You need to sign in to do that
Don't have an account?
Permission issues in deploying Profile from CVS
Hi Community,
I've created a CVS repository by importing 'all meta-data' from a configuration sandbox via Force.com IDE - including ALL customised and native entities.
I had a number of developers who have checked-out this tree from CVS and I'm seeing the following errors when trying to 'Deploy to Server' back to their sandboxes:
---------------------------
File Name: profiles/Company Director.profile
Full Name: Company Director
Action: NO ACTION
Result: FAILED
Problem: CRUD Permissions are not available for this entity : Product2
File Name: profiles/Managing Director.profile
Full Name: Managing Director
Action: NO ACTION
Result: FAILED
Problem: Permission View All Data depends on permission(s): Read Idea
------------------------
* These errors occur when trying a user is updating into his own sandbox.
* I've found that explictly exporting one of these profiles yeilds an empty profile (ie. <profile/> ) even where the web-frontend indicates that this has various settings against it.
* The errors not occur for other layouts.
I'm not really sure where to set these permissions - since the user is admin in his own sandbox.
Would be grateful for any suggestions.
Many Thanks,
Raf
I'm not sure exactly what to tell you, but I can explain the empty profile
First, you need to understand that the XML files returned by the Metadata API are not how the server stores these configuration settings, but instead are generated on-the-fly from various database tables in the Salesforce application.
For most metadata types, for example a Page Layout, when you request the component by name you will get the entire definition. These metadata types behave "atomically" in that they are treated as a single logical entity and any change will replace the previous definition with the new one.
Profiles are different. The .profile file in the metadata API, rather than representing "the" profile, instead is a container for the various permissions referenced in the rest of your project. So if you request CustomObjectA and ProfileP, your "ProfileP.profile" file will contain ONLY the permissions in ProfileP relevant to CustomObjectA, and nothing else.
The reason for this is illustrated in this example: Say you have Org1 with CustomObjectA and CustomObjectB, and you want to deploy only CustomObjectA (along with its field-level security settings for multiple profiles) to Org2. If each .profile file contained permissions for CustomObjectA and CustomObjectB, the deployment to Org2 would fail because CustomObjectB wouldn't be found.
So what happens when you request a bunch of metadata components, including one or more profiles, is that all the profiles are populated only with the permissions relevant to the other items in the request (or in the Force.com IDE, in the same project). Thus when you ONLY request a profile, you get an empty file.
Hopefully this information gives you some insight on how you might resolve the main issue with deploying these profiles from CVS to various orgs...
Hi Jon,
Good explanation. Many thanks for the insight. This does help me rule-out one line of enquirey and I think I understand profiling better.
Still not sure why I don't have permission to deploy those two specific profiles to my own sandbox.
Surely, if I can adjust a profile directly within the sandbox - I should have the necessary CRUD permissions to do so via
the metadata-api?
Thanks,
Raf
These don't look like issues with the deploying user's rights. They look like logical problems with the contents of the .profile files relative to the Salesforce organization to which you're deploying.
Is it possible these different organizations have different features enabled? For the error, "Permission View All Data depends on permission(s): Read Idea", is it possible the .profile file was retrieved from an organization that does not have Ideas enabled, but now you're deploying it to an organization that has Ideas? This error suggests that it's invalid to create a profile with "View All Data" but not the "Read Idea" permission. In the UI, if you selected "View All Data" it would check the "Read Idea" box automatically (presumably, based on my assumptions here)--but in the XML you are responsible for constructing a valid profile yourself.
Obviously this complicates a CVS strategy but the Metadata API tends to conservatism--it does not just turn permissions on implicitly. You have to set them yourself.
For the other error, it may be a similar issue of what is enabled for the organization, e.g. if you do not have CRM object enabled then there wouldn't be a "Product2" to set permissions on.
These are just educated guesses, hope they help.