Mastering Salesforce Profiles and Permission Sets: The Present and the Future
In today's session, we're delving into the realm of Salesforce security, focusing on profiles and permission sets. Profiles used to be the primary method for defining user capabilities, covering both authentication and functional capabilities within Salesforce.
However, this approach became unwieldy as Salesforce evolved, leading to the proliferation of profiles. To address this challenge, Salesforce introduced permission sets. In this blog post, we'll explore the role of profiles and permission sets in Salesforce security, how they're currently used, and their future trajectory.
Displays initial Authentication and Authorization and the related Setup components. This is similar to getting initial access to a building.
Profiles and Their Role:
Profiles have traditionally been the cornerstone of user access control in Salesforce. Each user is assigned a single profile, which dictates their capabilities and access within the platform. Profiles control a range of settings, including:
This represents access and control to specific elements once a user has been authenticated.
Salesforce Elements
Page Layouts: These determine the user interface screens displayed to specific profiles.
Record Types: Profiles can be assigned to specific record types, tailoring the user experience.
Field-Level Security (FLS): Profiles define which fields users can see and edit.
Custom App Settings: They dictate which apps and tabs are visible or hidden by default.
Object-Level Access: Profiles specify the level of access (read, create, edit, delete) for standard and custom objects.
Platform Event Capabilities: Profiles control access to reading or creating platform events.
Session Settings: Profiles set session policies, including password policies, login hours, and IP ranges.
Custom Permissions: Profiles grant or deny custom permissions.
System Permissions: Profiles govern high-level administrative permissions.
Permission Sets and Their Emergence:
While profiles serve as the primary entry point for user access, permission sets have emerged to address the challenges of profile proliferation. Permission sets group sets of capabilities into a single entity that can be added to specific users. This approach supplements profiles and offers more flexibility. Permission sets allow:
Granular Access Control: Permission sets grant fine-grained access to apps, tabs, objects, fields, reports, and more.
Cross-License Assignment: Permission sets can be assigned across different user licenses.
Object Settings: They define object-level access and settings.
Platform Event Settings: Permission sets control access to platform events.
Custom App Settings: They specify app and tab permissions.
Apex Actions and Named Credentials: Permission sets grant access to these functionalities.
Org-Wide Email Address Access: Permission sets govern access to org-wide email addresses.
System Permissions: Some system-level permissions are now managed at the permission set level.
The Future of Profiles and Permission Sets:
Salesforce is moving towards a future where profiles will focus primarily on the initial entry-level access for users and certain default settings. Meanwhile, permission sets will become the primary repository for granting capabilities. The goal is to streamline profiles and make them lightweight, enabling access to users through a series of permission sets and permission set groups.
Key Takeaways:
Profiles have been the traditional method for controlling user access in Salesforce.
Permission sets have emerged to address profile proliferation and offer more granular access control.
Profiles will evolve to primarily manage initial entry-level access and some default settings.
Permission sets will become the primary means of granting specific capabilities.
Admins should start migrating towards using permission sets and keeping profiles as lightweight as possible.
Conclusion
As Salesforce continues to evolve, it's crucial to adapt to these changes and leverage the power of permission sets for more efficient and flexible user access control.
More to Come
Stay tuned for future updates in Salesforce security,
Stay tuned here on www.SteveTechArc.com and to the @SteveTechArc YouTube channel.
Helping change the world by sharing cool thoughts with fellow Architects and those on their Architect Journey!
STA 4.2
