Pardot will be releasing security updates to their AppExchange package starting Wednesday, October 26th, 2016.

The updates will be improving security as well as removing a small number of remaining API calls that were counting towards your limit. These include viewing lead and contact activities in Salesforce when not logged into Pardot.

User action is required, any users required to access Pardot data in Salesforce will need to be assigned to the Pardot Permission Set (best practice) or manually assign the permissions (Enterprise Salesforce edition only). The update will enforce the use of the Pardot permission set.

So what functionality is being improved with these security updates?

  1. The Pardot tab in Salesforce
  2. The Send to Pardot button for leads and contacts
  3. The Send Pardot Email button for leads and contacts
  4. The Pardot Social Data Visualforce Page for leads and contacts
  5. The Pardot Activities Visualforce Page for leads and contacts
  6. The Pardot List Membership Visualforce Page for leads and contacts
  7. The Engage Reports tab for Salesforce Engage users

Note: The updates to eliminate the API calls will be released at a later date and will again require the Pardot permission set be assigned to any users required to access Pardot data in Salesforce.

So, by the 26th of October you will need to assign the Pardot permission set to all users required to access Pardot data in Salesforce or manually assign required permission, remember manually assigning permission is only available with the Salesforce Ultimate Edition.

If you do not assign the Pardot permission set in time your users may see errors when trying to access Pardot data in Salesforce and the API calls will still be counted towards your limit.