Find your content:

Search form

You are here

Can't install managed package because packaged permission set seems to have lost a read permission


I developed a Managed Extension Package. When I try to install it or create a patch org for it, this fails with no error but the note to call Salesforce.

Support told me that it fails due to:

MyPermissionSet: Permission Create MyNamespace__MyChildObject__c depends on  
permission(s): Read ExtendedPackageNamespace__MyParentObject__c

From the error message it seems like the permission set is unable to assign a CREATE permission to a Master/Detail child object, because it misses a READ permission on its parent object.

BUT this is not true. MyPermissionSet contains READ access rights to this object. While packaging or installing this seems to get lost or ignored.

Can the reason for this be, that the parent object it is depending on, is no from my package but the package I am extending?

Attribution to: Robert Sösemann

Possible Suggestion/Solution #1 officially accepted this as a bug which can be tracked on their new Known Issues Site:

A workaround is also described there.

Attribution to: Robert Sösemann

Possible Suggestion/Solution #2

I'm a product manager at responsible for Permission Sets. I was able to reproduce this use case. We do intentionally block the setting of parent permissions if it's a standard object (Kibitzer is totally correct with this). I'm working through this use case with my team since this use case is directly related to a custom object from the base package instead of a standard object. Please stay tuned. Thanks for your patience!

Attribution to: Adam Torman

Possible Suggestion/Solution #3

Not to hijack this post but a similar situation occurs when you define a permission set in your extension package where you assign object field permissions for sobject fields that originate in the base package.

After installation of the extension package in an org all your object field settings in the permission set are not copied. The only way around this is to define the permission set in the base package where the sobjects originate.

I don't know what happens when the extension package defines additional fields for the base sobjects and assign crud rights in a packaged permission set, haven't tried that combination yet.

Attribution to: Leon
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content