Granting 'Read' Access to All Salesforce Users

  • Updated on Aug 20, 2025
  • Published on Aug 19, 2025
  • 2 minute(s) read
Prev Next

Overview

The package includes two pre-configured permission sets:

  • Integrous Admin – Full access to all configuration settings and raw Attribution data. Should only be assigned to a small number of administrators

  • Integrous User – Read-only access to cleaned attribution and Engagement data. Appropriate for all internal Users

Only a few admins should hold Integrous Admin.

We recommend assigning Integrous User to all internal Users so they can view and report on Engagements. Administrators should be assigned both.

To ensure all users can view and report on Engagements, the core Integrous Analytics object in Salesforce, we recommend configuring a User Access Policy that automatically grants this permission set to all current and future internal Users. This article describes how to set that up.

Why This Matters

  • Engagement visibility supports better context across sales, marketing, and RevOps

  • Reduces support requests by giving all users the same baseline data access

  • Automatic assignment prevents new users from being overlooked

Prerequisites

  • Salesforce Enterprise or Unlimited edition

  • Manage User Access Policies permission

Steps

  1. From Setup, in the Quick Find box, enter User Management Settings, then select User Management Settings

  2. Enable both User Access Policies and Enhanced Interface for User Access Policies

  3. In the Quick Find box, enter User Access Policies, then select User Access Policies

  4. Click New User Access Policy

  5. Enter a Policy Name (e.g., “Grant Engagement Read Access”) and optional description, then click Save

  6. On the policy detail page, click Edit Criteria to configure which users this policy applies to:

    1. Define criteria to include all internal users while excluding system accounts (integration, partner, or portal users). Common approaches:

      1. Profile filtering (e.g., Standard User, Sales User, Marketing User profiles)

      2. User Type = Standard (excludes most system accounts)

      3. A custom field indicating employee status

  7. Under Define Actions, select:

    1. Action = Grant

    2. Access Mechanism = Permission Set

    3. Permission Set = Integrous User

      1. This provides Engagement read access without exposing Admin Console settings

  8. Save the policy

    1. At this point, the policy exists in manual mode. If you only want a one-time assignment, skip to step 15 to apply it to current users. To configure the policy to run automatically for all future users (recommended), continue to step 9.

Convert to Automatic (recommended)

  1. Convert the policy to automatic to ensure that all future users are assigned the permission set as soon as they’re created or updated

  2. Reopen the policy and click Edit

  3. Enter a value in the Order field (required for automatic policies)

  4. Change Policy Type from Manual to Automatic

  5. Under Triggering Events, select when the policy should run — typically User Created for this use-case

  6. Save your changes

    1. At this point, the policy has been converted to automatic. It will apply the permission set to all future users as they are created or updated. You still need to continue to step 15 to apply it to current users.

Apply to Existing Users (required)

  1. To apply the policy to all current users (required whether the policy is manual or automatic), click Apply Policy on the policy detail page

    1. At this point, you’ve applied the policy to all current users, and if you completed steps 9–14, it will also be applied automatically to future users.

Confirmation

  • Open a user record and check Permission Set Assignments

  • Review the policy’s detail page under Recent User Access Changes to confirm assignments

Resources