Skip to main content
SFDC Developers
Integration

Dataflow Gen2 Salesforce Connector OAuth Permissions Guide

Vinay Vernekar · · 2 min read

Troubleshooting Salesforce Connector OAuth Failures

When non-admin users attempt to connect to Salesforce via Dataflow Gen2 (Microsoft Fabric), they frequently encounter authentication failures despite having valid credentials. This typically stems from insufficient permissions regarding the connected application or API access in the Salesforce environment.

Required Configuration for Non-Admin Users

To allow standard users to perform data synchronization without granting full System Administrator privileges, you must ensure the following configurations are in place:

1. API Enabled Permission

Ensure the user’s profile or an assigned Permission Set includes the API Enabled system permission. Without this, the OAuth handshake will be rejected by Salesforce.

2. Connected App Authorization

Dataflow Gen2 uses a Connected App to facilitate the OAuth flow. Verify the following:

  • OAuth Policies: Ensure the "Permitted Users" setting is configured to "Admin approved users are pre-authorized" or "All users may self-authorize."
  • Permission Sets: If set to "Admin approved," ensure the user is assigned the specific Permission Set authorized for the Connected App.

3. Object-Level Access

Even with valid OAuth tokens, the integration will fail if the user profile lacks read access to the specific SObjects being queried in the Dataflow. Verify that the user has:

  • Read/View All access to the targeted objects.
  • Field-Level Security (FLS) access for every field mapped in the Dataflow.

Implementation Steps

To resolve the failure, follow these steps in your Salesforce org:

  1. Create a dedicated Permission Set for the service account or non-admin user.
  2. Add the API Enabled permission.
  3. Add Object Permissions for all target entities.
  4. Assign the Permission Set to the user.
  5. Re-authenticate the Salesforce connection within the Microsoft Fabric Dataflow Gen2 interface.

Key Takeaways

  • API Access: Non-admin users must have the 'API Enabled' permission explicitly assigned.
  • OAuth Policy: Check the 'Connected App' settings to ensure the user is authorized to perform the OAuth dance.
  • Least Privilege: Always use Permission Sets to grant specific object and field access rather than escalating user profiles to System Administrator.
  • FLS Check: Ensure field-level security includes all fields referenced in your SOQL or object selection.

Share this article

Get weekly Salesforce dev tutorials in your inbox

Related Articles

Salesforce Integration: A Developer's RoadmapIntegration

Salesforce Integration: A Developer's Roadmap

MuleSoft Agent Fabric: Multi-Agent Orchestration & GovernanceIntegration

MuleSoft Agent Fabric: Multi-Agent Orchestration & Governance

unsupported_grant_type: Fixing Apigee JWT IntegrationIntegration

unsupported_grant_type: Fixing Apigee JWT Integration

Comments

Loading comments...

Leave a Comment
Trending Now
Calling Apex Methods to Create Records in Loops from LWC · Agentforce vs. External LLMs: Integrating AI in Salesforce · Dataflow Gen2 Salesforce Connector OAuth Permissions Guide · Screen Flow Business Logic: Advanced Workarounds · Decision Logic vs. Process Time: Architecting Salesforce Logic · Calling Apex Methods to Create Records in Loops from LWC · Agentforce vs. External LLMs: Integrating AI in Salesforce · Dataflow Gen2 Salesforce Connector OAuth Permissions Guide · Screen Flow Business Logic: Advanced Workarounds · Decision Logic vs. Process Time: Architecting Salesforce Logic ·