What are permission sets?
Do you have challenge of which profile to assign to which user or have lot of profiles? Salesforce has blessed admins with feature called as permissions sets. A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles.
If a permission isn’t enabled in a profile but is enabled in a permission set, users with that profile and permission set have the permission. They together define aggregate access.
Admins can use permission sets to grant access among logical groupings of users, regardless of their primary job function. They give flexibility over user permissions and access settings.
Example – you may like to give report access to only specific group of users. You can create a Report permission sets and use that.
Permission set Vs Profiles
Permission sets are just like profile and can determine what a user can do. Permission sets include some of the same permissions and settings you’ll find in profiles.
- User permissions
- Tab settings
- Object permissions
- App settings
- Field level security
- Apex class access
- Visualforce page access
- Create baseline using profiles.
- Additional access without changing profile – use permission sets
- You can assign only one profile to user but one or more or no permission sets
- Identify types of users and define the access needed.
- The Profile + Permission sets decides final access.
- Make the permissions sets reusable based on functions or additional access request.
- Always document the reason for existing permissions sets and discuss with other admins before you add new one.
- Maintain right balance – do not create too many permission sets. Always take opportunity to review security
- Use out of box Remedyforce permission sets as they are upgradable. This is significant advantage with every Remedyforce release if you are using out of box permission sets they would be upgraded, reducing overhead for administrators
- Login hours and page layout assignments are not available on permission sets
Remedyforce out of box permission sets
|Permission set||Intended User|
|ServiceDesk Client||Self Service client|
|ServiceDesk Staff||Staff member|
|ServiceDesk Change Manager||Change users|
|ServiceDesk Release Coordinator||· Release users|
|Remedyforce Administrator||·Admin staff/ System administrator|
Assigning permission sets?
- Using Data loader
You will need User ID and the permission set ID, insert record into table Permission set assignment
- Using Pentaho user provisioning package
- Using Permissioner – https://appexchange.salesforce.com/listingDetail?listingId=a0N30000008XYMlEAO
- Salesforce interface based on views
Setup > Permission set > Add Assignment (you can create views based on profiles etc)
- Manual from the user record
Setup > manage users > user record > assign permission set section