Permission Check settings can be found under org-level settings and utilities, and can be accessed from the gear icon in the Axsy Config Tool.
Permission Check
This tool is a significant aid for support and troubleshooting as it allows you to check if a chosen User has access to all objects configured in the sync config, and highlights any object that the User does not have permission to access.
Many support problems are due to insufficient access to objects configured in the sync config. This tool lets you quickly identify any configured objects a user does not have access to.
Once configured, permissions for the objects configured in the last published config will be checked against the specified user daily. If there are any objects the user does not have access to, then all users that have been configured to receive notifications will be notified.
The Permission Check tool checks object access granted via permission sets, and profiles.
Figure 1 - An Example Permissions Check Notification
NOTE: As an Admin, you should ensure that there are no sync issues for your users.
Implicit Object Access
In some cases, the Permission Check tool may flag certain objects as inaccessible even though they are available for the configured user. This can happen when access cannot be granted through permission sets - for example, with related objects such as CaseParticipant. To resolve this, it is possible to give the Permission Check tool an additional list of permitted objects by providing a JSON file at the org, profile, or user level. This file allows the Permission Check tool to mark these objects as accessible, and does not modify permissions.
For more information, and a step-by-step guide, see How to Add Implicit Object Access to Permission Check.
Ad-Hoc Permission Check
It is also possible to perform ad-hoc permission checks for a specified user by clicking "Check Permissions Now", as highlighted in Figure 2. This can be particularly useful when making changes to user permissions to ensure that existing permission issues have been resolved, and no additional issues have been introduced. The objects checked are those that are configured in the last published config.
Figure 2 - Check Permissions Now And Update Permitted Objects
When clicking on the sync object permission issues, you are taken to a list of all issues found, as shown in Figure 3. If no issues are found, this list is empty.
Figure 3 - Example List Of Object Permission Issues
It is also possible to check which objects the user has access to by clicking "Update Permitted Objects". This can be useful when making changes to your sync config. When clicking on the permitted objects, you are taken to a list of all objects that the user has access to, as shown in Figure 4.
Figure 4 - Example List Of Permitted Objects
NOTE: You may have to save your Settings when you change the User to Check Permissions Against field in order to receive up-to-date permission information.
Viewing Sync Config
Once a user has been configured to check permissions against, any permissions issues are also surfaced when viewing the sync config. Permissions are checked for the config version you are viewing. As this includes draft config versions, this allows you to check object access as you make changes to the config.
This can be found under the "Sync" tab. When selecting a record set, and viewing "Related Objects", any objects that are inaccessible will be highlighted in red.
Figure 5 - Permissions Issue Highlighted In Sync Config
Figure 6 - Inaccessible Objects Highlighted In All Related Objects View
Figure 7 - Inaccessible Objects Hidden