Salesforce FAQs

Why Permission Sets over Profiles?

Flexibility

Permission sets provide a more granular level of access control compared to profiles, enabling you to give users access to specific features, objects, and fields as needed.


Simplicity

Permission sets are easier to manage and update than profiles because they can be assigned to multiple users, making it easier to maintain and update access controls for various groups of users.


Security

By using permission sets, you can provide users with only the access they need, reducing the risk of unauthorized access to sensitive data.


Delegated Administration

Permission sets allow for delegated administration, enabling designated users to manage access for specific groups of users without requiring them to have full administrative privileges.


Collaboration

Permission sets can be used to enable collaboration between teams by providing access to shared data and features, without requiring all team members to have the same profile or access level.


Granularity

Permission sets allow for more granular access control compared to profiles, which can only provide general access to objects and fields.


Efficiency

Using permission sets can save time and reduce errors by enabling you to assign permissions to multiple users at once, rather than updating each user's profile individually.


Customization

Permission sets can be customized for specific use cases, making it easier to control access for unique business processes and scenarios. This includes Data Category visibility and Custom Permissions.


Compliance

Permission sets provide a way to enforce compliance by limiting access to data and features based on user roles, ensuring that sensitive data is only accessible to authorized users.

What are Custom Permissions?

About

Custom permissions are metadata elements within Salesforce that you can assign to a permission set or profile. You are able to see if a user has this custom permission leveraging Apex, Lightning Web Components, Flows, Audiences (Experience Cloud Builder) and Validation Rules.  This can allow an application to behave differently based on these flags.


Benefits

Granular Control

Custom permissions can provide a level of granular control over user access that is not possible with profiles or permission sets alone. By associating custom permissions with permission sets, you can control access to specific actions or data at a very detailed level, allowing you to fine-tune access for different user roles and responsibilities.


Flexibility

Custom permissions can be used to grant access to specific actions or data across different objects and record types, which makes them a very flexible tool for managing user access. When used alongside permission sets, custom permissions can be combined in various ways to create complex access scenarios, giving you the ability to grant or restrict access as needed.


Security

Custom permissions can be used to create additional layers of security around sensitive data or actions. By associating custom permissions with permission sets, you can ensure that only users with the appropriate permissions can access specific data or actions, which can help to prevent unauthorized access or data breaches.


Maintenance

Using custom permissions alongside permission sets can make it easier to maintain your organization's security model over time. By creating custom permissions for specific actions or data, you can easily add or remove permissions as needed, without having to modify existing profiles or permission sets.


Reporting

Custom permissions can be used to create custom reports and dashboards that provide insight into user access and activity. By associating custom permissions with permission sets, you can track and analyze user access to specific data or actions, which can help you identify potential security risks and take proactive measures to mitigate them.

Permission Set vs Permission Set Groups

Simplified Management

One of the main advantages of using permission set groups is that they allow for simplified management of user access. Rather than assigning individual permission sets to each user, permission set groups can be assigned to a group of users, making it easier to manage and track access across different teams or roles.


Enhanced Flexibility

Permission set groups provide enhanced flexibility over individual permission sets. Rather than assigning a single permission set to each user, permission set groups allow you to combine multiple permission sets into a single group. This makes it easier to create complex access scenarios and tailor access to specific roles or departments.


Streamlined Onboarding

Permission set groups can be particularly useful when onboarding new users or managing user access during mergers or acquisitions. By creating permission set groups that map to specific roles or departments, you can ensure that new users have access to the right features and data from day one.


Simplified Auditing

Permission set groups can simplify the process of auditing user access and ensuring that access is properly aligned with business requirements. By grouping permission sets into specific roles or departments, you can easily track and report on access across different teams, making it easier to identify and resolve any access issues that may arise.


Improved Security

Finally, permission set groups can help improve security by providing enhanced control over user access. By grouping permission sets into specific roles or departments, you can ensure that access is properly aligned with business requirements and that sensitive data is properly protected.

Permission Overview App Best Practices

At least one permission set group per user

Every user should be assigned at least one permission set group within Salesforce.  This will allow easier distribution of the permission sets as your company grows and rules within the business change. Having this thought will help lead your company towards the right direction when it comes to security management.

Contact and User Asynchronous Sycnhronization

The app is triggered off of updates to the user object within Salesforce. This requires a field to change on the user to trigger the rule for the real time situation. In order to do that, you might need to create an asynchronous update from the contact field changes to the user record. You would need to either update this leveraging a future method, queueable action, or through platform events. Our recommendation would be with either the future method or queueable action. Reach out to us if you need help architecting it.

Public Groups and External Users

If you have a Salesforce community, you know the pains when it comes to sharing the correct users out correctly. I recommend putting all your users who access your site to be in one public group. Might make sense to have all administrator or super users of your website to also be added to their own public group. This allows you to share records, reports, and dashboards to those users in the group.