Pardot B2BMA Profile Permission Issues
Incident Report for Pardot
Resolved
Sync issues associated with the Salesforce permission incident have been resolved. Please reach out to the Pardot Support team if you're continuing to experience sync issues and have not yet heard from Pardot Support.
Posted Jun 04, 2019 - 17:34 EDT
Monitoring
If you are still experiencing no data syncing with Salesforce as caused by the May 17th, 2019 permissions issue, please read the following instructions. To ensure the integrity of your data, we have disabled sync between Pardot and Salesforce, and you must take one of the actions below before sync can be re-enabled.

If you were previously only syncing a subset of your CRM data with Pardot, commonly referred to as “Selective Sync" (https://www.pardot.com/training/implementing-selective-syncing/), please manually restore your connector user's permissions to their original configuration prior to the May 17, 2019 permissions issue. Once this is complete, please contact Pardot support to have your syncing re-enabled.

If you were previously using the standard connector user permission configuration, please review it and ensure those permissions match the settings described here: https://sfdc.co/PardotPerms. Once this is completed, your syncing will automatically be re-enabled within 2 hours.
Posted May 21, 2019 - 16:10 EDT
Update
All production instances are now out of service disruption and in a performance degradation state as service levels return to normal. During a performance degradation, end users are able to access the service, however, some functionality within the service may not be available or running at optimal performance. We are aware that some customers continue to experience issues, and Salesforce is working urgently to resolve them. Customers should continue to check Trust for updates.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019.

We have restored sync for the vast majority of our customers. A subset of customers will continue to see disabled sync in their accounts while ongoing remediation takes place. More information will be posted here as it becomes available.
Posted May 21, 2019 - 11:27 EDT
Update
The automated provisioning to restore permissions has now been executed on all production instances. Following that fix, a subset of users in affected orgs on the NA53, NA57 and NA59 instances had their permission levels changed again, which gave them broader data access than intended. Salesforce downgraded those users’ permissions to only allow login and limited additional functionality while blocking the broadened data access. Salesforce developed and executed another automated provisioning fix to change the permission levels for the subset of affected users on NA53, NA57, and NA59. Affected users in these orgs with standard default profiles should now have the current default permission levels. For admins that need guidance on how to manually restore user permissions, please see the instructions in this Known Issue article http://sfdc.co/PermSetKI. We are aware that some customers continue to experience issues, and Salesforce is working urgently to resolve them. Customers should continue to check Trust for updates.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019. We have restored sync for the the vast majority of our customers, at this point we will be continuing to enable the remaining orgs.

We have re-enabled Salesforce sync for Pardot customers with standard connector user permission configurations (https://sfdc.co/PardotPerms), excepting those connecting with NA59 Salesforce instances.
Posted May 20, 2019 - 17:40 EDT
Update
The automated provisioning to restore permissions has now been executed on all production instances. Following that fix, a subset of users in affected orgs on the NA53, NA57, and NA59 instances had their permission levels reset again, which gave them broader data access than intended. Customers on NA53 and NA59 may experience service disruption as we work through the removal of the inadvertent permissions in the affected customer orgs. For affected orgs on NA53, NA57 and NA59, users who had their permissions broadened have had their permissions restored. For admins that may need guidance on how to manually restore user permissions, please see the instructions in this Known Issue article http://sfdc.co/PermSetKI The Salesforce Technology team is working urgently to resolve the issue. Customers should continue to check Trust for updates.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019. As we work to restore permissions to affected orgs, we are also working to reenable sync between Pardot and the Salesforce application for those orgs that have not been affected or have had their permissions fixed. Data from interactions with Pardot is being queued, and will resume processing back to the CRM once it is safe to do so.

We have re-enabled Salesforce sync for Pardot customers with standard connector user permission configurations (https://sfdc.co/PardotPerms), excepting those connecting with NA53, NA57, and NA59 Salesforce instances.
Posted May 20, 2019 - 11:44 EDT
Update
The automated provisioning to restore permissions has now been executed on all production instances. Following that fix, a subset of users in affected orgs on the NA53, NA57, and NA59 instances had their permission levels reset again, which gave them broader data access than intended. Customers on NA53 and NA59 may experience service disruption as we work through the removal of the inadvertent permissions in the affected customer orgs. For affected orgs on NA53, NA57 and NA59, users who had their permissions broadened have had their permissions restored. For admins that may need guidance on how to manually restore user permissions, please see the instructions in this Known Issue article http://sfdc.co/PermSetKI The Salesforce Technology team is working urgently to resolve the issue. Customers should continue to check Trust for updates.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019. As we work to restore permissions to affected orgs, we are also working to reenable sync between Pardot and the Salesforce application for those orgs that have not been affected or have had their permissions fixed. Data from interactions with Pardot is being queued, and will resume processing back to the CRM once it is safe to do so.

