Profiles and Permission Set in Salesforce control what users can access, view, and execute in their Salesforce Org. This permission management is a critical activity to ensure data security and integrity, while running the org smoothly. But as the org grows in size, the number of permissions can boost up and hence the management can become a tricky challenge.
Salesforce has launched Permission Sets in the Winter ‘12 release. Permission Sets empowers Salesforce admins to grant individual permissions in combination with profiles to facilitate access for particular users for reducing the growing number of profiles in a Salesforce org.
Introduction To Permission Sets
Permission in Salesforce comes with a wide array of benefits that reduce the time and inconvenience of assigning and revoking permission set assignments to multiple users. The simplified user interface allows the administrator to select one or more permissions to be given to one or more users simultaneously.
When searching for users, when a permission set is selected, only the permissions not assigned to them will appear in the list. This is beneficial when trying to assign more than 1000 users. Salesforce permissions make setting permissions for users more effortless than ever by granting permissions to as many users as needed in one simple and intuitive screen.
With permission set, you can grant specific users with additional access and their existing profile permissions. It doesn’t include modifying an existing profile, creating new profiles, or providing an administrator profile where it’s not required.
Permission Set Control includes Object Permission, Field Permission, User Permission.
Tab Settings, App Settings, Apex class access, Visualforce Page access.
Let’s now explore the two ways for using the Permission Set in Salesforce. The user can use permission set to grant access to custom objects or entire apps and grant permissions-temporarily or long term-to specific fields.
Types Of Permission Sets:-
Custom Permission Set – Admins can create this custom permission set based on user-performed tasks.
Integration Permission Set – Only specific permissions types can be modified by your org, and the editability is based on the particular integration’s use case.
Managed Permission Set– Installed from a managed package and has the package namespace.
Session-Based Permission Set – Provides functional access only through a predefined session type.
Standard Permission Set – Contains general permissions for roles associated with a permission set license.
Steps To Create Permission Sets:
Step 1: From Setup, enter Permission sets, then select permission sets under the Manage users section.
Step 2: Click on new and enter the required information.
Step 3: Select the types(license) of users for the permission set.
Step 4: Click on Save
Note: You can select a specific user or permission set license when you create a permission set. Select the user’s license if only users with one type of license can use the permission set.
Limitations Of Permission Sets:
- You can create 1000 permission sets. This limit depends on the type of salesforce features and editions.
- The permission set cannot be used to revoke access; it can only grant access.
- Permission sets can’t be assigned to a custom object in Master-detail relationships if the master is a standard object.
- Permission sets: Maximum (created and added as part of an installed managed AppExchange package) are 1500
- Modification of the user license in a duplicate permission set is restricted.
- Permission set groups: maximum (created per org) are 800.
Permissioner, an AppExchange application, is designed to assign and revoke permission sets to multiple users at a single time. It offers various ways to search permission sets and filter users to manage their permission set assignments efficiently.
When a permission set is selected, and users are searched, it only displays the users that are not assigned with that particular permission set.
Here is the Lightning interface of “The Permissioner.”
This is the Classic interface of “The Permissioner.”
How to use “The Permissioner.”
By the Permissioner app, you can Assign or Revoke the Permissions from the users.
Assign – By Assign, you can assign the permissions to the users.
Revoke – By Revoke, you can remove that permission from the users.
Assign Functionality In Permissioner
It is used to assign permissions to multiple users at a single time. In Assign Tab, search for the Permission Set and choose from the filter and select a permission that is to be assigned. At a single time, you can only select multiple permission sets if they are of the same user license type.
Users will get displayed according to the permission set selected as users get filtered according to the “User License.”
Select the user or multiple users to whom the selected permission is assigned, and then click on the Assign button.
The Permission Set will get assigned to those users who were selected.
View the Permission In the User Profile
Once the permission is assigned to the user, Go to users and open that user.
View the Permission Set assignment of that user. Go to Users from the Setup and Open the user to whom the permission is being assigned.
The user is assigned with the permission set.
Revoke Functionality In Permissioner
It is used to remove the permissions from multiple users at a single time. In Revoke Tab, search for the Permission Set and choose from the filter and select permission to be removed.
Once a user selects the permission that is to be revoked, it displays all the users that have been assigned with that particular permission.
Select the user from whom you want to revoke permission and click on Revoke Button.
You can select multiple users at a single timeNow, the user will not be having the permission set assigned.
A permission set consists of settings and permissions that users can use to access various tools and features. Permission sets extend users’ functional access without modifying their existing profiles. Users can only have one account. However, depending on the Salesforce edition, they can have multiple sets of permissions. You can also assign permission sets to different types of users, regardless of their profiles.
Permission sets enable you to grant access between logical groups of users regardless of their primary job role. Let’s take an example, suppose you have several users who must delete and transfer leads, then you can create a permission set based on the tasks that these users must perform and include the permission set within permission set groups based on job roles.