Two things have to be true for hard delete to actually execute:
- Data Loader has Bulk API enabled (Settings → Use Bulk API checked).
- The user logged in has the Bulk API Hard Delete permission plus delete access to the records.
If the button appears but the job fails or returns zero deletes, one of the second-tier checks is failing.
Walk through the diagnostic ladder
1. Confirm the permission is on the right user
Hard delete is gated by the logged-in user, not the admin who enabled Bulk API on the local Data Loader install. Check:
- Setup → Users → [the user] → does their profile or any of their assigned permission sets include Bulk API Hard Delete?
- Did the admin add the permission to a permission set without assigning the set to the user? It’s a common miss.
2. Confirm Use Bulk API is checked
Hard delete is Bulk API only. If Use Bulk API under Data Loader → Settings is unchecked, the SOAP API path is being used and hard delete silently fails or isn’t honoured.
3. Confirm the user can delete the records at all
Hard delete needs Delete CRUD permission on the object plus record-level delete access (sharing). If the user can’t delete normally, they can’t hard delete. Test with a small plain Delete first — if that fails with INSUFFICIENT_ACCESS_OR_READONLY, the underlying problem is delete permission, not hard delete.
4. Re-login Data Loader
Permission changes in Salesforce don’t always refresh in an already-open Data Loader session. Log out and log back in.
5. Check the error file
error_<timestamp>.csv will name the failure:
| Error | Real cause |
|---|---|
INSUFFICIENT_ACCESS_OR_READONLY | Delete permission / sharing missing |
ENTITY_IS_LOCKED | Record is locked by approval or other process |
Trigger MyTrigger failed | A before delete trigger called addError |
INVALID_OPERATION_WITH_EXPIRED_PASSWORD | Login session expired |
API_DISABLED_FOR_ORG | The whole org’s API access is off |
6. Org / edition checks
- API access enabled? Group and Essentials editions don’t expose the API at all; hard delete is impossible. Check the org edition.
- API token expired or password reset required — re-authenticate.
- IP restrictions on the profile — Data Loader’s IP isn’t trusted, login is silently blocked.
The shortest answer for an interview
In a real interview you can give the one-line diagnosis: “Either the user is missing Bulk API Hard Delete on their profile/permission set, Use Bulk API isn’t checked in Data Loader, or they lack basic Delete on the object.” Those three are responsible for the overwhelming majority of cases.
Verified against: Data Loader Guide — Performing a Hard Delete, Bulk API Developer Guide, Metadata API Developer Guide. Last reviewed 2026-05-17 for Spring ‘26 release.