Business administrator (APN business administrator)Integration user (APN integration user)Business user (APN business user)System permissions to view reports Activate flow user

Permissions sets

Three primary AWS Partner personas are supported in the AWS Partner Customer Relationship Management (CRM) connector application. These can be implemented by the AWS Partner by giving the designated Salesforce user the corresponding permission set from the app.

Topics

Business administrator (APN business administrator)
Integration user (APN integration user)
Business user (APN business user)
System permissions to view reports
Activate flow user

Business administrator (APN business administrator)

Should be given to a system admin or a business admin to configure the setup/mapping of records.
Gives full access to the Salesforce AWS Partner Network (APN) CRM administration app.
Can create, view, and edit field mappings.
Can view all sync log detail records.
Doesn’t allow the user to schedule the integration, only to set up configurations.
Doesn’t give core Salesforce setup access.
There are some settings in Salesforce that require additional access, specifically named credentials and custom settings that the AWS Partner must provide to their user. But if this permission set is paired with a Salesforce system admin profile, all of the necessary permissions to configure the application should function.

Integration user (APN integration user)

Should be assigned to a designated system user that’s responsible for processing the integration.
To schedule the integration, a Salesforce system admin should log in as this user and invoke the system integration schedule.
Allows for full access to configure the mappings, as well as invoke setting up the schedule.
The integration may break if this permission isn’t set on the user responsible for running the integration.
In addition to this permission set, the user designated to process the integration should be given field level access to all mapped fields. If this isn’t done, the mappings will fail to sync as assigned.
The outbound jobs are designed to ignore updates done in the integration user context to prevent a race-around condition, with the same record updated during inbound integration being flagged to be sent for outbound integration.

Business user (APN business user)

Can be assigned to business users who might want to see the sync log details related to their opportunities. This allows for end user troubleshooting if data is not syncing correctly.
Does not provide visibility to the sync log records and only gives access to the object and fields.
We recommend that sync log records are set to private, since they contain sensitive opportunity information.
If a private model is configured, APN business users can access only the records if the partner Salesforce administrator configures record sharing with users.

System permissions to view reports

To allow a user to view reports on the Home tab of the AWS Partner CRM connector, an administrator must grant them the following permissions:

Create and Customize Reports
Edit My Reports
Mange Reports in Public Folders
Run Reports
View Reports in Public Folders

For more information, refer to Grant Users Access to Reports and Dashboards.

Activate flow user

To allow a user to run flows and the Link private offer button on an ACE opportunity, the system administrator must configure the user as a flow user.

Ensure that the system administrator the correct permissions to assign a flow user. For more information, refer to Add Run Flows Permissions.
Choose Setup, Users.
Choose a user.
Choose Flow user.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Prerequisites

Guided setup