Permission Sets in Salesforce Step-by-Step

Permission Sets in Salesforce Step-by-Step

On May 10, 2023, Posted by , In Admin,Admin Tutorial,Salesforce Admin, With Comments Off on Permission Sets in Salesforce Step-by-Step
Permission Sets in Salesforce

What are Permission Sets?

In Salesforce, the concepts of Profiles and Permission Sets are crucial, yet they can often be perplexing. This article will delve into Permission Sets, followed by an exploration of Profile Sets.

Permission Sets, also known as Object Level Security in Salesforce, are collections of permissions and settings designated for users or clients. These sets define the extent of their access to various tools, functions, services, and resources available on the platform.

Read more: Loops in Salesforce Apex

To understand Permission Sets better, consider the following key points:

  • The hierarchy in permission sets follows the order: Object -> Field -> Record.
  • Users can have their functional access expanded through permission sets without any changes to their profiles.
  • Depending on the Salesforce edition in use, multiple permission sets can be assigned to users or clients, regardless of their profiles.
  • Permission sets enable users or clients to perform various operations such as creating and modifying permission sets, managing application and system settings, enabling custom permissions, and searching through permission sets.

Read more: What are Page layouts in Salesforce and how to create Page layouts?

Granting permission sets to users or clients can be done in two ways:

  1. To provide access to specific apps or custom objects.
  2. To grant permissions to certain fields either permanently or temporarily.

Permission sets are additive in nature, meaning they can only grant permissions and not revoke them. To revoke access, the AppExchange application Permissioner can be used, which allows for the granting and removal of permission sets to multiple users simultaneously.

Read more: record types in Salesforce.

The steps for creating Permission Sets are as follows:

  1. Navigate to the Setup tab, then to Permission Sets under the Manage Users section.
  2. Click on the New tab and fill in the required details.
  3. Select the license types for the users of the permission set.
  4. Click Save.

Permission Sets in Salesforce can be categorized into different types:

  • Custom Permission Set: Allows admins to create custom permission sets based on user actions.
  • Integration Permission Set: Limited to certain permission types depending on the use case for integration.
  • Managed Permission Set: Install packages from managed packages with the package namespace.
  • Session-based Permission Set: Grants functional access based on the designated session type.
  • Standard Permission Set: Provides standard permissions for roles associated with a permission set license.

Permission sets are used in Salesforce to improvise additional permissions on top of existing profiles. You can use them to override permissions defined at the profile level. For example, they can enable a user or multiple users to access an object or a field that is inaccessible according to their assigned profiles.

Previous article, Validation Rules in Salesforce explains about Validation Rules.

How to Create, View and Manager Permission Sets?

Let’s take an example where we want to give create and read access to an object for the time being to a certain set of users. We can use a permission set for this task instead of modifying the profile itself. 

Checkout: DML statements in Salesforce

To start with this process, search for Permission Sets and select the “New” option shown there.

Here, give the permission set a name and select the required license and save it. It leads you to a page where you can change the settings to reflect the permissions you wish to give to the users. 

Read more: Methods – Salesforce Apex

Now, you can change the permission given to the user for accessing objects through Object Settings listed under Apps in the details page.

In this example, we’ll give Read and Create access to Contacts object through the permission set. 

Next, click the “Manage Assignment” button to start assigning this permission set to relevant users. 

Choose “Add Assignments” and select the users you want to add to the permission set on this page. 

Read more: String methods in Salesforce apex

Alternatively, you can go to the Users pane on Salesforce, select the user, and add/remove the permission sets assigned to them through its display. 

You can test its behavior by logging in as a relevant user on Salesforce.

Next article, Roles in Salesforce explains about Roles.

What is a Profile Set?

In Salesforce, a Profile Set is a collection of settings and permissions that define what a user can do within the platform. Profiles are used to manage object-level permissions, field-level security, user permissions, tab settings, app settings, and more. They act as a template that can be applied to multiple users, ensuring that users with similar roles and responsibilities have consistent access and permissions across the organization.

Read more: SOQL Query in Salesforce

Profile Sets allow administrators to efficiently manage and organize user permissions by grouping profiles with similar characteristics or requirements. This simplification makes it easier to update permissions for a group of users simultaneously, rather than having to update each profile individually. For example, a Profile Set could be created for all sales representatives, encompassing profiles that grant access to the necessary objects, fields, and apps required for their role.

An example of a Profile Set in Salesforce could be a “Sales Team Profile Set” that includes profiles like “Sales Manager,” “Sales Representative,” and “Sales Support.” Each of these profiles would have access to the Leads, Opportunities, and Accounts objects, but with varying levels of access and permissions based on their specific role within the sales team. This Profile Set ensures that all members of the sales team have appropriate access to the tools and information they need to perform their duties effectively.

Read more: database methods in Salesforce

Difference between Permission Set and Profile Set?

