#Permissionset2 discussing

Hello, 

I have a Flow Action on an Agentforce Service Agent that should be able to create Event records. The flow works in debug mode but when the agent tries to run the flow I get this error: 

an error occurred while your "Create Conference Event for Contact" flow was running.

Debug this flow in Flow Builder.

Error element Create_Event (FlowRecordCreate). 

This error occurred when the flow tried to create records: CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY: entity type cannot be inserted: Event. You can look up ExceptionCode values in the

SOAP API Developer Guide

. 

I tried to give the agent access to events with a permission set, but there is no option in aa permission set to give Create access to the Event object. Only to change some it's field's access. I thought maybe then that you could do it from the Activity object in the permission set (since tasks and events stem from Activity) but this does not appear to be the case either.  I cannot see an Activities object at all in the Object Settings in a new permission set.

Please help if you have any idea how to make it possible for a Service Agent to have access to create Event records.  

Thank you! 

Ok...So I feel like this is somewhat an answer I should know considering I have been an Admin for over 10 years now. 

But..... 

Back in the day, when installing an app from the AppExchange, most of the time I would just install for all Profiles/users. In the last couple of years. It did depend, of course, flow components and some apps, I just installed for the System Admin Profile. So far, no problem with that model. 

Where I am getting stuck or a bit confused is around the new model of Permissions being driven by Permission Sets and not profiles.  So in the future, or even now, if I install an app, I still have to select a profile or profiles.  Even if I choose the "Specific Profiles" option the main System Admin Profile get's full access, even if the App does have Permission sets and so on.  

The Profile still get's access to the Visualforce pages, Classes, etc, even though we are supposed to move those permissions to a Permission Set(s).  It's confusing to me. 

So in this "new" model of Permission Sets, what is the role of Profiles when it comes to installing apps? Do you still just install for System Admin only? And if the app has Permission Sets use that for the rest of the users, etc?  I am just stuck on how installing Apps from the AppExchange fit in this new Permissions Model... 

So I am moving permissions from profiles to permission sets and I have run into a weird issue, specifically with the Manage Household button on the account object. I am currently testing features for my funding team in Test and when I moved a user to the new profile and Permission Sets, when I click on the Manage Household button on the Account object, it's now just bringing up the regular "Edit" record pop up instead of the Manage Household custom visualforce page. And I can't determine why. To prevent any issues in the "Base" permission set I created, I gave everyone the same visualforce page accesses as what was on the profiles prior. Is there some hidden permission I missed? 

Here is what it looks like for the user in Production, it looks and functions as it should.

Here is what it looks like in test.

Any ideas?

What to do, when facing deployment Fatal Error INSUFFICIENT_ACCESS: insufficient access rights on entity: LightningComponentBundle?

I came across this issue, when I am switching deployment user from an actual user having an end user license and system admin access, to a least privileged deployment integration user with 

• User License = Salesforce Integration, and 
• Profile = Minimum Access - API Only Integrations, and
• assigned a permission set with the least amount of permissions to do the job.

I needed to deploy a set of lightning web components, hence the error on LightningComponentBundle. 

I was however not sure why the error was thrown, and it was also not specified which specific component was causing the

error.  

While it was not intuitive for me, adding

to the permissions set assigned to the deployment integration user, this resolved the issue. 

So do note, even if the description for Customize Application is "Customize the organization using App Setup menu options.", it actually covers customizations with Lightning Web Components also. 

Hello - I am a solo admin for a nonprofit and I am starting the journey of migrating from Profiles to Permission Sets.  I have been doing some research and talking with others, watching presentations, and more.  So at a high level, things are making sense.  However......I am also trying to determine what are the main things that are important and what is just "noise". 

For example, I am doing some comparisons of the profiles and I am also just reviewing what access each profile has, not what is just different but do I have profiles that have access to object and fields that they should not have (or do not use). 

I am using the Elements app to help with this and one thing I noticed is that in some cases, even if a person has a Profile called "Coach" for example and that Profile does NOT have access to a specific Object, like "Opportunities" they are showing that they DO have access to a number of fields in the Opportunity Object.  

Now, I know that since they don't have access at the Object level they can't view those fields.  But my question is Do I need to make sure that I remove the field level access on the "Coach" profile and another other profiles that were cloned off that?  Or just leave it as is and just focus more at the overall Object level? 

Again, just trying to determine how much clean up (or pre work) I need to do. 

I should mention that our org has been using SF since 2009 and I was not here, so I really don't know what they did to make a number of the profiles or specifically what base profile they cloned a lot of what I am dealing with now. 

Anyway, any insight/advise is appreciated.