set to the 'ASP BackupAdmin' user rather than creating the user with the 'SystemAdministrator' profile and provide the following :
- Object permissions: 'Modify All' and 'Create' for all objects in the Salesforce organization(Standard and Custom).
- Field permissions: 'Read Access' and 'Edit Access' for all fields in all objects(Standard and Custom).
- Record Type permissions: 'Read' and 'Edit' access for all record types across all objects(Standard and Custom).Ensure that the user has all necessary feature licenses(for any installed App Exchange products)and that relevant feature permission sets are assigned
Some permissions, such as 'Modify All Data, will automatically enable other permissions. Additionally, other permissions not listed here may also be auto-enabled and must remain active for Veritas Alta SaaS Protection to function properly.
| Permissions | Data / Metadata / Both | Salesforce Description | Used by Veritas Alta Saas Protection for |
| System Permissions | |||
| Access Activities | Data | Access tasks, events, calendar, and email. | Protection (backup and restore) of Tasks, Events, Calendar and Email |
| Access Libraries | Data | Access libraries. | Protection of Libraries |
| Apex REST Services | Data | Allow access to Apex REST services | Access to Salesforce APIs |
| API Enabled | Both | Access any Salesforce.com API. | To access Salesforce APIs for backup and restore of Data and Metadata |
| Assign Topics | Data | Assign existing topics to feed items. Remove topics from feed items. |
Restore of FeedItem (while assigning a topic to FeedItem) |
| Author Apex | Metadata | Create Apex classes and triggers. | Restore of Apex classes and Triggers |
| Change Dashboard Colors | Metadata | Choose dashboard color theme and palette. | Restore of Dashboards |
| Chatter Internal User | Data | Use all Chatter features. | Protection of Chatter Objects |
| Create and Own New Chatter Groups | Data | Create and own new Chatter groups. | Restore of Chatter Groups (CollationGroup Standard object) |
| Create Content Deliveries | Data | Create content delivery links to share files that aren't managed by a library. To let a user create content deliveries for files in a library, enable Deliver Content for that user in the library. | Protection of Salesforce Orgs where Conent Delivery feature is enabled. Restore of public link Field for the Document/Attachment requires this. |
| Create Folders for Lightning Email Templates | Metadata | Create Folders for Lightning Email Templates | Restore of Email Template (in Folder) |
| Create Libraries | Data | Create libraries. | Restore of Library |
| Create Public Links | Data | Let users create links to share files externally. Unlike content deliveries, public links can't be password protected. To let a user create links to files in a library, enable Deliver Content for that user in the library. | Restore of Public Links of Documents / Attachments / Files |
| Create Topics | Data | Create new topics by assigning them to feed items. | Restore of FeedItem (while assigning a topic to FeedItem) |
| Customize Application | Metadata | Customize the organization using App Setup menu options. | Required for 'Connected App' backup. Restore of various Metadata types, e.g. Custom Fields, Page Layout etc. |
| Edit HTML Templates | Metadata | Edit Classic HTML Email Templates. | Restore of Email Templates |
| Edit Read Only Fields | Data | Edit fields that are read only due to page layouts or field-level security. | Restore values back into some fields that are read-only due to page layout or field level security |
| Edit Tasks | Data | Create, edit, and delete tasks. | Restore of Tasks |
| Edit Topics | Data | Edit topic names and descriptions. | Restore of Topics |
| Manage All Private Reports and Dashboards | Metadata | Allows full access to reports and dashboards in all other users' private folders (API only). | Restore to reports and dashboards in all other users' private folders (API only). |
| Manage Auth. Providers | Metadata | Create and edit Auth. Providers | Restore of Auth Providers |
| Manage Certificates | Metadata | Ability to manage certificates | Protecion of Certificates |
| Manage Chatter Messages and Direct Messages | Data | Access all users' messages sent in Chatter. | Protection of Chatter data |
| Manage Connected Apps | Metadata | Manage, create, edit, and delete connected applications. | Restore of Connected Apps |
| Manage Custom Permissions | Metadata | Create, edit, and delete custom permissions. | Restore of PermissionSets and Profiles |
| Manage Custom Report Types | Metadata | Create, edit, and delete custom report types. | Restore of Custom Reports |
| Manage Dashboards in Public Folders | Metadata | Create, edit, delete dashboards, and manage their sharing in all public folders. | Restore of Custom Dashboards |
| Manage Data Categories | Metadata | Create, edit, and delete data categories. | Protection of 'DataCategoryGroup' backup |
| Manage Data Integrations | Data | Monitor or abort Bulk API jobs. | Bulk API management (during backup and restore) |
| Manage Letterhead | Both | Create, edit, and delete letterheads for HTML emails. | Protection of Email Letterheads. |
| Manage Multi-Factor Authentication in API | Metadata | Use the API to manage user identity verification methods for multi-factor authentication. |
Required for Metadata Backup |
| Manage Public Classic Email Templates | Metadata | Create, edit, and delete text emails, mail merge templates, and folders for public email templates. |
Restore of Email Template in Folder |
| Manage Public Documents | Data | Create, edit, and delete folders for public documents. | Restore of Folders for Documents |
| Manage Public List Views | Metadata | Create, edit, and delete public list views. | Restore of List Views |
