Working with scratch orgs in Salesforce requires that the DevHub feature is enabled in a non-sandbox (i.e. Production, Developer or Trial) org and that you’ve authenticated to the org. Normally from your Salesforce CLI or CI/CD pipeline.
Since the DevHub is required to be enabled in Production this has led to some concern from some customers I’ve spoken to. Following up on this with a customer who now really needed the scratch org capability I set out to figure out the least amount of access required to the DevHub Salesforce org.
It’s important to remember that license is one thing another is object access. If you are out of licenses Salesforce
Well one thing is license another is access. License seems well described but not so access. Played a bit around with access and was able to get it working with minimum access to an org. I started with a no-access profile and added API access and then figured out object access required. Minimum access required to create a scratch org is:
Read, Create on
ActiveScratchOrgsTo delete a scratch org you need:
Read, Create, Edit on
Read, Create, Edit, Delete on
One thought on “Minimum access to create/delete Salesforce scratch orgs”
In my case, I has also to add “API Enabled” on the profile to be able to create scratch orgs from SF CLI.