Table of Contents [expand]
Last updated July 14, 2025
There are three user mode options that apply the permissions and roles defined in your Salesforce org when using our SDK: user, user-plus, and authorized-user. You can manage what Salesforce data your Heroku apps can access depending on the user mode. This article describes the user mode options.
User Modes
User
user is the default user mode. In this mode, the context is sent as part of your request from Salesforce to Heroku. The SDK uses the user permissions defined in Salesforce, and applies the permissions when performing DML operations. This mode doesn’t grant additional permissions or additional access to data.
For example, this sample app performs complex compute calculations over Salesforce Opportunities and stores the result back in a Quote record in Salesforce. In user mode, a sales rep can only invoke the app operation on opportunities they own and have access to.
User-Plus
In user-plus mode, the developer and admin can define and grant an additional session-based permission set. You can define the permission set to use for additional permissions through the OpenAPI specification when publishing your app. See Configuring OpenAPI Specification for Heroku AppLink for more information.
For example, the same sample app uses a custom DiscountOverride__c field that only sales leaders can access on the OpportunityLineItem object. In user-plus mode, non-sales leaders can also invoke the app operation because they’re granted the additional permission to access the custom field.
Authorized-User
Authorizations, or authorized-user mode, allow you to provide an authorized user that you can reference in your code. You can perform DML operations in Salesforce and Data Cloud as the specific authorized user in your app’s code. It’s common to have a dedicated user to run workloads, such as in worker dynos or nightly jobs. To use this mode, create an authorization.
For example, this sample app uses the Salesforce Bulk API to exchange data across multiple connected Salesforce orgs. Salesforce APIs are always accessed in the context of the authenticated user, so the code can only access the objects and fields the user has access to. By using a dedicated integration user and running in authorized-user mode, you have more control over what data the app can access.
User Mode Examples
Here are some example integration scenarios and which user modes you can use:
| Integration Path | Description | User Mode | 
|---|---|---|
| Salesforce → Heroku | User in Salesforce invokes the Heroku app and the app maintains the user context when interacting with Salesforce using an AppLink SDK | user,user-plus, orauthorized-user | 
| Salesforce → Heroku → Salesforce | User in Salesforce invokes the Heroku app, the app maintains the user context when interacting with Salesforce using an AppLink SDK, and updates back in Salesforce | user,user-plus, orauthorized-user | 
| Heroku → Salesforce | Heroku app invokes Salesforce via Salesforce APIs | authorized-user |