<< Previous | Next >>

Daily Learnings: Thu, Feb 01, 2024

The wise man does not lay up his own treasures. The more he gives to others, the more he has for his own. — Laozi

Minimum Access to Create Scratch Orgs

Based on some needs for SOLVD today, I needed to enable some folks in our org to create Scratch Orgs linked to our production Salesforce instance as the Dev Hub. However, I didn’t want to make them System Administrators, I’d prefer to stick with the principle of least privilege.

Thankfully, turns out that someone else already did some testing with the same end-goal in mind. Shoutout to Mikkel Flindt and his blog post found here with the steps that he had success with in 2021.

Using what he outlined, along with some of my own testing, here are the steps for creating a tightened security model for granting access to creating / accessing Scratch Orgs:

1. Create a permission set called “Scratch Org Access”
2. Add the following permissions:
   1. Read, Create on the ScratchOrgInfos object
   2. Read on the ActiveScratchOrgs object
3. Apply this permission set to the users that you need to have access
   1. Personally I prefer a specific Permission Set Group for this to keep it clean

Note: For Delete access to Scratch Orgs:

1. Add Edit access to the ScratchOrgInfos object
2. Add Create, Edit, and Delete access to the ActiveScratchOrgs object

Other Related Topics

• Authorization

References

• Daily Learnings: Tue, Jan 30, 2024
• Daily Learnings: Fri, Feb 02, 2024