[SalesForce] How to deploy Custom Object Permissions using Salesforce Migration Tool (ANT)

We have a custom object in our development sandbox that we've removed Delete permissions on for a custom security profile.

In our package.xml, I've included the custom object and the custom security profile but when I deploy, the target org still has the delete permission set for the object and profile.

I verified that the <allowDelete> is set to false in the profile xml:

Modify All Data is not checked in the source profile and there were no errors during deployment.

How does one deploy Custom Object Permissions (object-level Read, Create, Edit, Delete, etc.) using the ANT-based Salesforce Migration Tool?

Best Answer

As it turns out, the profile in the target org was in an invalid state. While I did not receive any errors during the deployment of that profile, I did receive an error if I tried to manually edit that profile:

Error: Invalid Data.
Review all error messages below to correct your data.
Permission Import Solutions depends on permission(s): Delete Solutions, Edit Solutions

Once I unchecked Import Solutions in the source profile, I was able to deploy the profile change to remove Delete permissions from my custom object.

On a side note, but still relevant to this problem, a second profile I'm trying to deploy would not remove the Delete permissions on my custom object, but it does have Modify All Data permission enabled, preventing the update.

Related Solutions

[SalesForce] How to retrieve customFields on standard objects using Ant Migration Tool

As per the documentation the CustomField metadata type does not support wildcards sadly. You can access Custom Fields on Standard Objects by using the CustomObject metadata type as described here against specific Standard Objects. Then parse the .object file to build your destructiveChanges.xml file. Finally you can also use the sf:listMetadata task to download a list of all custom fields and then filter locally for Standard objects.

     <sf:listMetadata 
        username="${sf.username}"
        password="${sf.password}"
        metadataType="CustomField"/>

You might also be interested in an open-source undeploy Ant target published here, that wraps most of what i suspect your trying to develop up into a single Ant target. Sadly Salesforce do not yet give us a 'clean my org' task, so we build our own!

[SalesForce] Salesforce ANT migration tool login failure

You need to configure Ant proxy settings. Standard way is to set the environment variable ANT_OPTS="-Dhttp.proxyHost=proxy -Dhttp.proxyPort=8080"

Best Answer

Related Solutions

[SalesForce] How to retrieve customFields on standard objects using Ant Migration Tool

[SalesForce] Salesforce ANT migration tool login failure

Related Topic