TIP – User Management and Security-2

With permission sets, you grant individual access without globally changing profiles. Now that you know what these individual accesses are, you will learn how to create such a setting:

  1. Click on Setup under the gear icon, and in the Quick Find box, type permission sets.
  2. After clicking on this item, a list of available permission sets will open. There, you can also clone a permission set or create a new one.

If you want a completely fresh permset, click on the New button.

  1. Assign a name (label), API name, and description.
    Set Session Activation Required – when this option is enabled, the user must activate the session before gaining access to the permissions specified in this permission set. This means that the user must additionally confirm their identity (for example, through 2FA) to access the additional permissions contained in the permission set. This is useful when you want to increase the security of access to sensitive data or functions.
    Then, choose the license on which the permission set will operate.
  2. In the next step, choose the accesses and save the changes.

An interesting and quite new solution is permission set groups. This solution allows you to create groups of permission sets. In other words, we can create a permission set that allows access to specific objects and builds accessibility for certain user groups with them.

A crucial element is still the ability to grant appropriate permissions in access – so-called CRED permissions. It is an acronym for Create, Read, Edit, and Delete. You can grant these accesses in permission sets as well as in profiles.

Do you remember, as I mentioned at the beginning of this section, I am going to spoil it a little? Let me get to that topic. Quite recently, Salesforce announced that it will slowly phase out the functionality of profiles, and instead, will use permission sets. It is important to note that profiles will remain but will hold less data; only the following will remain:

  • Login hours/IP ranges
  • Record types and app assignments
  • Page layout assignments (old ones, not App Builder with Dynamic Forms)

And the rest of the permissions would go to permission sets. Salesforce dates this change to 2026. So, if you are reading this book in 2026, permission sets have already dominated Salesforce, and AI has not created Skynet, so we are safe (I hope so).

In the next section, I will introduce you to the secrets of sharing settings in org-wide defaults. I warmly invite you to it.

Write a Comment

Your email address will not be published. Required fields are marked *