--- title: "What Salesforce permissions does the Sales Copilot & Scoring package require?" slug: "what-salesforce-permissions-does-madkudu-need" updated: 2026-04-22T21:21:33Z published: 2026-04-22T21:21:33Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.madkudu.com/llms.txt > Use this file to discover all available pages before exploring further. # What Salesforce permissions does the Sales Copilot & Scoring package require? For simplicity, we recommend that the user connecting to Salesforce be given the following permissions: - **API Enabled** — Allows access to any Salesforce API. - **Lead**: View All, Modify All — Create, edit, and delete all lead data, regardless of sharing settings. - **Contact**: View All, Modify All — Create, edit, and delete all contact data, regardless of sharing settings. - **Account**: View All, Modify All — Create, edit, and delete all account data, regardless of sharing settings. - **Opportunity**: View All, Modify All — Create, edit, and delete all opportunity data, regardless of sharing settings. If not possible, Read access on all opportunity data is the minimum required to train models. - **Campaign**: Read all data. Used to feed into the models. - **CampaignMember**: Read all data. Used to feed into the models. - **Task**: Read all data. Used to feed into the models. - [Username/Password only] **API Only User** — Restricts the user to Salesforce API access only (no UI login). - [Username/Password only] **Password Never Expires** — Prevents the user's password from expiring. **To enable** - **Opportunity Field History**: Requires [Field History Tracking](https://help.salesforce.com/s/articleView?id=sf.tracking_field_history.htm) to be enabled on the Opportunity object in Salesforce Setup. Used to identify at-risk opportunities. Note: the following are automatically accessible with Read on Lead / Contact - **Lead History** - **Contact History** - **Opportunity History** If you prefer more fine-grained settings, You may restrict permissions to: **Required Salesforce permissions for the HG Insights User** - **API Enabled** - Access any [Salesforce.com](http://Salesforce.com) API - **Lead/Contact/Account/Opportunity:** Read all data, modify the HG Insights fields. - **Lead/Contact :** Create (see: [HG Insights’s contact discovery](/v1/docs/contact-discovery)) - **All other above fields:** Read all data. - Namely: Opportunity History/Lead History/Contact History/Campaigns/CampaignMembers/Task - **Opportunity** **Field** **History**: Read all data (if you are expecting to identify at risk opportunities with HG Insights) - [Username/Password only] Api Only User - Access [Salesforce.com](http://Salesforce.com) only through a [Salesforce.com](http://Salesforce.com) API. - [Username/Password only] Password Never Expires - Prevent the user’s password from expiring. ## Where do I check these permissions? Salesforce supports two ways to assign permissions. **Permission Sets** are the current recommended approach and should be used for new setups. **Profiles** are still supported but are being deprecated in favor of Permission Sets. ### Checking via Permission Sets (recommended) 1. Go to **Setup** → **Permission Sets**. 2. Open the Permission Set assigned to the HG Insights integration user. 3. Click **System Permissions** to verify API Enabled, API Only User, and Password Never Expires. 4. Click **Object Settings** to verify object-level permissions (Read, Create, View All, Modify All) per object. ### Checking via Profiles (legacy) 1. Go to **Setup** → **Users**, then click the **Profile** of the integration user. 2. Scroll to the **System Permissions** section and confirm **API Enabled** (and API Only User / Password Never Expires if applicable). 3. Scroll to the **Standard Object Permissions** section to verify object-level settings. To find out whether or not your user has those permissions, This user is used for the following - read data from Salesforce (leads, contacts, accounts, opportunities, users and changes) - create data in Salesforce (leads, contacts) from HG Insights Sales Copilot (see [Contact Discovery](/v1/docs/contact-discovery)) - update information in Salesforce --- ### FAQ #### Can I restrict what fields you can access on Lead/Contact/Account? **Yes**. If your Contact/Lead/Account contains HR data, or anything you would like to restrict access to, you can restrict access to only the "relevant" fields on those objects. In this scenario, please contact your Customer Success Manager to decide what fields to give access to. #### Does HG Insights ever creates records in Salesforce? **Yes**. HG Insights creates new leads or contacts when a Sales user clicks on "add to salesforce" button in HG Insights Sales Copilot. It can be done from the Users widget in Copilot when records are showing up from your other systems and are not yet in Salesforce or from the Contact Discovery widget in Copilot, allowing our users to find additional contacts in accounts they research. For more information, please go check our integrations with [Apollo](/v1/docs/apolloio) , [ZoomInfo](/v1/docs/zoominfo) or [Cognism](/v1/docs/cognism) **HG Insights needs the ability to write in the following Lead / Contact fields:** FirstName LastName Email Title (if available) Phone (if available) LeadSource = HG Insights AccountId (for Contact object) Company (for Lead object) #### Does HG Insights ever deletes records in Salesforce? **No**, HG Insights does not delete recrods from your Salesforce instance #### How do I make sure HG Insights’s updates run smoothly? Validation Rules, Triggers & Automations checks 1. Exclude the “MK Integration” profile from any validation rule that blocks record updates. 2. Review flows/process builders that fire on MK field changes—avoid infinite loops. 3. Monitor Apex & Bulk update errors in Setup → Integration Logs.