Skip to main content

Permissions

You can fine tune permissions for FinDock users using a combination of Salesforce permission set groups and permission sets. When working with permissions, keep in mind that permission sets can only grant additional permissions, not take them away.

General permissions

For FinDock to function correctly all user types used with FinDock need to have access to certain standard Salesforce objects. Some of these may be part of existing permission sets of your org, but please make sure the user types for FinDock have at least the following permissions:

  • Read access for Contact, Account and Campaign
  • If Salesforce NPSP is used:
    • Full access to Opportunity (and NPSP fields added to Opportunity)
    • Full access to Opportunity Payment (npe01__OppPayment__c)
  • CRU access for Contact and Account (for integration users only)
  • View Setup and Configuration permission (for users who access FinDock Setup)

Permission set groups vs. "classic" permissions

With the September '23 release, FinDock introduced a new permissions framework that uses permission set groups and new, modular permission sets. The new permission sets are automatically assigned to default groups as needed when packages are installed and activated using the new FinDock Setup experience.

The old "classic" permission sets remain fully functional. However, whenever a FinDock permission set group is available for a particular user type, we recommend using the group assignments.

Permission set groups

When you install FinDock, default permission set groups are added for the most common user types. These groups come with specific permission sets that are added to the groups on the fly when packages are installed and activated.

These groups need to be added to the relevant users. Once added, the groups are updated as needed by FinDock through permission set changes and assignments.

FinDock permission set groups are currently under development. As new groups become available, they will be documented here.

FinDock Integration User Group

note

The new permission set group and permission sets are currently in beta and available to all FinDock customers for testing.

The FinDock Integration User permission set group is intended for integration use cases only. This includes connections to external services, such as ProcessingHub, WebHub and PSPs, as well as FinDock features that use those connections, like payment schedule processing.

The integration user group automatically has four FinDock Core permission sets. FinDock packages with integration permission requirements have their own permission set. These package-specific sets are added to the FinDock Integration User automatically when the given package is installed and activated through the new FinDock Setup.

All permission sets added by FinDock to the FinDock Integration User group support the free Salesforce integration user license.

caution

If you add custom permission sets to the this group, be sure to check the Status of the group afterwards. Failed indicates you need to check that the custom permissions adhere to the integration user license (and Salesforce API Only System Integrations profile) limitations.

FinDock integration permission sets

info

Existing FinDock installations that use classic permission sets can reassign the integration user to use the FinDock Integration User Group. However, the new FinDock integration permission sets for payment extensions need to be added to the group manually.

The permission sets for integration use cases (added to the FinDock Integration User Group through the new FinDock Setup) are outlined in the following table.

NameDescriptionPackage
FinDock Adyen IntegrationPermissions for payment set up and notification handlingAdyen
FinDock Axerve IntegrationPermissions for payment set up and notification handlingAxerve
FinDock Bacs IntegrationBacs Direct Debit collection and reconciliation through Bacs Manual and SmartDebitBACS
FinDock Buckaroo IntegrationPermissions for payment set up and notification handlingBuckaroo
FinDock Checkout IntegrationPermissions for payment set up and notification handlingCheckout.com
FinDock Core File-based PaymentsPermissions for parsing and matching bank filesCore
FinDock Core Mandate SchedulePermissions for creating and running mandate schedulesCore
FinDock Core Online PaymentsPayment collection and reconciliation through WebHub, Notification Gateway and FinDock Payment APICore
FinDock Core Payment SchedulePermissions for creating and running payment schedulesCore
FinDock Gift Aid IntegrationPermissions for Gift Aid claim processing through HMRCGift Aid
FinDock GoCardless IntegrationPermissions for payment set up and notification handlingGoCardless
FinDock Mollie IntegrationPermissions for payment set up and notification handlingMollie
FinDock Nordic IntegrationPermissions for payment set up and report handlingNordic Payments
FinDock NPSP IntegrationPermissions for custom handling of NPSP Opportunity and Recurring DonationNPSP
FinDock PayPal IntegrationPermissions for payment set up and notification handlingPayPal
FinDock ProcessingHub IntegrationPermissions for ProcessingHub connectionProcessingHub
FinDock SEPA IntegrationSEPA and SEDA payment collection, disbursement and reconciliationSEPA
FinDock SIX Saferpay IntegrationPermissions for payment set up and notification handlingSIX Saferpay
FinDock Stripe IntegrationPermissions for payment set up and notification handlingStripe
FinDock Tikkie IntegrationPermissions for payment set up and notification handlingTikkie
FinDock Vipps IntegrationPermissions for payment set up and notification handlingVipps
FinDock Worldpay IntegrationPermissions for payment set up and notification handlingWorldPayCorporate

Classic permissions

The following sections describe how FinDock works with permission sets prior to the September '23 release.

User types

Most organizations need three types of users to work with FinDock. Further user type granularity can be implemented, but this simple approach is the most common:

  • FinDock administrator: administration with full access to all FinDock features and functions
  • Operations user: Salesforce users from Finance or other departments who need to use certain FinDock features
  • Integration user: Salesforce Integration User reserved for system integration authentications

Operations user

In general, operations users work with payment processing records, such as source records that lead to installments, payment profiles and mandates. They perform payment collection activities such as uploading bank statement files and reconciling through Guided Matching.