Permission SetsProfile Sets
Permission Sets are designed to grant additional permissions to users on top of what their profiles provide. They are used to extend user access without modifying the underlying profile. This makes Permission Sets flexible and versatile, as they can be assigned to users across different profiles to grant specific permissions as needed.Profile Sets (assuming this refers to Profiles), on the other hand, are the foundation of user access and permissions in Salesforce. A Profile defines the baseline access level for a user, including object-level permissions, field-level security, and access to applications, tabs, and classes. Profiles are more static and serve as the primary means of controlling user access.
Permission Sets offer a high degree of flexibility and granularity. They allow administrators to tailor user access by adding specific permissions to individual users or groups of users without altering their profiles. This is particularly useful in scenarios where users with the same profile need different levels of access to certain objects or features.Profiles are less flexible in comparison. While they provide a comprehensive set of permissions for users, any changes made to a profile affect all users assigned to that profile. This can be limiting when only a subset of users requires additional permissions.
Permission Sets are ideal for use cases where temporary or additional access is required. For example, if a group of users needs temporary access to a custom object for a specific project, a Permission Set can be created and assigned to those users without altering their profiles.Profiles are used to define the standard access level for users within an organization. For example, a Sales Profile might be created to provide access to leads, opportunities, and sales reports, while a Service Profile might be created for users who need access to cases and service-related features.

Frequently Asked Questions (FAQs)

Can you explain how Permission Sets differ from Profiles in Salesforce and provide a scenario where you would use a Permission Set instead of a Profile?

In Salesforce, both Permission Sets and Profiles are used to manage user permissions, but they serve different purposes and have distinct characteristics. As a Salesforce professional, I understand that Profiles are the foundational layer of user permissions, defining the baseline access level for users, including object-level permissions, field-level security, and page layout assignments. Profiles are mandatory for every user and determine what they can see and do within the Salesforce org.

Read more about formula fields in Salesforce. This tutorial covers everything you need to know to master formula fields and enhance your Salesforce expertise.

On the other hand, Permission Sets are more flexible and granular, allowing me to extend a user’s permissions beyond their Profile without altering the Profile itself. This is particularly useful in scenarios where a group of users share a common Profile but require additional permissions for specific tasks or projects. For example, if I have a group of sales representatives who all have the standard “Sales Profile,” but a few of them need access to a custom object related to a special project, I can create a Permission Set granting access to that object and assign it only to those specific users. This way, I can tailor permissions to individual needs without creating multiple Profiles, which can be cumbersome to manage.

In my experience, using Permission Sets in conjunction with Profiles provides a more flexible and scalable approach to managing permissions in Salesforce. It allows for easier adjustments and additions of permissions as business needs evolve, without the need to overhaul existing Profiles. Additionally, Permission Sets can be easily assigned and unassigned to users, making it convenient to manage temporary access requirements, such as granting audit rights or access to a new feature for testing purposes. Overall, while Profiles lay the groundwork for user permissions, Permission Sets offer the adaptability needed to address specific and changing requirements in a Salesforce org.

Describe a situation where you had to use a combination of Permission Sets and Profiles to meet complex security requirements in Salesforce. How did you approach the problem?

In my role as a Salesforce administrator, I’ve encountered situations where the combination of Permission Sets and Profiles was essential to meet complex security requirements. One particular scenario that stands out involved a project where we had to provide different levels of access to a custom object for various teams within the organization. The challenge was to maintain a clear separation of duties while ensuring that each team had the necessary permissions to perform their tasks efficiently.

Read more: Types of relationships in Salesforce

To tackle this challenge, I started by defining a baseline Profile for all users, which included standard permissions for common objects and functionalities that everyone needed. This Profile served as the foundation, ensuring that every user had the basic access required for their day-to-day operations. However, the intricacies of the project demanded more nuanced control over permissions, especially regarding the custom object.

This is where Permission Sets came into play. I created multiple Permission Sets, each tailored to the specific needs of different teams. For example, one Permission Set granted read and write access to the custom object for the project management team, enabling them to update project statuses and assign tasks. Another Permission Set provided read-only access to the same object for the finance team, allowing them to view project budgets and expenses without the ability to make changes.

By leveraging both Profiles and Permission Sets, I was able to construct a robust security model that addressed the complex requirements of the project. The Profile ensured a consistent baseline of access, while the Permission Sets provided the flexibility to fine-tune permissions for different user groups. This approach not only streamlined user access management but also reinforced the principle of least privilege, minimizing security risks by granting users only the permissions necessary for their roles.

How do you manage and deploy Permission Sets in a Salesforce org with multiple environments, and what best practices do you follow to ensure consistency and security across environments?

Managing and deploying Permission Sets in a Salesforce org with multiple environments is a critical aspect of maintaining a secure and consistent configuration across development, testing, and production environments. In my experience, one of the key practices I follow is the use of a version control system, such as Git, to track changes to Permission Sets. This allows me to maintain a history of modifications and easily deploy changes from one environment to another.

Read our Free tutorials on Salesforce Admin, Developer(Apex) and LWC.

When deploying Permission Sets, I use Salesforce’s Metadata API or change sets to ensure that the configurations are accurately transferred. Before deployment, I conduct thorough testing in a sandbox environment to verify that the Permission Sets function as intended and do not introduce any security vulnerabilities. This step is crucial to prevent any disruptions or unintended access issues in the production environment.

Read more: SOSL in Salesforce

Moreover, I adhere to a principle of least privilege when managing Permission Sets. This means I grant only the necessary permissions for a user to perform their job functions, reducing the risk of data breaches or unauthorized access. Regular audits and reviews of Permission Sets are part of my routine to ensure that they remain aligned with the evolving needs of the organization and comply with security best practices. By following these strategies, I can effectively manage and deploy Permission Sets, ensuring a secure and efficient Salesforce environment.

Read more: Database methods in Salesforce Apex

Comments are closed.