Hi Andrew,
Ok, I have another newbie question for you....

I granted access to one profile which need to use this, but now all users of different profiles receive this error message when trying to save a Opportunity & account record. The 2 DLRS I have active rollup all won child opportunities on the opportunity record, and the other one rolls up all won opportunities on the account record. Field to aggregate 'Amount'

Error:Apex trigger dlrs_OpportunityTrigger caused an unexpected exception, contact your administrator: dlrs_OpportunityTrigger: execution of AfterUpdate caused by: dlrs.SObjectDomain.DomainException: Permission to access an dlrs__LookupRollupSummary__c dennied.: (dlrs

So, what can I do to resolve??
Also...(this may be a roll the eyes moment)...is it possible to have the tool activated without the profiles having the 'Modify all Data', as I don't want the users to have this.....

Appreciate any assistance! Kelly

Apologies, I do need to clarify this deployment aspect of the tool, and a couple of Permission Sets packaged with it would help also i think, I'll look to address this soon i promise. In the meantime think of it as two types of users that use the tool...

Kind of a tool admin user that both configures and activates the rollups (this has to be an admin to deploy and manage the trigger for example). This user also needs full read/write access to all the objects in the package.

Then there is the users that don't directly use the tool, but indirectly invoke its rollups. These users need read access to all the objects in the package. You don't however need to give them access to the app, tabs or Visualforce pages for example since they don't need to be able to access the tools admin UI.

As regards Modify All Data, can you explain a bit more about why you have this enabled and what happens if you don't?

This has been fixed in v1.9, see https://github.com/afawcett/declarative-lookup-rollup-summaries/blob/master/README.markdown#packaged-release-history

Hi Andrew - We've just installed 1.9, and are still seeing the error described in this issue. Is there anything else we need to do to make the permission sets active? Do we have assign the ready-only permission set individually to every user that could possibly invoke a rollup trigger? This seems unwieldy?

Yes thats what you will have to do, it is a requirement of the Salesforce Security Review the package had to go through, to ensure it enforced object level security. You can either assign the read only Permission Set or edit the users profiles accordingly, which ever is easier.

BTW, you can do mass assignment of Permission Sets these days, let me know if you need some help with that.

Andrew, thanks for the quick reply. Can you point me to information on the mass assignment? Is there no way to assign these permissions via profiles? Seems very prone to error if we have to remember to assign these permissions to every user we add, including customer portal users.

Sure, you have a few options...

• You can click on Permission itself Lookup Rollup Summaries - Process Rollups and there is a button Manage Assignments. From the page that is displayed you can create a List View to filter for the users you want, tick them and click Add Assignments.
• You can update a Profile by giving Read access to the following objects, Lookup Rollup Summaries, Lookup Rollup Summary Logs and Lookup Rollup Summary Schedule Items.
• Finally, if you didn't find the first option useful enough, you may want can try out the free The Permissioner tool on AppExchange.

Thanks Andrew! I think profile based approach worked well for me. permission set involves lot of maintenance.