# Personas for CRM connector permission sets
After you install and configure the AWS Partner CRM connector, you assign Salesforce users to one or more personas in a *permission set*, a collection of settings and permissions that provide access to various tools and functions. The following topics list and describe the available personas.
For more information about assigning Salesforce users to permission sets, refer to [Managing Permission Set Assignments](https://help.salesforce.com/s/articleView?id=platform.perm_sets_manage_assignments.htm) in the Salesforce help.
**Topics**
+ [AWS Partner Network permission sets](crm-connector-pemissions-sets.md)
+ [AWS Marketplace permission sets](mkt-permissions-sets.md)
+ [CRM connector tabs and permission sets](permission-set-table.md)
# AWS Partner Network permission sets
The CRM connector supports the following primary AWS Partner Network personas:
**Topics**
+ [Business administrator (APN Business Administrator)](#business-administrator)
+ [Integration User (APN Integration User)](#integration-user)
+ [Business user (APN Business User)](#business-user)
+ [Granting permissions to view reports](#report-permissions)
+ [Activating flow users](#activate-flow-user)
## Business administrator (APN Business Administrator)
+ Assign to a system admin or a business admin to configure the setup and mapping of records.
+ Gives full access to the Salesforce AWS Partner Network CRM administration app.
+ Can create, view, and edit field mappings.
+ Can view all sync log detail records.
+ Doesn’t allow the user to schedule an integration, only to set up configurations.
+ Doesn’t provide core Salesforce setup access.
+ Some settings in Salesforce require additional access. Specifically, named credentials and custom settings that the AWS Partner must provide to their user. However, partners can pair this permission set with a Salesforce system admin profile and enable all of the necessary permissions to configure the application. For more information about named credentials, refer to [Set up named credentials](set-up-api-credentials.md)
## Integration User (APN Integration User)
+ Assign to a system user responsible for processing the integration.
+ To schedule an integration, a Salesforce system admin signs in as this user and invokes the system integration schedule.
+ Allows admins to configure the mappings and invoke integration schedules.
+ The integration may break if this permission isn’t set for the user who runs the integration.
+ In addition to this permission set, the user designated to process the integration should have field level access to all mapped fields. If not, the mappings fail to sync as assigned.
+ The outbound jobs are designed to ignore updates done in the integration user context to prevent a race-around condition, with the same record updated during inbound integration being flagged to be sent for outbound integration.
## Business user (APN Business User)
+ Assign to business users who might want to see the sync log details related to their opportunities. This allows for end-user troubleshooting if data is not syncing correctly.
+ Does not provide visibility to the sync log records and only gives access to the object and fields.
+ We recommend setting sync log records to private, since they contain sensitive opportunity information.
+ If you configure a private model, APN business users can access only the records if the partner Salesforce administrator configures record sharing with users.
## Granting permissions to view reports
To allow a user to view reports on the **Home** tab of the AWS Partner CRM connector, an administrator must grant the following permissions:
+ Create and Customize Reports
+ Edit My Reports
+ Mange Reports in Public Folders
+ Run Reports
+ View Reports in Public Folders
For more information, refer to [Grant Users Access to Reports and Dashboards](https://help.salesforce.com/s/articleView?id=sfdo.PMM_Folder_Sharing_Reports_Dash.htm) in the Salesforce help.
## Activating flow users
Activating users as flow users enables them to run flows and use the **Link private offer** button on an ACE opportunity.
1. Ensure that the system administrator has permission to assign a flow user. For more information, refer to [Add Run Flows Permissions](https://help.salesforce.com/s/articleView?id=sf.wcc_setup_add_run_flows_perms.htm) in the Salesforce help.
1. Choose **Setup**, **Users**.
1. Choose a user.
1. Choose **Flow user**.
# AWS Marketplace permission sets
The CRM connector supports the following primary AWS Partner personas. Partners enable the personas by giving the Salesforce user the corresponding permission set included in the application.
**Topics**
+ [AWS Marketplace administrator](#aws-marketplace-administrator)
+ [AWS Marketplace user](#aws-marketplace-user)
+ [AWS Channel Partner user](#aws-channel-partner-user)
## AWS Marketplace administrator
Assign this persona to a systems or Business Administrator to perform the configuration and manage schedules. This persona provides full access to the AWS Marketplace integration in the Salesforce connector.
This persona can do the following:
+ Read, write, and view records for all objects related to the AWS Marketplace integration.
+ View all AWS Marketplace sync log records.
+ Create schedules related to AWS Marketplace entities.
**Note**
Certain settings in Salesforce require additional access, specifically named credentials and custom settings that AWS Partners must provide to users. However, if partners pair this permission set with a Salesforce systems administrator profile, all permissions needed to fully configure the application should work.
## AWS Marketplace user
Assign this persona to the user who creates and manages private offers and resale authorization.
The AWS Marketplace user can do the following:
+ Synchronize AWS Marketplace products, offers, and resale authorizations.
+ Modify expiry dates, and cancel and clone offers and resale authorizations.
+ Access the AWS Marketplace dashboard.
## AWS Channel Partner user
The AWS Channel Partner user can do the following:
+ View available shared resale authorizations created by the Independent Software Vendor (ISV) seller.
+ View and create AWS Channel Partner private offers from shared resale authorizations.
# CRM connector tabs and permission sets
When you use the CRM connector app in Salesforce, a set of tabs appears. The tabs you see vary, depending on your permission settings. The following table lists the tabs provided by the connector app, and the permission sets allowed to use each tab.
| **Connector app tab** | **Permission sets** |
| --- | --- |
| **AWS Guided Setup** | APN Business Administrator APN Integration User APN Business User ? AWS Marketplace Administrator |
| **Reports** | APN Business User AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **ACE Mappings** | APN Business Administrator APN Business User ? |
| **Schedules** | APN Business Administrator APN Integration User AWS Marketplace User (AWS Marketplace ISV) |
| **ACE Sync Logs** | APN Business Administrator APN Integration User APN Business User |
| **ACE Leads** | APN Business Administrator ? -> Available APN Integration User ? APN Business User |
| **ACE Opportunities** | APN Business Administrator ? -> Available APN Integration User ? APN Business User |
| **Solution Offerings** | APN Business Administrator APN Business User |
| **AWS Accounts** | AWS Marketplace Administrator AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **Products** | AWS Marketplace Administrator AWS Marketplace User (AWS Marketplace ISV) |
| **Private Offers** | AWS Marketplace Administrator ? -> Available AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **Resale Authorizations** | AWS Marketplace Administrator ? -> Available AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner user |
| **Shared Resale Authorizations** | AWS Marketplace Administrator ? -> Available AWS Channel Partner user |
| **Marketplace sync logs** | AWS Marketplace Administrator AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **Agreements** | AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **AWS Marketplace Notifications** | APN Business Administrator APN Business User AWS Marketplace Administrator AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner user |
| **Field Mappings** | APN Business Administrator ? APN Integration User ? |
| **Offer Dimensions** | AWS Marketplace Administrator ? AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **Payment Schedules** | AWS Marketplace Administrator ? AWS Marketplace User (AWS Marketplace ISV) AWS Channel Partner User |
| **Product Dimensions** | AWS Marketplace Administrator ? AWS Marketplace User (AWS Marketplace ISV) |
| **Logs** | APN Business Administrator APN Business User |