Change Data Capture Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Change Data Capture
Keep Your External Data Current with Change Data Capture
Change Event Message Structure
Merged Change Events
Other Types of Change Events: Gap and Overflow Events
Subscribe to Change Events
Monitor Change Event Publishing and Delivery Usage
Security Considerations
Required Permissions for Change Event Subscribers
Field-Level Security
Change Events for Encrypted Salesforce Data
Change Event Considerations
Standard Object Notes
Change Events for Fields
PDF

Required Permissions for Change Event Subscribers

Change Data Capture ignores sharing settings and sends change events for all records of a Salesforce object. To receive change events on a channel, the subscribed user must have one or more permissions depending on the entities associated with the change events. The permissions apply to Pub/Sub API and CometD subscribers but not to Apex triggers. Apex triggers run with system privileges under the Automated Process entity, so they don’t require those permissions.

Change Event Permissions

To receive change events for Required permission
A specific standard or custom object: View All Records for the object
User: View All Users
Standard objects that don’t have the View All Records permission, such as Task and Event: View All Data
All entities on a channel: View All Data (AND View All Users, if User is one of the entities)

Permission Enforcement

For the standard /data/ChangeEvents channel and custom channels, user permissions are enforced on event delivery. Users can subscribe to the /data/ChangeEvents channel or to any custom channel regardless of their entity permissions. Users receive only change events associated with entities for which they have the necessary permissions and don't receive change events they don't have permissions for. If permissions change after subscription, the changes are enforced within 10 minutes for Pub/Sub API subscribers. For CometD subscribers, the changes aren't enforced until you restart the subscription.

For the single-entity standard channels, which include change events for one standard or custom object, user permissions are enforced initially on subscription. If users don't have sufficient permissions for the corresponding object, the subscription is denied and an error is returned. If permissions change after successful subscription and users no longer have access to the entity, they stop receiving the corresponding change events.

For more information about user permissions, see View All and Modify All Permissions Overview in Salesforce Help.