Required Permissions for Change Event Subscribers
Change Event Permissions
To receive change events for | Required permission |
---|---|
A specific standard or custom object: | View All Records for the object |
User: | View All Users |
Standard objects that don’t have the View All Records permission, such as Task and Event: | View All Data |
All entities on a channel: | View All Data (AND View All Users, if User is one of the entities) |
Permission Enforcement
For the standard /data/ChangeEvents channel and custom channels, user permissions are enforced on event delivery. Users can subscribe to the /data/ChangeEvents channel or to any custom channel regardless of their entity permissions. Users receive only change events associated with entities for which they have the necessary permissions and don't receive change events they don't have permissions for. If permissions change after subscription, the changes are enforced within 10 minutes for Pub/Sub API subscribers. For CometD subscribers, the changes aren't enforced until you restart the subscription.
For the single-entity standard channels, which include change events for one standard or custom object, user permissions are enforced initially on subscription. If users don't have sufficient permissions for the corresponding object, the subscription is denied and an error is returned. If permissions change after successful subscription and users no longer have access to the entity, they stop receiving the corresponding change events.
For more information about user permissions, see View All and Modify All Permissions Overview in Salesforce Help.