Permission Sets/Profiles?

What are permission sets?

Do you have challenge of which profile to assign to which user or have lot of profiles? Salesforce has blessed admins with feature called as permissions sets. A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles.

If a permission isn’t enabled in a profile but is enabled in a permission set, users with that profile and permission set have the permission. They together define aggregate access.

Admins can use permission sets to grant access among logical groupings of users, regardless of their primary job function. They give flexibility over user permissions and access settings.

Example – you may like to give report access to only specific group of users. You can create a Report permission sets and use that.

Permission set Vs Profiles

Permission sets are just like profile and can determine what a user can do. Permission sets include some of the same permissions and settings you’ll find in profiles.

  • User permissions
  • Tab settings
  • Object permissions
  • App settings
  • Field level security
  • Apex class access
  • Visualforce page access

 

 Quick tips:

  • Create baseline using profiles.
  • Additional access without changing profile – use permission sets
  • You can assign only one profile to user but one or more or no permission sets
  • Identify types of users and define the access needed.
  • The Profile + Permission sets decides final access.
  • Make the permissions sets reusable based on functions or additional access request.
  • Always document the reason for existing permissions sets and discuss with other admins before you add new one.
  • Maintain right balance – do not create too many permission sets. Always take opportunity to review security
  • Use out of box  Remedyforce permission sets as they are upgradable. This is significant advantage with every Remedyforce release if you are using out of box permission sets they would be upgraded, reducing overhead for administrators
  • Login hours and page layout assignments are not available on permission sets

 

Remedyforce out of box permission sets

Permission set  Intended User
ServiceDesk Client Self Service client
ServiceDesk Staff Staff member
ServiceDesk Change Manager  Change users
ServiceDesk Release Coordinator · Release users
Remedyforce Administrator ·Admin staff/   System administrator

Assigning permission sets?

  1. Using Data loader

You will need User ID and the permission set ID, insert record into  table Permission set assignment

https://developer.salesforce.com/page/Data_Loader

  1. Using Pentaho user provisioning package

https://communities.bmc.com/docs/DOC-32288

  1. Using Permissioner – https://appexchange.salesforce.com/listingDetail?listingId=a0N30000008XYMlEAO
  1. Salesforce interface based on views

Setup > Permission set > Add Assignment (you can create views based on profiles etc)

  1. Manual from the user record

Setup > manage users > user record > assign permission set section

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s