cancel
Showing results for 
Search instead for 
Did you mean: 

DemandTools Salesforce merges not working - possible permissions issue?

AaronTAFSC
Enthusiast

I’ve tried several times over the past week, and been completely unable to run any merges through DemandTools. I can get to the “Review Duplicates” screen after running a scenario:

However, clicking “Merge Selected Records” almost immediately returns an error message:

This seems to be regardless of the scenario or which records I select. 

Checking the logs for these failed merges, I see the same thing each time:

[2024-03-13 16:03:12.870] [debug] [demand-tools-svc] 2024-03-13 16:03:12.868 DEBUG 13000 --- [ dt-taskRunner1] c.v.demandtools.service.AsyncTaskRunner : ### Started merge all processing with thread id: 156
[2024-03-13 16:03:12.873] [info] [demand-tools-svc] 2024-03-13 16:03:12.873 INFO 13000 --- [ dt-taskRunner1] s.s.AbstractSalesforceDeduplicateService : Starting merge for 1 number of records
[2024-03-13 16:03:12.899] [info] [demand-tools-svc] 2024-03-13 16:03:12.899 INFO 13000 --- [ dt-taskRunner1] c.v.d.l.appenders.UserLogFileAppender : Audit log created: C:\Users\atabak\DemandToolsLogs\Audit\Dedupe\DemandTools_Dedupe_2024-03-13_16-03-12.csv
[2024-03-13 16:03:12.905] [info] [demand-tools-svc] 2024-03-13 16:03:12.905 INFO 13000 --- [ dt-taskRunner1] s.s.AbstractSalesforceDeduplicateService : Encrypted text field found on object: Contact.SSN__c [SSN]. Checking permissions.
[2024-03-13 16:03:15.111] [info] [demand-tools-svc] 2024-03-13 16:03:15.111 INFO 13000 --- [ dt-taskRunner1] c.v.demandtools.service.AsyncTaskRunner : Merge all task cancelled

Does this mean the permissions for the encrypted field are the issue? Or would this be something else? 

1 ACCEPTED SOLUTION

Pugs_Validity
Validity Team Member
Validity Team Member

Hey @AaronTAFSC - There are two methods to resolve this outlined here. There was an update in a recent release to help prevent any potential data loss from encrypted fields a user does not have access to view.  The choice is to ultimately either allow the user in Salesforce to view encrypted data by changing permissions or disabling the encrypted data check from the command prompt. 

View solution in original post

3 REPLIES 3

Pugs_Validity
Validity Team Member
Validity Team Member

Hey @AaronTAFSC - There are two methods to resolve this outlined here. There was an update in a recent release to help prevent any potential data loss from encrypted fields a user does not have access to view.  The choice is to ultimately either allow the user in Salesforce to view encrypted data by changing permissions or disabling the encrypted data check from the command prompt. 

AaronTAFSC
Enthusiast

Thanks! I haven't been able to load the link (https://knowledge.validity.com/hc/en-us/articles/22985303240347-DemandTools-Error-when-merging-recor...) as I keep getting a 503 error. Is there an issue with the site?

Hey @AaronTAFSC - Apologies, I'll have to do some research on why the article is down but the explanation is outlined below, let us know if you have any questions.

"Changes were made in 5.34 of DTV when Deduping that if you try to merge object with encrypted fields without the “View Encrypted Data” permission the merge will fail due to error "View Encrypted data permission required to merge records".

This was done to prevent data loss when merging records or when trying to undo merges.

Users can disable this check by adding `"-Dvalidity.dedupe-encryption-check-enabled=false"` to the `additionalArgs` in `javaSettings.json` in `~/DemandToolsConfig/` (or `%USERPROFILE%\DemandToolsConfig` under Windows).

However, if they do disable this check and don’t have the `View Encrypted Data` permission, then that could cause loss of that encrypted data when merging or undoing a merge.

In Salesforce this permission "View Encrypted data" needs to be enabled on the users profile or through a permission set that is assigned to the user.

It does seem like this permission can only be enabled on Custom Salesforce Profiles. If using a Standard Salesforce Profile then a permission set needs to be created and assigned to the user.