Overview
When a user logs in to Riva Insight, the Web API (Riva Sync with an SDK connection to Insight) returns the list of CRM modules/objects supported by the connection. This allows Insight to avoid calling objects that are not supported.
However, individual Salesforce users often have different object permissions than:
- The service account used by the connection
- Other Salesforce users
Without per-user permission data, Insight may attempt create or update operations that the logged-in user is not allowed to perform, resulting in permission errors.
SDK Per-User Module Permissions adds per-user CRUD (Create, Read, Edit, Delete) permissions to the login/system info payload so Insight can:
- Make appropriate Web API calls
- Skip operations the user is not permitted to perform
- Prevent avoidable permission errors
Important: Contact Support Before Enabling
Enabling per-user module permissions requires modifying how Insight communicates with the Web API during login.
If this setting is added incorrectly or in the wrong configuration location, it can cause:
- Login failures
- Incomplete system info responses
- Unexpected sync behavior
Customers must contact Riva Support before enabling or modifying this setting.
This applies to both:
- Riva Cloud
- Riva On-Premise
Riva Support will:
- Confirm whether the feature is required for your environment
- Apply the setting in the correct configuration location
- Validate that the login response includes correct permission data
- Ensure no disruption to existing sync behavior
How It Works
When enabled, Insight requests per-user permissions during login.
Insight passes the following setting to the Web API during the login process:
Sync.Crm.PluginCompatibility.UserModulePermissions.Enabled=true
If enabled correctly:
- The Web API includes per-user CRUD permissions in the
GetSystemInfoResponse - No changes are required to the CRM connection mappings
- The change affects only the login/system info response payload
Key Features
- Per-user CRUD permissions returned at login:
- Create
- Read
- Edit
- Delete
- Includes both:
SdkModule(internal Riva/SDK module name)CrmModule(Salesforce object name)
- Handles notable Salesforce scenarios:
- Enhanced Email (EmailMessage)
- FSC Interactions
- Custom object mappings (Custom{#})
Behaviour Details
Enhanced Email (EmailMessage Object)
Enhanced Email changes which Salesforce object determines Email module permissions.
Enhanced Email Disabled
- Emails are synced as Tasks
- Task permissions are used for both Task and Email
Example:
{
"SdkModule": "Task",
"CrmModule": "Task",
"PermissionsCreate": true,
"PermissionsRead": true,
"PermissionsEdit": true,
"PermissionsDelete": false
},
{
"SdkModule": "Email",
"CrmModule": "Task",
"PermissionsCreate": true,
"PermissionsRead": true,
"PermissionsEdit": true,
"PermissionsDelete": false
}
Enhanced Email Enabled
- Task permissions apply only to Tasks
- Email permissions are derived from the EmailMessage object
- EmailMessage objects in Salesforce are read-only
Example:
{
"SdkModule": "Task",
"CrmModule": "Task",
"PermissionsCreate": true,
"PermissionsRead": true,
"PermissionsEdit": true,
"PermissionsDelete": false
},
{
"SdkModule": "Email",
"CrmModule": "EmailMessage",
"PermissionsCreate": false,
"PermissionsRead": true,
"PermissionsEdit": false,
"PermissionsDelete": false
}
Interactions (FSC)
When the following setting is enabled:
Sync.Salesforce.FSC.MeetingsAsInteractions.Enabled=true
Salesforce objects map as follows:
| Salesforce Object | SDK Module |
|---|---|
| Interaction | RivaMeeting |
| InteractionAttendee | Participant |
Example:
{
"SdkModule": "RivaMeeting",
"CrmModule": "Interaction",
"PermissionsCreate": true,
"PermissionsRead": true,
"PermissionsEdit": true,
"PermissionsDelete": true
},
{
"SdkModule": "Participant",
"CrmModule": "InteractionAttendee",
"PermissionsCreate": true,
"PermissionsRead": true,
"PermissionsEdit": true,
"PermissionsDelete": true
}
Custom Objects
Salesforce custom objects are mapped to their configured SDK Custom{#} modules.
Example:
{
"SdkModule": "Custom1",
"CrmModule": "CallReport__c",
"PermissionsCreate": false,
"PermissionsRead": true,
"PermissionsEdit": false,
"PermissionsDelete": false
}
Salesforce Permission Sources
The returned CRUD permissions are derived from Salesforce as follows:
Activity Objects (Events, Tasks, Emails)
Activity permissions are determined by System Permissions on the user’s Profile:
- Access Activities controls read access
- Event/Task Edit permissions control create/edit/delete
- EmailMessage objects are always read-only
Modify All Data
The Modify All Data system permission grants full CRUD access to:
- Activity objects
- Standard objects
- Custom objects
Object Settings (All Other Objects)
All non-activity objects use Profile → Object Settings.
Each object defines explicit:
- Create
- Read
- Edit
- Delete
permissions individually.
API Notes
- Permissions are derived from Permission Sets
- Permission Sets are additive
- The most permissive access applies
- Effective permissions must be aggregated in code
Activity permissions are determined separately using Profile system permissions.