Data Doctor uses a layered permission system that combines role-based access control with Salesforce's native security model. This guide explains the three permission levels, how object-level permissions work, and how Data Doctor respects your existing Salesforce security settings.
Data Doctor provides three distinct permission levels, each building on the capabilities of the previous:
For team members who need to clean up duplicates and monitor data quality.
For data stewards who define and maintain duplicate detection strategies.
For administrators who manage the entire Data Doctor deployment.
Use this reference to understand exactly which capabilities are available at each permission level:
Beyond role-based permissions, Data Doctor allows administrators to control which Salesforce objects each user can work with. This provides granular control over your data cleanup operations.
Administrators can assign specific objects to each user or group. A user will only see duplicate groups, run merges, and access analytics for the objects they've been granted access to—regardless of their permission level.
Limit users to specific objects like Contacts or Leads, even if they have Analyst-level permissions. They won't see or interact with objects outside their scope.
Assign your sales team to manage Account and Opportunity duplicates while marketing handles Lead cleanup—each team only sees what's relevant to them.
Configuration: Object-level permissions are managed by Admins in Data Doctor Settings → Permissions. Select a user, then check or uncheck the objects they should have access to.
Data Doctor is designed to work within your existing Salesforce security framework. Here's how the integration works:
All Data Doctor operations—viewing duplicates, accessing analytics, managing rules—respect standard Salesforce CRUD (Create, Read, Update, Delete) permissions set by your Salesforce administrator. Users can only see and interact with records their profile allows.
When viewing duplicate groups or record details, users only see fields their Salesforce profile grants access to. Hidden fields remain hidden throughout the Data Doctor interface.
During the merge process, Data Doctor requires access to all record data to properly combine records and preserve field values. This elevated access is temporary and only occurs during the actual merge operation—ensuring no data is lost due to field-level restrictions.
When a user views merge artifacts or performs an undo operation, they only see field values they have access to in Salesforce. The artifact may contain more data than displayed, but restricted fields remain hidden from unauthorized users.
Important: While merge operations access all data to ensure complete record consolidation, this doesn't grant users permanent visibility into restricted fields. Once the merge completes, normal Salesforce security rules apply to the resulting record.
Data Doctor's three permission levels (Standard User, Analyst, Admin) are fixed. However, you can achieve granular control by combining these levels with object-level permissions—for example, an Analyst with access only to Contact records.
Permission changes are applied immediately. Users may need to refresh their browser to see updated access, but no logout is required.
Data Doctor automatically respects changes to Salesforce profiles and permission sets. If a user loses read access to an object in Salesforce, they'll also lose visibility in Data Doctor—even if their Data Doctor object permissions include that object.
Yes. Standard Users can view rule details and metadata, including who created the rule and when. They simply cannot create, edit, or delete rules themselves.
Need Help? If you have questions about configuring permissions or need guidance on structuring access for your team, contact our support team for assistance.
