<aside>

Description

Salesforce User Permissions covers the setup of secure user permissions for the SimpleTranslate integration, including user creation, isolation configuration, and permission set assignments following the principle of least privilege.

</aside>

User setup

1. Create user (in Salesforce Setup)
   • Go to Setup → Users → New User.
   • Set the following:
     • License: Salesforce Platform
     • Profile: Minimum Access - Salesforce
     • Email: [email protected]
2. Configure isolation
   • Role: No Role
   • Remove the user from all public groups.
   • Verify Organization‑Wide Defaults are set to Private.

Permission set configuration

Choose one of the following approaches based on your security requirements.

Approach 1: Manual (Secure)

1. Create a permission set named SimpleTranslate_Integration_Manual.
2. Enable system permissions:
   • API Enabled
   • Manage Translation
   • Modify Metadata Through Metadata API Functions
   • View Setup and Configuration
   • Customize Application
3. Add Read access on the Translation object.
4. Leave all field permissions blank to prevent access to field‑level content.

Approach 2: View All Data (Fast)

1. Create a permission set named SimpleTranslate_Integration_ViewAll.
2. Enable system permissions:
   • API Enabled
   • Manage Translation
   • Modify Metadata Through Metadata API Functions
   • View Setup and Configuration
   • Customize Application
   • View All Data (auto‑grants read access to all objects)
3. Leave all field permissions blank to prevent access to field‑level content.

Security and compliance considerations

Security impact

• Manual approach: Follows a zero‑trust model with explicit permissions. Recommended for production.
• View All Data approach: Faster to configure but provides broader access. More suitable for development or tightly controlled environments.

Risk mitigation

• Leaving field permissions blank helps prevent access to sensitive field data.
• Isolating the user (no role, no groups, private sharing) helps block privilege escalation.
• Using API‑only access limits what can be done through the Salesforce UI.

Monitoring

• Regularly audit permission set assignments.
• Review API usage (for example, via Setup → API Usage).
• Monitor for potential escalation attempts.

Emergency response

• Deactivate the integration user.
• Remove assigned permission sets.
• Review audit logs for suspicious activity.
• Rotate any related credentials or tokens.

Recommendation

For production environments, start with the Manual approach and expand permissions only as needed. Document all permission changes and maintain an approval process for any security‑related modifications.

<aside>

Quick View

End User Documentation

• SimpleTranslate
• SimpleT AI
• Organization </aside>