All About Permission Sets and Permission Set Group

 


What is Permission Sets?

Permission set is a way to give a user access permission to various tools and functions, Salesforce recommends permission sets as a way to manage user permissions because they do not change access settings on profiles.


What is Permission Sets Groups?

Permission set groups are collections of individual permission sets. They are a convenient way to group or bundle related permission sets, making access management easier for users who have several tasks or jobs that require different permissions at the user level.


User can have multiple Permission sets and permission set groups.


Best Practice:

  1. When possible, assign users the Minimum Access (OWD, Profile level), and then use permission sets and permission set groups to grant users only the permissions that they require.
  2. Create a muting permission set to remove permissions from a permission set group while keeping the included permission sets intact. There is no need to build almost similar permission sets with only a few permissions deleted.
  3. Use proper naming conventions to accurately identify the contents of each permission set.


Example of when you can create permission sets:


Example1: 

We want to provide delete access of lead to one user. And the profile of that user do not have the access to delete lead record.
Solution: 

Create a permission set and give the delete lead record access and assign the user to permission set. If a permission isn’t enabled in a profile but is enabled in a permission set, users with that profile and permission set have the permission.


Example2: 

If there is a task or job that only a few people should undertake, regardless of their profile, and in order to complete that work or job, users require more access than they have at the profile level.

Solution:

Create permission sets that include all of the permissions required for a specific job or task. If different user perform some of the same tasks, we can reuse those permission sets by bundling those permission sets into permission sets group. If a user has more such common tasks with other users then we can assign them multiple permission set groups.


Example3:

If job or task is short-term and after the end date crosses we need to remove the assigned user from permission set automatically.
Solution:
While managing the user assignment, we can provide the expiration date and timezone, such as 1 day, 1 week, or any other date.

Comments

Post a Comment

Popular posts from this blog

How to Add a Dynamic Child List to Parent in Apex Class || Trigger using map

Last Updated: 13-01-2024 Map<parentId, List<child>>  Code without comments Map<id, List<object>> parentIdAndChildRecordsMap = new Map<id, List<object>>(); for(object childRecord : Trigger) { if(parentIdAndChildRecordsMap.containsKey(childRecord.parentId__c)) { parentIdAndChildRecordsMap.get(childRecord.parentId__c).add(childRecord); } else { parentIdAndChildRecordsMap.put( childRecord.parentId__c, new List<object>{childRecord} ); } } Code with comments // Define a map to store parent IDs and their associated child records Map<id, List<object>> parentIdAndChildRecordsMap = new Map<id, List<object>>(); // Iterate through each object in the Trigger context (likely a trigger context variable) for(object childRecord : Trigger) { // Check if the map already contains the parent ID if(parentIdAndChildRecordsMap.containsKey(childRecord.parentId__c)) { // Parent ID found, so add the child record to the existin
Read more

A - Z Guide to Using the Wire Decorator in LWC Salesforce

Image
Certainly! In Salesforce Lightning Web Components, the "wire service" is a feature that brings data to your component. Imagine this data as a never-ending river of information, and each piece of information in this river is like an updated version of the one before it. What's special is that once you receive a piece of data, it's like taking a snapshot in time; you can't change it. Instead, as new data becomes available, it replaces the previous one in the stream. This way, your component always has the latest and most up-to-date information without you having to constantly ask for updates. It's like having a continuous flow of fresh data at your fingertips. Syntax // Wire to a property @wire (methodName, {parameterName: '$value'}) result; // Wire to a function @wire (methodName, {parameterName : value}) callbackFtn(result) { const {data, error} = result; if(data) { // Add logic }   else if(error) {} } When you should use wire to function when
Read more

(Salesforce Apex 2024 Release) getSalesforceBaseUrl method is deprecated

Image
  The getSalesforceBaseUrl() method is no longer available and deprecated in API versions 59.0 and beyond. Alternatively, use getCurrentRequestUrl() to obtain the URL of a complete request on a Salesforce instance, or getOrgDomainUrl() to obtain your organization's URL. A compilation error occurs when the deprecated method in API version 59.0 and later is attempted to be used. System.debug(URL.getOrgDomainUrl());
Read more