Permission Set Groups Overview

on

Permission Set Groups Overview:


Introduction:

Permission set groups are used to bundle permission sets together based on users tasks they perform.

Users assigned the permission set group get the combined permissions of all permission sets in the group.

We can include a permission set in more than one permission set group.


When do I use permission set group instead of permission set?

Instead of assigning different permission sets, we can simply assign 1 to the user


Notes:

  • Partners can organize permissions into groups and include them in managed packages. Upgrade with updated permission when needed. 
  • We can assign a user to a permission-set group that has permission from a permission-set license. Just ensure that users assigned to the group are also assigned the associated permission set license(else will resume an assignment error.
  • We can include a session based permission set in a permission set group.


Considerations:

  • We can add up to 100 permission sets to permission set group
  • If org has many permission sets, using permission set group can help improve performance
  • If done during deployment phase, an update to permission set group triggers a recalculation instead add permission set and user assignment to permission set group in test phase which doesn't trigger a recalculation.


Conclusion:

Because of limitations the profile has, we assign a set of permission set to grant access as per requirement and these permission set assigned which are common for these profiles why not to group them to permission set group.

Assign this permission set group instead to these profile.


To search for all object permissions in a permission set group named 'ABC' :

SELECT SObjectType

FROM ObjectPermissions

WHERE Parent.PermissionSetGroup.DeveloperName = 'ABC'


Automated Permission Set Group Assignment


PermissionSetAssignment psassignment = new PermissionSetAssignment(

    PermissionSetGroupId = groupId,

    AssigneeId = userId);

insert psassignment;


Retrieve all users associated with a specific Permission Set like

SELECT Id, PermissionSetId, PermissionSet.Name, PermissionSet.ProfileId, PermissionSet.Profile.Name, AssigneeId, Assignee.Name FROM PermissionSetAssignment WHERE PermissionSet.Name = 'Custom PermissionSet Name'


Remove User Assignments in Permission Sets and Permission Set Groups

Permission required - Assign Permission Sets

Edit Permission Set:
Setup - in the Quick Find box - enter Permission Sets - select Permission Sets.

Edit Permission Set Group:
Setup - Quick Find box - enter Permission Set Groups - select Permission Set Groups.

In the list view - click the name of the permission set or permission set group name that you want to update. Remove the user - select Manage Assignment Expiration - Select the assignments to remove - To remove the selected assignments - click Remove Assignment icon - Click Remove.






Resource(s): https://developer.salesforce.com/


Visual : https://www.youtube.com/watch?v=Ez4xZXBy7dw




Comments

Post a Comment