Salesforce permissions remain a prominent and consistently discussed aspect, irrespective of the method employed for their allocation. Salesforce excels in providing diverse options to manage access, adhering to the principle of least privilege.
In this article, we will explore the utility of Salesforce permission sets, emphasizing their significance in an administrator’s toolkit. Additionally, we’ll share insights into optimizing the use of related permission set features within the Salesforce ecosystem and beyond.
Why Focus On Permission Sets?
The essence lies in meticulous control. While each user must have a singular profile, true versatility comes into play with permissions. Salesforce offers a way to tailor access by introducing roles and responsibilities, allowing for a customized blend of permissions. This is where permission sets come into play.
Consider the example of a marketing team. The fundamental access can be encapsulated in a marketing user profile initially. However, various divisions within the team may bear distinct responsibilities. For instance, a Marketing Operations permission set might grant enhanced access for troubleshooting, a privilege unnecessary for colleagues in the product marketing team.
It’s worth noting that Salesforce announced the retirement of permissions on profiles in the Spring ’26 release earlier this year. The forthcoming changes mean that only a few elements, such as page layout assignments, will continue to be regulated by profiles. It’s crucial to strategize and prepare for this transition.
Difference Between Permission Sets and Permission Set Groups
Certainly, you could create a permission set group tailored to the requirements of a specific job function or persona, such as the marketing team. This group would essentially encapsulate multiple permission sets, providing a convenient and comprehensive way to manage access for individuals within that team.
Make The Most Out Of Salesforce Permission Sets
Having briefly revisited the reasons behind our actions, let’s delve into optimizing the use of existing resources to streamline and expedite the process of analyzing, updating, and assigning permission sets, ensuring efficiency and effectiveness.
1. Release Notes Are Your Ally:
Like any other Salesforce functionality, changes to permission sets, permission set groups, and associated features are documented in the release notes. Although it might seem like a lot to go through given the numerous updates across various clouds, staying informed about these changes is crucial to keeping abreast of future developments and understanding their potential impact on your or your users’ daily tasks once the release is deployed in production environments.
The Winter ’24 Salesforce Release Notes, as demonstrated below, are brimming with updates related to permissions – each designed to enhance your efficiency when working with them. You can review all of these updates in detail here.
2. View Summary (Beta):
Until now, the time required to analyze permissions within a permission set could vary based on the set’s complexity. However, with the Winter ’24 release, this analysis has become significantly more straightforward. The new View Summary button, currently in beta, allows users to obtain a comprehensive overview of the selected permission set with just a click. This summary includes details such as permission set group associations, app and system permissions, and individual field permissions categorized by the associated object.
3. Permissions Don’t Have To Be Forever:
Prior to the introduction of this functionality, there were instances where setting a reminder was necessary to revoke specific permission sets from a user. Since this feature entered beta a couple of years back, I’ve consistently taken advantage of it when required.
By default, permission sets lacked an expiration date. However, navigating to the Manage Assignment page from a permission set now enables you to specify an expiry date during the assignment process. This can include choosing from predefined options or setting a custom date for one or multiple users. Notably, the expiry date can be highly precise, allowing you to even select the user’s timezone.
4. Enable Permissions Upon Field or User Creation:
In recent updates, the User Management Settings page in Setup has introduced additional options related to permission sets. It’s worth exploring these options if you haven’t already.
The days of creating new fields directly in production are likely behind us. With field-level security for permission sets, whether during field creation in a sandbox or a field-level security update, the process of navigating to multiple permission sets and adding new or existing fields becomes significantly more efficient. This is particularly valuable when dealing with the creation and deployment of multiple fields across various objects. The need to manually go back to every permission set and each object’s settings to check a box, and then repeat the process, is no longer necessary.
User access policies, found in both Enterprise and Unlimited editions, enable admins to swiftly establish criteria-based automation. This ensures that users promptly receive precise permissions tailored to their needs. This functionality facilitates the granting or revoking of permission sets, permission set licenses, permission set groups, and queue or group memberships during user creation, updates, or both, making it easily configurable by any administrator.
5. Select All… Or Don’t:
In the Winter ’24 updates, there are numerous features to explore, and it’s expected that some will become favorites among users. One particularly overdue enhancement is the built-in capability to easily select and deselect all fields when editing field-level security in a permission set.
Previously, users might have relied on Chrome extensions to achieve this functionality. However, with the latest update, that workaround is no longer necessary. This improvement is especially valuable during cleanup tasks, as it eliminates the need to manually uncheck every individual field, ultimately saving a significant amount of time.
6. Why Duplicate Permissions Sets Just for a Field?
As previously mentioned, permission set groups are designed to consolidate permission sets, typically those required by specific roles or personas. However, there are instances where multiple personas necessitate similar access to an object, with minor distinctions.
In such scenarios, it is feasible to selectively modify permissions within the group without resorting to duplicating the permission set solely for those adjustments. This implies that you can reuse permission sets with more extensive access and tailor them within a particular group by employing a muting permission set.
7. Don’t Forget the Audit Trail:
In an organization with several administrators implementing changes, keeping a record of permission modifications is crucial. This record becomes particularly useful when monitoring which permissions were activated, deactivated, or assigned. Moreover, in instances where users report a loss of permissions, the Setup Audit Trail Setup page serves as a primary resource for investigation.
Within this page, changes made in the past six months can be downloaded for review. Specifically, for permission sets and permission set groups, administrators can track the addition or removal of these sets from users. Additionally, detailed information is available on when individual permissions were enabled or disabled, offering a comprehensive overview of user access changes and facilitating efficient troubleshooting.
8. Make Your Navigation Easier:
When making edits to permission sets or permission set groups, you may have come across a handy search bar located in the top left corner of the page. If you haven’t used it yet, get ready for a game-changing feature.
This search bar allows you to quickly find specific items by entering keywords or object names. However, it’s worth noting that if your organization has more than 500 custom objects, you might need to navigate manually to the object settings, whether it’s a standard or custom object, in order to modify permissions for it.
While not an inherent Salesforce feature, it’s crucial to highlight the Salesforce Inspector reloaded browser extension when considering permission assignment and navigation. The extension is noteworthy for its versatile functionalities, and among them, the spotlight is on the two buttons visible during user searches for names, emails, usernames, or aliases in the side panel. Clicking either of these buttons seamlessly redirects users to the corresponding permission set or permission set group assignment page.
Summary
Although the possibilities are extensive, here are some key tips and functionalities to keep in mind when dealing with Salesforce permission sets, irrespective of the user count or company scale.
Feel free to drop your favorite suggestions in the comments below!
Could you write more about Permission Set Groups? BTW nice content!