# Granting 'Read' Access to All Salesforce Users ## Overview The package includes two pre-configured [permission sets](/onboarding/sfdc-installation-and-initial-configuration.md#permission-assignment): * **Integrous Admin** – Full access to all configuration settings and raw Attribution data. Should only be assigned to a small number of administrators * **Integrous User** – Read-only access to cleaned attribution and Engagement data. Appropriate for all internal Users Only a few admins should hold **Integrous Admin**. We recommend assigning **Integrous User** to ***all internal Users*** so they can view and report on Engagements. Administrators should be assigned **both**. {% hint style="warning" %} To ensure all users can view and report on Engagements, the core Integrous Analytics object in Salesforce, we recommend configuring a **User Access Policy** that automatically grants this permission set to all current and future internal Users. This article describes how to set that up. {% endhint %} ## Why This Matters * Engagement visibility supports better context across sales, marketing, and RevOps * Reduces support requests by giving all users the same baseline data access * Automatic assignment prevents new users from being overlooked ## Prerequisites * Salesforce Enterprise or Unlimited edition * **Manage User Access Policies** permission ## Steps {% stepper %} {% step %} ### Set up User Management Settings From **Setup**, in the **Quick Find** box, enter `User Management Settings`, then select **User Management Settings** {% endstep %} {% step %} ### Enable User Access Policies Enable both **User Access Policies** and **Enhanced Interface for User Access Policies** {% endstep %} {% step %} ### Open User Access Policies In the **Quick Find** box, enter `User Access Policies`, then select **User Access Policies** {% endstep %} {% step %} ### Create a new policy Click **New User Access Policy** {% endstep %} {% step %} ### Name the policy Enter a **Policy Name** (e.g., “Grant Engagement Read Access”) and optional description, then click **Save** {% endstep %} {% step %} ### Edit criteria On the policy detail page, click **Edit Criteria** to configure which users this policy applies to: * Define criteria to include **all internal users** while excluding system accounts (integration, partner, or portal users). Common approaches: * Profile filtering (e.g., Standard User, Sales User, Marketing User profiles) * `User Type = Standard` (excludes most system accounts) * A custom field indicating employee status {% endstep %} {% step %} ### Define actions Under **Define Actions**, select: * **Action** = Grant * **Access Mechanism** = Permission Set * **Permission Set = Integrous User** * This provides Engagement read access without exposing Admin Console settings {% endstep %} {% step %} ### Save the policy At this point, the policy exists in **manual** mode. If you only want a one-time assignment, skip to step 15 to apply it to current users. To configure the policy to run automatically for all **future users** (recommended), continue to step 9. {% endstep %} {% step %} ### Convert to Automatic (recommended) Convert the policy to **automatic** to ensure that all **future users** are assigned the permission set as soon as they’re created or updated {% endstep %} {% step %} ### Reopen and edit the policy Reopen the policy and click **Edit** {% endstep %} {% step %} ### Set the order Enter a value in the **Order** field (required for automatic policies) {% endstep %} {% step %} ### Change the policy type Change **Policy Type** from *Manual* to *Automatic* {% endstep %} {% step %} ### Select triggering events Under **Triggering Events**, select when the policy should run — typically **User Created** for this use-case {% endstep %} {% step %} ### Save your changes Save your changes {% endstep %} {% step %} ### Apply to Existing Users (required) To apply the policy to all **current users** (required whether the policy is manual or automatic), click **Apply Policy** on the policy detail page * At this point, you’ve applied the policy to all **current users**, and if you completed steps 9–14, it will also be applied automatically to **future users.** {% endstep %} {% endstepper %} ## Confirmation * Open a user record and check **Permission Set Assignments** * Review the policy’s detail page under **Recent User Access Changes** to confirm assignments ## Resources * [Quick-Start Guide](/onboarding/quick-start-guide.md) * [SFDC Installation and Initial Configuration](/onboarding/sfdc-installation-and-initial-configuration.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.integrousanalytics.com/onboarding/granting-read-access-to-all-salesforce-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.