Permission Errors
Permission errors occur when a user or the aprity integration user does not have the required access to perform an operation. This guide covers the most common permission issues and how to resolve them.
Common causes
Wrong permission set assigned
aprity ships with two permission sets in the managed package:
- aprity User -- Grants access to view documentation, download reports, and monitor scans.
- aprity Admin -- Grants full access including starting scans, managing connectors, and configuring settings.
If a user has the User permission set but tries to perform an admin action (such as starting a scan), they will see a permission error.
How to verify:
- In Salesforce, go to Setup > Users > [User] > Permission Set Assignments.
- Check which aprity permission set is assigned.
Solution:
- Assign the aprity Admin permission set to users who need to start scans and manage settings.
- Keep the aprity User permission set for users who only need to view and download documentation.
You can assign the permission set to multiple users at once via Setup > Permission Sets > aprity Admin > Manage Assignments.
Connected App not authorized for the user
Even if the aprity Connected App is configured correctly, individual users must be authorized to use it. If the user's profile or permission set is not listed in the Connected App's authorized list, API calls will fail.
How to verify:
- In Salesforce, go to Setup > Connected Apps > Manage Connected Apps > aprity.
- Under Permitted Users, check if it is set to Admin approved users are pre-authorized.
- Under Profiles or Permission Sets, confirm the user's profile or an assigned permission set is listed.
Solution:
- Add the user's profile to the Connected App's authorized profiles list.
- Alternatively, create or use an existing permission set, add it to the Connected App, and assign it to the user.
- Wait 2-10 minutes for changes to propagate.
Salesforce profile restrictions
The user's Salesforce profile may lack permissions required by aprity, even if the correct aprity permission set is assigned. Permission sets add permissions on top of the profile but cannot override profile-level restrictions in all cases.
Key permissions required:
| Permission | Why it is needed |
|---|---|
| API Enabled | Required for all aprity API communication. |
| View Setup and Configuration | Required for metadata retrieval during scans. |
| Modify All Data (or View All Data) | Required for the integration user to read metadata across all objects. |
How to verify:
- In Salesforce, go to Setup > Profiles > [User's Profile].
- Check that the permissions listed above are enabled.
Solution:
- Enable the required permissions on the user's profile.
- Alternatively, assign the user to a profile that already includes these permissions (such as System Administrator).
The integration user that aprity authenticates as (via JWT) typically needs broader permissions than regular app users. It is recommended to use a dedicated integration user with the System Administrator profile or a custom profile with full metadata read access.
Object-level or field-level security
aprity reads metadata definitions (not data). However, certain object-level and field-level security settings can restrict visibility of metadata components.
Symptoms:
- Scans complete but certain objects or fields are missing from the documentation.
- The scan shows fewer objects than expected.
Solution:
- Ensure the integration user has at least Read access to all custom objects that should be documented.
- Check field-level security for fields that appear to be missing.
Verifying the fix
After adjusting permissions:
- In the aprity app, go to Settings > Connection and click Test Connection.
- Start a new scan to confirm the permission changes take effect.
- If the issue was user-level (not integration user), have the affected user log out and back in to refresh their session.
Still not working?
If permission errors persist after checking all of the above:
- Note the exact error message from the aprity app.
- Identify which user is experiencing the error (the app user or the integration user).
- Contact support at support@aprity.ai with these details, the user's profile name, and your Org ID.