You can fine tune permissions for FinDock users using a combination of Salesforce profiles and permission sets. To learn more about how these work together, watch Who Sees What on the Salesforce YouTube channel. It is important to always keep in mind that permission sets can only grant additional permissions, not take them away.
Most organizations need three types of users to work with FinDock. Further user type granularity can implemented, but this simple approach is the most common:
- FinDock administrator: administration with full access to all FinDock features and functions
- Operations user: Salesforce users from Finance or other departments who need to use certain FinDock features
- Integration user: Salesforce Integration User reserved for system integration authentications
In general, operations users work with payment processing records, such as source records that lead to installments, payment profiles and mandates. They perform payment collection activities such as uploading bank statement files and reconciling through Guided Matching.
FinDock includes a special permission set for administrators, PaymentHub All FLS. This permission set allows administrators to access all FinDock objects and fields. However, we recommend assigning FinDock administrators all the FinDock permission sets.
System integrations need user accounts, aka “Integration Users,” that allow data transfer and operations between systems. FinDock has three points of integrations:
- Payment API
Please refer to the table below for details on which permission sets are needed for integration user(s). In addition to those permission sets, you need to also add the View Setup and Configuration permission to the integration user. This permission is typically only for system administrators, but FinDock integrations also require it.
An important aspect of permissions are Salesforce sharing settings. These settings determine what records can be seen by whom. To ensure correct operation of FinDock, make sure to allow the integration user(s) full sharing of all the contacts and accounts involved.
For FinDock to function correctly all user types (operations, admin and integration) need to have access to certain standard Salesforce objects. Some of these may be part of existing permission sets of your org, but please make sure the user types for FinDock have at least the following permissions:
- Read access for Contact, Account and Campaign
- Full access to Opportunity if Salesforce NPSP is used
- CRU access for Contact and Account (for integration users only)
- View Setup and Configuration permission (for users who access FinDock Setup)
The following table provides a complete overview of all FinDock permission sets. Please note the sets are only available if the respective package has been installed.
|Adyen Integration||Integration for Payment API and PSP notifications to WebHub||Integration||Adyen|
|Axerve Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Axerve|
|BACS FLS||Permissions for Bacs processes and Payment API integration||Administrator, Operations, Integration||Bacs|
|Buckaroo Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Buckaroo|
|Checkout.com All FLS||Permissions for Checkout.com features||Administrator, Operations||Checkout.com|
|Checkout.com Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Checkout.com|
|FinDock Additional Setup||Deployed by Installer; access to tabs Installments and Inbound Reports (see below)||Administrator, Operations||Core|
|FinDock Site Guest User||Site Guest User (API v1 only)||Site Guest User||Core|
|GiftAid FLS||Permissions for Gift Aid features||Integration, Operations||Gift Aid|
|GoCardless||Integration for Payment API and PSP notifications to WebHub||Integration||GoCardless|
|Mollie Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Mollie|
|NPSP4PaymentHub All FLS||Permissions for FinDock for NPSP features||Administrator, Operations||NPSP|
|Pages||User(s) creating and configuring Giving Pages||Administrator, Operations||Core|
|PaymentHub ALL FLS||Admin user for full access to all FinDock objects||Administrator||PaymentHub|
|PaymentHub Integration Base||Integration for ProcessingHub connection||Integration||Core|
|PaymentHub Operations||General FinDock permissions||Operations||ProcessingHub|
|PayPal FLS||Integration for Payment API and PSP notifications to WebHub||Integration||PayPal|
|ProcessingHub Operations||Integration for ProcessingHub connection and permissions for ProcessingHub Manager||Integration, Operations||ProcessingHub|
|SEPA Operations||Permissions for SEPA, SEDA and Swiss (CH-DD, LSV+) processes and Payment API integration||Operations, Integration||SEPA|
|Six Saferpay Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||SIX Saferpay|
|Stripe ALL FLS||Permissions for Stripe features||Administrator, Operations||Stripe|
|Stripe Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Stripe|
|Tikkie Integration||Integration for Payment API and PSP notifications to WebHub||Integration||Tikkie|
|Worldpay Integration User||Integration for Payment API and PSP notifications to WebHub||Integration||Worldpay|
With the January '21 release, we added two new tabs to the FinDock app - one for Installments and one for Inbound Reports. These new tabs come in handy in many different workflows, including Guided Matching debugging and configuration.
The tabs are implemented through a permission set and package called ‘FinDock Additional Setup'. This package is mandatory in the FinDock Installer. However, it is an unmanaged component, so organizations can modify the associated settings if needed.
These tabs are handled in a separate package to avoid potential conflicts with orgs that may already have tabs for Installments or Inbound Reports.
Once installed, users who are assigned the ‘FinDock Additional Setup’ permission set automatically get to see and use the Installment and Inbound Report tabs.
In addition to the specific permission set for Gift Aid, there are permissions that need to be assigned manually. For further instructions, please refer to Configuring Gift Aid.