The Scratch Org Pooling Unlocked Package adds additional custom fields, validation rules, and workflow to the standard object "ScratchOrgInfo" in the DevHub to enable associated scratch org pool commands to work for the pipeline.
In order for pools command to work effectively, ensure that you have authenticated to DevHub using SFDX Auth URL instead of other authentication strategies where you are executing the pool operations
Save only the following part of the sfdxAuthUrl to secret storate and use sf org login sfdx-url
force://PlatformCLI::Cq$QLeQvDxpvUoNKgiDkoTqyVHdeoMupiZvkgHYcdVHsfMaDpqKJNbg#8ZtUpfBuIdVaUD0B21cFav5X2Pzv5X2@yoursalesforce.com
For developers (who are on limited access license) to access scratch orgs created by the CI service user, for their local development, a sharing setting needs to be created on the ScratchOrgInfo object. The sharing setting should grant read/write access to the ScratchOrgInfo records owned by a public group consisting of the CI service user and a public group consisting of the developer users.
Create Public Groups (Setup > Users > Public Groups)
CI Users (Admin users/ CI users who creates scratch orgs in pool)
Developers (developers who are allowed to fetch scratch orgs from pool)
Create Sharing Rule "ScratchOrgInfo RW to Developers" (Setup > Security > Sharing Settings)
Grant Read/Write access to the ScratchOrgInfos records owned by the CI Users to Developers
Assign Users to Public Groups (Setup > Security > Sharing Settings)
CI Users
Developers
The developers must also have object-level and FLS permissions on the ScratchOrgInfo object. One way to achieve this is to assign a permission set that has Read, Create, Edit and Delete access on ScratchOrgInfos, as well as Read and Edit access to the custom fields used for scratch org pooling: Allocation_status__c
, Password__c
, Pooltag__c
and SfdxAuthUrl__c
Permission Set Name: "Scratch Org Developer"
Object: Scratch Org Info
Object Permissions
Read, Create, Edit and Delete
Field Permissions
Read, Edit for Custom Fields
Allocation_status__c
Password__c
Pooltag__c
SfdxAuthUrl__c
System Permissions:
API Enabled = True
API Only User = False
Create and Update Second-Generation Packages = True
To onboard new developers, the following Profiles and Permission Set will need to be assigned to the new Developer User Account in Salesforce.
Profile (Choose 1 Only)
Minimum Access - Salesforce
Licence Type - Salesforce
Limited Access User
Licence Type - Salesforce Limited Access - Free
Permission Set
Scratch Org Developer
Public Groups
Developers - Add Users to "Developers" Group