FORMULASHARE ENTERPRISE / UNLIMITED ONLY
This page describes the permissions required for the two main processing paths that keep public groups up to date, the scheduled batch job and real-time trigger processing.
Batch Job Running User
The FormulaShare batch jobs which apply sharing and assess and populate team groups query team data in user mode. This means the user account configured to run the scheduled batch must have read access to the objects and fields referenced by each active Team Mapping:
- Read access to the Team Object, Team Member Object (if configured), and (if configured) the Team Affiliation Object
- Read access to the lookup fields used by the mapping: the team lookup field on the Team Member object, the user lookup field on the Team Member object, the parent team field on the Team Object (if used), and the affiliation lookup fields (if used)
- Read access to the Team Name Field or External ID Field if either is used as the Group Name Suffix
- Read access to the Team Role Field and/or Team Member Role Field if role-based membership is configured
If the batch running user lacks any of these permissions, FormulaShare will be unable to query the relevant records and the corresponding groups will not be created or populated, and sharing will not be applied. Check the batch job's debug log or the FormulaShare log records if groups are not being created as expected or sharing is not being applied as expected by full or targeted calculation jobs.
The batch job creates and manages public groups and group members in system mode, so the batch running user does not need permissions to manage public groups directly.
Users Initiating Trigger Operations
When team triggers are enabled (see Trigger Setup for Group Updates), changes to team member, team, and team affiliation records cause FormulaShare to enqueue a queueable job to update the relevant public groups.
SOQL queries against team data (the team object, team member object, and team affiliation object) run in user mode, using the context of the user who initiated the triggering operation. That user must therefore have read access to the same objects and fields listed above for the batch running user. If any of these read permissions are missing, the queued job will be unable to retrieve the data it needs and group membership will not be updated correctly.
DML to create or update public groups and group members runs in system mode, so the triggering user does not need permissions to manage public groups or group members directly – FormulaShare handles that regardless of their profile.
Users with the FormulaShare Groups Trigger Bypass custom permission assigned will have trigger processing skipped entirely for their transactions. This is useful for data migration or bulk operations where group membership should be reconciled by the next batch reassessment instead.
For the User trigger (for "Users with Matching Field Value" rules), the running user must have read access to the User fields referenced by active rules. No special permissions on public groups are required.
Permission Set for the Standard FormulaShare Teams Objects
FormulaShare includes a permission set named "FormulaShare Create and Manage FormulaShare Teams" which grants the permissions needed to create and manage records in the standard teams data model (sdfs__Team__c, sdfs__Team_Member__c, and sdfs__Team_Affiliation__c). Specifically, it grants:
- Create, edit, and View All on
Team__c(delete not included to protect accidental removal) - Create, edit, delete, and View All on
Team_Member__candTeam_Affiliation__c - Read and edit access to all standard fields on these objects
Assign this permission set to administrators and team managers who need to manage team membership. Note that this permission set grants View All on the team objects – use sharing rules or FormulaShare itself to control more granular edit access if required. For users who only need to belong to teams (i.e. team members), no special permissions are needed on the team objects, as FormulaShare manages their group membership automatically.
Related Articles: