What is the Mailchimp Limited permission set and what can a Limited user do?
Mailchimp for Salesforce includes several permission sets to control what different users can do within the integration. The Mailchimp Limited permission set is designed for users who need to view Mailchimp data and trigger contact and lead syncs, but who should not have access to administrative functions like managing audiences or running data wizards.
If you're assigning users to the Limited permission set and want to understand what they can and can't do, or you want to understand how the object-level permissions are structured, this article covers it.
The Solution
A Limited user can view the Mailchimp membership component on Contact and Lead records and see audiences, members, groups, and related data. They can also trigger contact and lead syncs to Mailchimp through the standard trigger-based sync, which runs in their security context. What they cannot do is perform any administrative actions, including managing audience memberships manually, running the Data Wizard, or editing group and audience configurations. These actions are hidden from the UI via the Mailchimp_Manage_Memberships custom permission.
What a Limited user can do:
- View the Membership component on Contact and Lead records
- View Mailchimp audiences, members, tags, and groups
- Trigger the sync of Contact and Lead changes to Mailchimp
What a Limited user cannot do:
- Add or remove audience memberships manually
- Create or edit groups, audiences, or group categories through admin features
- Run the Data Wizard or manage audience settings
- Access Mailchimp account-level configuration
Object-Level Permissions
The Limited permission set follows the principle of least privilege at the object level, meaning users have only the access that is actually required for the trigger-based sync to function correctly:
- Mailchimp_Queue_Item__c, Read, Create, Edit, Delete
- Mailchimp_Member__c, Read, Create, Edit
- Mailchimp_Group_Category__c, Read, Create, Edit
- Mailchimp_List__c, Read, Edit
- Mailchimp_Campaign__c, Read only
- Mailchimp_Email_Activity__c, Read only
- Mailchimp_Group__c, Read only
- Mailchimp_Import__c, Read only
- Mailchimp_List_History__c, Read only
- Mailchimp_Account__c, Read only
Objects like Mailchimp_Campaign__c, Mailchimp_Email_Activity__c, and Mailchimp_Import__c are only written to by the primary sync, which runs under a Standard user. Limited users have no need to write to these. Queue Item and Member retain write access because the trigger-based sync inserts queue items and upserts member records in the Limited user's security context.
If a Limited user's syncs are failing, check that their profile or permission set still includes the Mailchimp custom permission (required for the trigger handler) and that the objects above have not been further restricted by sharing rules.
