Using Ant Deployment. As the title says, when I deploy I get errors on my custom profiles:
profiles/Some.profile -- Error Permission Manage All Custom_Object__c depends on permission(s): Read All Contact.
If I look at the permissions for this profile through the browser I can see that, under Standard Object Permissions, that Contact has all rows selected.
Where is this "Read All" parameter?
Under "Contact Field-Level Security for profile" there are some fields that aren't enabled. So do I need to enable them all?!
ETA:
The user license associated with this profile is "Force.com App Subscription"
In the sandbox org, Here's what I see from the Profile page:
In the developer org, If I create a profile based on "Force.com App Subscription" I see this:
So in the sandbox View All is enabled, in the developer View All is disabled.
Best Answer
I just ran into a very similar issue with
Opportunity
and a custom object that had a Master-Detail relationship back to Opportunity.I was attempting to insert an
ObjectPermissions
record againstOpportunity
for a particular ParentId PermissionSet and got the following error:It turned out there was already an
ObjectPermissions
record forChildCustomObject__c
that hadPermissionsViewAllRecords = true
. For that to exist there was already a correspondingObjectPermissions
forOpportunity
with the same view all records setting. That makes sense:If you are going to allow the view all records permission on the detail object in a master-detail relationship you also need to grant it on the master object.
This is applicable to your deployment issue as well. You can't deploy permissions for the child/detail sObject without also deploying the required permissions to the master sObject.