Skip to main content

Permissions for API Only Profile on Salesforce connection

Salesforce API-Only Profile — Permissions Guide

Written by Amanda Merlene

Before you begin: The API-only profile must have a Salesforce username and password. The Tray integration uses OAuth to authenticate, so credentials are required even for API-only users.

Section 1: Inbound Data Source Sync (Salesforce push into Crossbeam)

Type

Requirement

Crossbeam Permissions on Team Page

Invite integration user or people user listed on team page

Full Access: Admin

Salesforce Permissions

Note: These are the "bare minimum" fields required for Crossbeam to function. Your Partnerships team and GTM end-users may need additional fields in order to achieve their specific goals and use cases.

Administrative

  • API Enabled

  • View All Users

  • View Setup & Configuration

Object Permissions

  • Account — Read access

  • Contact — Read access

  • Lead — Read access

  • Opportunity — Read access

  • User — Read access

✍️ Note

Read access to Account OR Lead objects is required: if only syncing Lead object, Account is not required.

Field Permissions

  • Id, Owner Id (for identifying records).

  • Name, Website (for matching algorithm to find overlaps).

  • IsDeleted, SystemModstamp, CreatedAt (for record-level bookkeeping).

By Object

  • Account: Account ID, Account Name, Account Website, Owner ID

  • Contact: Account ID, Contact Email, Contact ID

  • Lead: Lead Email, Lead ID, Owner ID

  • Opportunity: Account ID, Opportunity ID

  • Opportunity Contact Role: Contact ID, Contact Role ID, Opportunity ID, Primary, Role

  • User: Account Owner Email, User ID

Section 2: Custom Object ("Crossbeam Ecosystem Overlap")

This section covers the Salesforce permissions required for the API-only profile to support the Crossbeam Ecosystem Overlap custom object — the feature that pushes partner overlap data into Salesforce.

The API-only profile does not need to be listed on the Team Page in Crossbeam. The user clicking the buttons on the Crossbeam integrations page must be listed and remain on team page or the integration will break

Type

Requirement

Crossbeam Permissions on Team Page

Invite integration user or people user to team page

*this user will enter the credentials of the API-Only profile during OAuth.

*user must remain on team page or integration will break

Full Access: Admin

Sales: Manager

Salesforce Permissions

Note: Must have proper Salesforce permissions for package installation & data access "Install a Package."

Note: Read access to the mentioned objects is required for the initial connection with Crossbeam. After the connection is established, they may be removed from sync in the Crossbeam UI or by updating your Salesforce Integration User settings.

Note: These are the "bare minimum" fields required for Crossbeam to function. Your Partnerships team and GTM end-users may need additional fields in order to achieve their specific goals and use cases.

Administrative

  • “Download AppExchange Packages” permission

  • API Enabled

  • View All Users

  • View Setup & Configuration

Standard Objects

  • AccountRead access is required Additionally required: Write access
    Write to account level

    • if you want to push data through our 2 account level fields

    • if you want to push partner-shared data into fields on account object

  • Write to contacts level

    • if you want to be creating contacts from our copilot “Add to CRM” function

  • OpportunityRead access required if pushing Opportunity overlaps

  • LeadRead access required if pushing Lead overlaps

Field Permissions

  • Id, Owner Id (for identifying records).

  • Name, Website (for matching algorithm to find overlaps).

  • IsDeleted, SystemModstamp, CreatedAt (for record-level bookkeeping).

By Object

  • Account: Account ID, Account Name, Account Website, Owner ID

  • Contact: Account ID, Contact Email, Contact ID

  • Lead: Lead Email, Lead ID, Owner ID

  • Opportunity: Account ID, Opportunity ID

  • Opportunity Contact Role: Contact ID, Contact Role ID, Opportunity ID, Primary, Role

  • User: Account Owner Email, User ID

Section 3: Crossbeam Copilot ("Crossbeam Overlaps") Lightning Web Component

The API-Only profile cannot install the Crossbeam Copilot because this profile does not have access to the app launcher for Crossbeam Setup in Salesforce (Lightning page access)

Type

Requirement

Crossbeam Permissions on Team Page

Invite integration user or people user to team page

*user must remain on team page or integration will break

Full Access: Admin

Sales: Manager

Salesforce Permissions

Note: system admin can access Crossbeam Setup in the app launcher to complete Copilot setup

Administrative

  • Salesforce system administrator

  • Visualforce Page Access enabled

  • Assign Crossbeam Setup User permission

    • gives Full Access (Read, Create, Edit, Delete, View All Records, Modify All Records) to the Crossbeam Ecosystem Overlaps Custom Object

Standard Objects

  • AccountRead access is required

  • LeadRead access

Related Articles
Connecting Salesforce as a Data Source
Salesforce as a Data Source FAQs
Installation Guide: Crossbeam for Salesforce (v2)
Installation Guide: Crossbeam for Salesforce (v1)
Installation Guide: Crossbeam for Salesforce (Connector Plan)
Did this answer your question?