The easiest solution would be to run the scan as a System Administrator. However, if you want to be more specific with the permission assignments, the following permissions would be needed:
- Modify Metadata - Required: This is necessary for Hubbl to retrieve and analyze metadata from the org.
- Approve Uninstalled Connected Apps - Required: This is a new permission added by Salesforce on August 28, 2025. This is necessary for any Connected App like Hubbl that accesses an org without installing a package.
- View All Data, or appropriate Object CRUD + Field Level Security (FLS) - Required: Hubbl can only provide object and field analysis on fields that the user running the scan has read access to. Any objects or fields where permissions are not available will be omitted from the scan output.
- Install Packages and Manage Package Licenses - Optional: In order to provide package analysis, Hubbl requires both of these permissions. Salesforce does not have a discrete read-only permission to view installed packages.
- ViewHealthCheck - Optional: For some recommendations, Hubbl relies on Health Check information. Without this permission, these recommendations will not be available.
