User Security

3 minute read

This screen focuses on user security; here, you can assign permission sets to give Salesforce users different access levels.

Permission sets in Salesforce are designed to be additive, meaning they build upon existing access rights. Therefore, if a user already has access to our application independently of any permission set, removing them from a permission set will not revoke their access.

Next Steps

Below are two articles that we recommend reading and the best next steps.

FAQs

Mailchimp for Salesforce includes several permission sets to control what different users can do within the integration. The Mailchimp Limited permission set is designed for users who need to view Mailchimp data and trigger contact and lead syncs, but who should not have access to administrative functions like managing audiences or running data wizards.

If you're assigning users to the Limited permission set and want to understand what they can and can't do, or you want to understand how the object-level permissions are structured, this article covers it.

The Solution

A Limited user can view the Mailchimp membership component on Contact and Lead records and see audiences, members, groups, and related data. They can also trigger contact and lead syncs to Mailchimp through the standard trigger-based sync, which runs in their security context. What they cannot do is perform any administrative actions, including managing audience memberships manually, running the Data Wizard, or editing group and audience configurations. These actions are hidden from the UI via the Mailchimp_Manage_Memberships custom permission.

What a Limited user can do:

View the Membership component on Contact and Lead records
View Mailchimp audiences, members, tags, and groups
Trigger the sync of Contact and Lead changes to Mailchimp

What a Limited user cannot do:

Add or remove audience memberships manually
Create or edit groups, audiences, or group categories through admin features
Run the Data Wizard or manage audience settings
Access Mailchimp account-level configuration

Object-Level Permissions

The Limited permission set follows the principle of least privilege at the object level, meaning users have only the access that is actually required for the trigger-based sync to function correctly:

Mailchimp_Queue_Item__c, Read, Create, Edit, Delete
Mailchimp_Member__c, Read, Create, Edit
Mailchimp_Group_Category__c, Read, Create, Edit
Mailchimp_List__c, Read, Edit
Mailchimp_Campaign__c, Read only
Mailchimp_Email_Activity__c, Read only
Mailchimp_Group__c, Read only
Mailchimp_Import__c, Read only
Mailchimp_List_History__c, Read only
Mailchimp_Account__c, Read only

Objects like Mailchimp_Campaign__c, Mailchimp_Email_Activity__c, and Mailchimp_Import__c are only written to by the primary sync, which runs under a Standard user. Limited users have no need to write to these. Queue Item and Member retain write access because the trigger-based sync inserts queue items and upserts member records in the Limited user's security context.

If a Limited user's syncs are failing, check that their profile or permission set still includes the Mailchimp custom permission (required for the trigger handler) and that the objects above have not been further restricted by sharing rules.

In this article

User Security

Next Steps

FAQs

Partners

Legal

Product

Resources

User Security

Next Steps

FAQs

What is the Mailchimp Limited permission set and what can a Limited user do?

How can I provide view access?

Why do I see the message: “You do not have the correct permissions to access Mailchimp”?

How do I manage record ownership and sharing settings in Salesforce?

How do I give Mailchimp access to a Salesforce user?

Partners

Legal

Product

Resources