| Manage Reports in Public Folders | Metadata | Create, edit, delete reports, and manage their sharing in all public folders. |
Restore of Reports in Public Folder |
| Manage Unlisted Groups | Data | View and moderate unlisted Chatter groups | Protection of Unlisted Groups |
| Manage Users | Metadata | Create, edit, and deactivate users, and manage security settings, including profiles and roles. | Restore of Users |
| Modify All Data | Data | Create, edit, and delete all organization data, regardless of sharing settings. |
Needed for auto-inclusion of new objects and related objects. Third party product objects, custom objects as and when they get added to the Org, they will get picked up by ASP only if this permission is given. Also, some objects (TopicAssignment, FeedRevision, FeedAttachment, Announcement, FeedComment, EntitySubscription) require this permission for query. A few other objects require this permission for Metadata restore. |
| Modify Metadata through Metadata API Functions | Metadata | Create, read, edit, and delete org metadata. Users must have appropriate access rights to the metadata they're trying to modify. Be careful if delegating this permission. Some metadata executes in system context, when object permissions, field-level security, and sharing rules that apply to the user are ignored. For example, Apex executes in system context. | Metadata restores |
| Update Email Messages | Data | Modify certain email message related records. | Restore of EmailMessages |
| View All Custom Settings | Metadata | Let users view all custom setting data directly and via the API. | Protection of Custom Settings |
| View All Lookup Record Names | Data | View the record names in lookup fields regardless of sharing settings. Lookup fields include system fields, such as Created By and Last Modified By. | Backup of System Fields |
| View All Profiles | Metadata | View all user profiles, regardless of profile filtering setting. | Backup of Profiles |
| View And Edit Converted Leads | Data | View and edit converted lead records. | Restore of Converted Leads |
| View Developer Name | Data | View the DeveloperName field via the API. | Backup of Developer Name field |
| View Encrypted Data | Data | View the value of encrypted fields in plain text. | Protection of Encrypted Fields |
App Permissions |
|||
| Edit Case Comments | Data | Edit their own case comments but not other user's comments. | Restore of CaseComment |
| Import Solutions | Data | Import solutions for the organization. | Protection of Solutions |
| Manage Cases | Data | Administer case settings, including Email-to-Case and mass transfer of cases. | Protection of Cases |
| Manage Categories | Data | Define and modify solution categories settings. | Define and modify solution categories settings. |
| Manage Entitlements | Data | Enable, create, and update entitlement management items. | Enable, create, and update entitlement management items. |
| Manage Content Permissions | Data | Create, edit, and delete library permissions in Salesforce CRM Content. | Create, edit, and delete library permissions in Salesforce CRM Content |
| Manage Content Properties | Data | Create, edit, and delete custom fields in Salesforce CRM Content. | Create, edit, and delete custom fields in Salesforce CRM Content |
| Manage Flow | Data | Allow users to view, create, edit, delete, and activate all flows and flow types in Lightning Experience apps and Setup. |
Protection of Workflows |
| Manage record types and layouts for Files | Both | Create, edit, and delete content types in Salesforce CRM Content.. | Create, edit, and delete content types in Salesforce CRM Content. |
| Manage Salesforce CRM Content | Data | Create, edit, and delete libraries and library memberships. | Create, edit, and delete libraries and library memberships. |
| Query All Files | Data | Allows View All Data users to SOQL query all files in the org. | Protection of Documents / Attachments / Files / Salesforce CRM Content |
You may be using Salesforce’s Lightning Experience or Classic Experience. This document has the steps for each case in separate sections.
- Go to “Salesforce Lightning Experience” if you are using the Salesforce Lightning Experience
- Go to “Salesforce Classic Experience” if you are using the Salesforce Classic Experience
Salesforce Lightning Experience
Steps for creating User and Profile
- Log into your Salesforce org. (For e.g., using System Administrator profile user)
- Click on Setup.
- Locate the profile setup by typing 'profile' in the search box on the left.
- Click the button "New Profile".
- Select "System Administrator" from the list to create a clone of the profile.
- Provide a name to the profile (e.g., Veritas Backup Admin Profile"). Click on save button.
- Click on Edit button.
- Ensure that "Modify All Data" and "API enabled" permissions are granted to the new profile.
- Grant "View Encrypted Data" permission to profile, if encrypted fields are used for standard/custom objects.
- Grant "Query all files " permission to profile, to backup private library files for all users
- Sharing of public library : To protect the public libraries in the target organization, they must be shared with Veritas Backup Admin with Library Administrator access permission.
- Click on the Save button.
- Click on View Users button and then click on "New User" button for creating a new user.
- Provide user details like First Name, Last Name, Username, Email and select the profile created earlier.
- Click on the Save button.
- Logoff and Logon to the salesforce portal, using newly created user.
Steps for setting up Connected App
- While logged in to Salesforce org using newly created user, click on the Setup.
- Locate the "App Manager" setup by typing it in the search box on the left.
- Click the button at the top right to create a New Connected App.