FinDock administrator

FinDock includes a special permission set for administrators, PaymentHub All FLS. This permission set allows administrators to access all FinDock objects and fields. However, we recommend assigning FinDock administrators all the FinDock permission sets.

Integration user

System integrations need user accounts, aka “Integration Users,” that allow data transfer and operations between systems. FinDock uses connections to Heroku apps like ProcessingHub and WebHub, as well as connections to integrate with external service providers such as PSPs.

Please refer to the table below for details on which permission sets are needed for integration user(s). In addition to those permission sets, you need to also add the View Setup and Configuration permission to the integration user. This permission is typically only for system administrators, but FinDock integrations also require it.

With the Salesforce Spring '23 release, orgs have a new free Salesforce Integration user license. Please refer to our FAQ for information about using this license.

note

If you use the Salesforce Minimum Access Profile for your integration user, you need to check API Enabled under Salesforce Setup > Manage Users > Profiles > Administrative Permissions.

Sharing settings

An important aspect of permissions is Salesforce sharing settings. These settings determine what records can be seen by whom. To ensure correct operation of FinDock, make sure to allow the integration user(s) full sharing of all the contacts and accounts involved.

FinDock classic permission sets

The following table provides a complete overview of all FinDock permission sets. Please note the sets are only available if the respective package has been installed.

info

FinDock classic permission sets can be added to Permission Set Groups on their own and with custom sets assigned to the same group(s).

Permission SetDescriptionUser(s)Package
Adyen IntegrationIntegration for Payment API and PSP notificationsIntegrationAdyen
Axerve Integration UserIntegration for Payment API and PSP notificationsIntegrationAxerve
BACS FLSPermissions for Bacs processes and Payment API integrationAdministrator, Operations, IntegrationBacs
Buckaroo Integration UserIntegration for Payment API and PSP notificationsIntegrationBuckaroo
Checkout.com All FLSPermissions for Checkout.com featuresAdministrator, OperationsCheckout.com
Checkout.com Integration UserIntegration for Payment API and PSP notificationsIntegrationCheckout.com
FinDock Additional SetupDeployed by Installer; access to tabs Installments and Inbound Reports (see below)Administrator, OperationsCore
FinDock Experience CloudFor Experience Cloud public pages (API v2 only)Guest UserCore
FinDock Site Guest UserSite Guest User (API v1 only)Site Guest UserCore
GiftAid FLSPermissions for Gift Aid featuresIntegration, OperationsGift Aid
GoCardlessIntegration for Payment API and PSP notificationsIntegrationGoCardless
Mollie Integration UserIntegration for Payment API and PSP notificationsIntegrationMollie
Nordic Payments All FLSPermissions for AvtaleGiro, etc.Administrator, IntegrationNordic Payments
NPSP4PaymentHub All FLSPermissions for FinDock for NPSP featuresAdministrator, OperationsNPSP
PagesUser(s) creating and configuring Giving PagesAdministrator, OperationsCore
PaymentHub ALL FLSAdmin user for full access to all FinDock objectsAdministratorCore
PaymentHub Integration BaseIntegration for ProcessingHub connectionIntegrationCore
PaymentHub OperationsGeneral FinDock permissionsOperationsProcessingHub
PayPal FLSIntegration for Payment API and PSP notificationsIntegrationPayPal
ProcessingHub OperationsIntegration for ProcessingHub connection and permissions for ProcessingHub ManagerIntegration, OperationsProcessingHub
SEPA OperationsPermissions for SEPA, SEDA and Swiss (CH-DD, LSV+) processes and Payment API integrationOperations, IntegrationSEPA
Six Saferpay Integration UserIntegration for Payment API and PSP notificationsIntegrationSIX Saferpay
Stripe ALL FLSPermissions for Stripe featuresAdministrator, OperationsStripe
Stripe Integration UserIntegration for Payment API and PSP notificationsIntegrationStripe
Tikkie IntegrationIntegration for Payment API and PSP notificationsIntegrationTikkie
Vipps All FLSPermission for Vipps features, Payment API and PSP notificationsAdmin, IntegrationVipps
Worldpay Integration UserIntegration for Payment API, ProcessingHub and PSP notificationsIntegrationWorldpay

Further info

FinDock Additional Setup

With the January '21 release, we added two new tabs to the FinDock app - one for Installments and one for Inbound Reports. These new tabs come in handy in many different workflows, including Guided Matching debugging and configuration.

The tabs are implemented through a permission set and package called ‘FinDock Additional Setup'. This package is mandatory in the FinDock Installer. However, it is an unmanaged component, so organizations can modify the associated settings if needed.

These tabs are handled in a separate package to avoid potential conflicts with orgs that may already have tabs for Installments or Inbound Reports.

Once installed, users who are assigned the ‘FinDock Additional Setup’ permission set automatically get to see and use the Installment and Inbound Report tabs.

Gift Aid manual permission assignments

In addition to the specific permission set for Gift Aid, there are permissions that need to be assigned manually. For further instructions, please see Gift Aid for admins.