--- title: "Required User Privileges for Metadata Extraction" slug: "required-salesforce-user-privileges-for-metadata-and-usage-extraction" updated: 2024-11-05T19:40:57Z published: 2024-11-05T19:40:57Z canonical: "success.panaya.com/required-salesforce-user-privileges-for-metadata-and-usage-extraction" --- > ## Documentation Index > Fetch the complete documentation index at: https://success.panaya.com/llms.txt > Use this file to discover all available pages before exploring further. # Required User Privileges for Metadata Extraction ## **Sandbox Organization** **Permissions**required for the **Sandbox**Organization - **Metadata extraction** 1. API Enabled 2. Author Apex 3. Download AppExchange Packages 4. Modify all data 5. Manage Custom Report Types **Good to know!**ForeSight will only retrieve metadata from Salesforce to which the authentication user has access. Objects which require specific permission sets which are not included in the permissions above, will not have their metadata extracted. You can add the missing permissions to the authentication user and the missing metadata will be available after the next extraction. Review how to [](/v1/docs/user-access-for-authenticating-cpq-objects)[verify the authentication user has the required permissions.](/v1/docs/how-to-check-required-privileges-for-metadata-extraction)NoteIn cases where **Field Service Lightning** is enabled for your Sandbox or Production Organization, the **Field Service Standard**permission should be added to the metadata extraction for both Organizations **For extraction of Salesforce CPQ data** The Salesforce user for authentication must have **Field Level Security** ([FLS](https://help.salesforce.com/s/articleView?id=sf.admin_fls.htm&type=5)), including one of the following: 1. Associated profile has read access FLS for CPQ fields 2. User has a permission set with read access FLS for CPQ fields Review how to [verify the access of the authentication user](/v1/docs/user-access-for-authenticating-cpq-objects) to Salesforce CPQ objects. --- ## **Production Organization (Optional)** **Permissions**required for the **Production**Organization - **Metadata extraction** 1. API Enabled 2. Modify All Data 3. Customize Application 4. Manage Custom Report Types 5. Manage Users NoteIf you are using [Org Overview Dashboard](/v1/docs/org-overview-dashboard) and the [Components maintained in Production checkbox](https://success.panaya.com/docs/how-to-setup-salesforce-authentication-with-panaya#for-the-production-organization) is checked in the Production Organization configuration, two additional permissions are required for the metadata extraction: 1.  Author Apex 2. Download AppExchange PackagesNoteIn cases where **Field Service Lightning** is enabled for your Sandbox or Production Organization, the **Field Service Standard**permission should be added to the metadata extraction for both Organizations --- ## **Usage with****Event Log Monitor** **Retrieves usage of Dashboards, Reports, Visualforce pages** Enable the following permissions in SFDC to be able to view usage statistics within Panaya 1. API Enabled 2. View Event Log File 3. Run Reports 4. Customize Application 5. View Dashboards in Public Folders 6. View Reports in Public Folders [Event Log File Doc](https://developer.salesforce.com/docs/atlas.en-us.210.0.api.meta/api/sforce_api_objects_eventlogfile.htm) **Note** The user used for the metadata extraction should not be limited to Restricted IPs. To verify, follow these steps - 1. log in to the relevant Salesforce Org 2. Click **Setup** 3. Search for **Users** in the search box and locate the user in the table and look for the **Profile** column 4. Click on the Profile and then **Login IP Ranges** 5. In the **System** section, verify there are no specified IP ranges ![](https://panaya.nanorep.co/storage/nr1/kb/32206D1/32206E8/3E94B465/3/login_ip_ranges.png) --- ## **Usage without Event Log Monitor** **Retrieves usage of Reports, Visualforce pages, and Approval Processes** Enable the following permissions in SFDC to be able to view usage statistics within Panaya 1. API Enabled 2. Run Reports 3. View Reports in Public Folders 4. Customize Application **Good to know!** When setting up ForeSight usage statistics go 30 days back. Once configured, the usage is constantly accumulated. ## Related - [Verifying Event Log Monitoring is Enabled](/is-event-log-monitoring-enabled-for-my-sfdc-organization.md) - [Salesforce Authentication](/how-to-setup-salesforce-authentication-with-panaya.md) - [Fixing Salesforce Usage Authentication Validation ](/how-to-fix-usage-authentication-validation-with-salesforce.md) - [Usage Explained](/what-usage-information-is-collected-by-panaya-1.md)