- Provide the basic information for the new app, such as the name, as shown in the screenshot below.
- Click the checkbox to enable OAuth settings. Set the callback URL to http://localhost:1717/OauthRedirect.
- Select ‘Full Access’ and ‘Perform requests at any time (refresh_token , offline_access)’ from the list of the available OAuth scopes. This is required by the app for permissions to backup and restore various objects and records.
- Click on the save button to save the app.
- Go to the app created above and look for consumer key (see screenshot below). Copy the consumer key to a text file for use later. This is required when creating connector from the Veritas Alta SaaS Protection web UI.
- Go to the Veritas Alta SaaS Protection web UI to create a Salesforce connector.
- Enter salesforce username, instance URL and consumer key.
Login to Salesforce org -> Click on Setup -> type "My Domain" -> Click on "My Domain" -> Copy Current My Domain URL : Add https:// in it.
- Click on Generate certificate button and download the certificate.
- When entering the username, make sure the user entered is part of the profile (e.g., “Veritas Backup Admin Profile”) to be associated with the connected app so that access is limited to the user. This document uses the example of associating the custom profile (e.g., “Veritas Backup Admin Profile”) with the connected app.
- Go back to the Salesforce app created earlier and click Edit, to associate the certificate created by Veritas Alta SaaS Protection and to relax IP restrictions (see below).
- Click on the ‘Use Digital Signature’ checkbox and upload the certificate created by Veritas Alta SaaS Protection using ‘Choose File’ button.
- Keep all other settings as default and click on the Save button.
- From the App Manager, locate this app and click Manage.
- Click on Edit Policies.
- Under OAuth Policies, set Permitted Users to “Admin approved users are pre-authorized” and set IP Relaxation to “Relax IP restrictions”. Choose default for all other settings.
- Click Save.
- Scroll down and click on Manage Profiles.
- Choose the profile associated with the user who can use this connected app for backup and restore. In the screenshot below, the custom profile (Veritas Backup Admin Profile) created for Veritas Alta SaaS Protection is selected.
- Click Save.
- This completes the setup of Connected App in Salesforce for users using Lightning experience.
Salesforce Classic Experience
Steps for creating User and Profile
- Logon to your Salesforce org. (For e.g., Logging with System Administrator profile user)
- Click on Setup.
- Locate the profile setup by typing 'profile' in the search box on the left.
- Click the "New Profile" button.
- Select "System Administrator" profile from existing profile list to clone. Enter the name of profile (e.g., "Veritas Backup Admin profile").
- Click on the Save button.
- Click on Edit button.
- Ensure "Modify all data" and "API enabled" permissions are granted to the new profile.
- Grant "View Encrypted Data" permission to profile, if encrypted fields are used for Standard/Customer objects.
- Click on View Users button then click on "New User" button for creating a new user.
- Provide user details like First Name, Last Name, Username, Email and select the profile created earlier. (e.g., "Veritas Backup Admin Profile")
- Click on the Save button.
- Logoff and Logon to salesforce URL by using newly created user.
Steps for setting up Connected App
- While logged in to Salesforce org using newly created user, click on the Setup.
- Navigate to App Setup -> Apps and click on the new button.
- Provide basic information for the new app, such as the name, as shown in the screenshot below.
- Click the checkbox to enable OAuth settings. Set the callback URL to http://localhost:1717/OauthRedirect.
- Select ‘Full Access’ and ‘Perform requests at any time (refresh_token, offline_access)’ under Selected OAuth scopes. This is required by the app for permission to backup and restore various objects and records.
- Keep all other settings default. Click on the Save button to save the app.
- Got to the app just created and look for consumer key (see screenshot below). Copy the consumer key to a text file for use later. This is required when creating connector from the Veritas Alta Saas Protection web UI.
- Go to the Veritas Alta Saas Protection web UI to create a Salesforce connector.
- Enter salesforce username, instance URL and consumer key. Click on Generate certificate button and download the certificate.
- When entering the username, make sure the user entered is part of the profile (e.g., “Veritas Backup Admin Profile”) to be associated with the connected app so that access is limited to the user.
- This document uses the example of associating the custom profile (e.g., “Veritas Backup Admin Profile”) with the connected app.
- Go back to the Salesforce app created earlier and click Edit, to associate the certificate created by Veritas Alta Saas Protection and to relax IP restrictions (see below).
- Click on the "Use Digital Signature" checkbox and upload the certificate created by Veritas Alta Saas Protection using "Choose File" button.
- Keep all other settings as default and click on the Save button.
- In the App Manager, locate this app and click Manage.
- Click on Edit Policies.
- Under OAuth Policies, set the Permitted Users to "Admin approved users are pre-authorized" and set IP Relaxation to "Relax IP restrictions".
- Choose default for all other settings.
- Click on Save.
- Scroll down and click on Manage Profiles.
- Choose the profile associated with the user who can use this connected app for backup and restore. In the screenshot below, the custom (Veritas Backup Admin Profile) profile created for Veritas Alta Saas Protection is selected.
- Click Save.
- This completes the setup of Connected App in Salesforce for users using Classic experience.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.