We have restored access to AP orgs affected by the recent permission issue. We continue to work on a fix for EU, CS, UM and NA instances.
Posted May 20, 2019 - 11:25 EDT
Update
The automated provisioning to restore permissions has now been executed on all production instances. A subset of customers may still be experiencing issues with user permissions and our teams continue to work on this. If you continue to experience issues, please see instructions for admins in the Known Issue article: http://sfdc.co/PermSetKI. We continue to make updates to this article. If your issues persist and cannot be resolved by the information in the Known Issue article, please log a case with Support.
Posted May 20, 2019 - 02:17 EDT
Update
We have restored access to AP orgs affected by the recent permission issue. We continue to work on a fix for EU, CS, UM and NA instances.
Posted May 19, 2019 - 20:46 EDT
Update
We restored administrators' access to orgs affected by the recent permissions issue. In parallel, we ran an automated provisioning fix to restore user permissions to where they were before the incident occurred. The automated provisioning has been run on most instances, including NA57. We continue to work on a fix for the remaining instances. If you are still experiencing issues with your user permissions, we have prepared a set of instructions for admins to manually restore them. See: http://sfdc.co/PermSetKI. Those instructions also include guidance for Field Service Lightning administrators. If your issues persist, please log a case with Support. Please continue to monitor the Salesforce Trust message at https://status.salesforce.com/incidents/3815.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019. As we work to restore permissions to affected orgs, we are also working to reenable sync between Pardot and the Salesforce application for those orgs that have not been affected or have had their permissions fixed. Data from interactions with Pardot is being queued, and will resume processing back to the CRM once it is safe to do so.
Posted May 19, 2019 - 17:17 EDT
Update
We restored administrators' access to all orgs affected by the recent permissions issue. In parallel, we ran an automated provisioning fix to allow us to restore user permissions to where they were before the incident occurred across all instances with the exception of NA57, which is in the midst of receiving the fix. User permissions for the majority of our customers should now be restored. If you are still experiencing issues with your user permissions, we have prepared a set of instructions for your admins on how to manually restore the user permissions. Those instructions can be found in this Known Issue article: http://sfdc.co/PermSetKI. Those instructions also include guidance for Field Service Lightning administrators. If your issues persist, we recommend you log a case with Support. Please continue to monitor the Salesforce trust message at https://status.salesforce.com/incidents/3815.

While the permissions issue did not affect every Pardot customer, we did disable jobs that sync data between Pardot and the Salesforce application in order to protect the integrity of our customers’ data. This action was taken at 17:30 UTC on May 17, 2019. As we work to restore permissions to affected orgs, we are also working to reenable sync between Pardot and the Salesforce application for those orgs that have not been affected or have had their permissions fixed. Data from interactions with Pardot is being queued, and will resume processing back to the CRM once it is safe to do so.
Posted May 19, 2019 - 13:00 EDT
Update
We have restored administrators' access to all affected orgs. We are preparing a set of instructions for admins that may need guidance on how to manually restore those permissions. As soon as the instructions are final, we will inform admins via an email that will contain a link to the instructions.

Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 18, 2019 - 06:24 EDT
Update
We continue to work on restoring access and permissions for customers affected by the permissions issue. During the restore process, some affected customers may receive error messages related to account status, billing, or single sign-on functionality after logging into Salesforce. There is no action you need to take if you receive these messages. We will update you with additional details and information on this situation as they become available.

Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 17, 2019 - 19:28 EDT
Identified
The Salesforce Technology team is investigating an issue impacting Salesforce customer orgs that have Pardot provisioned, or had Pardot provisioned, in those orgs.

A subset of customers across several Salesforce NA and EU instances are experiencing a service disruption. Salesforce blocked access to certain instances that contain customers affected by a database script deployment that inadvertently gave users broader data access than intended. While the permissions issue only impacted customers who have the Pardot package or previously had the Pardot package, to protect our customers, we blocked access to all instances that contain affected orgs until we could block access only to orgs impacted by the broader permissions. As a result, customers who were not affected may have also experienced service disruption. We have unblocked access for all orgs that were not affected by the permission issues. In parallel, we are working to restore the original permissions as quickly as possible for customers that were affected by the permissions change. Salesforce customers who have the Pardot package, or previously had the Pardot package, will continue to have limited or no access to their orgs including Marketing Cloud integrations, where applicable. Customers should continue to check Trust for updates.

Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 17, 2019 - 18:37 EDT
Update
The Salesforce Technology team is investigating an issue impacting Salesforce customer orgs that have Pardot provisioned, or had Pardot provisioned, in those orgs.

Salesforce syncing functionality within the service may not be available or running at optimal performance for all customers. A subset of customers may experience intermittent errors, slow performance or an inability to access the Salesforce application. Logging directly into Pardot with Salesforce credentials may also be unavailable. Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 17, 2019 - 14:01 EDT
Update
The Salesforce Technology team is investigating an issue impacting Salesforce customer orgs that have Pardot provisioned, or had Pardot provisioned, in those orgs. A subset of customers may experience intermittent errors, slow performance or an inability to access the Salesforce application. Logging directly into Pardot with Salesforce credentials may also be unavailable. Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 17, 2019 - 12:31 EDT
Update
The Salesforce Technology team is investigating an issue impacting Salesforce customer orgs that have Pardot provisioned, or had Pardot provisioned, in those orgs. A subset of customers may experience intermittent errors, slow performance or an inability to access the Salesforce application. Customers should continue to check Trust (https://status.salesforce.com/incidents/3815) for updates.
Posted May 17, 2019 - 11:03 EDT
Investigating
The Salesforce Technology team is currently investigating an issue affecting users with the B2BMA profile as of 2p.m. UTC. During this disruption, end users may be unable to access Pardot features. Updates will be posted here as new information becomes available.
Posted May 17, 2019 - 10:20 EDT
This incident affected: Pardot Web Application.