What is a permission set?
Permission sets are optionally assigned to a user to grant them privileges in addition to their profile.
Why use permission sets?
Using permission sets effectively can help you reduce the number of profiles needed in your Salesforce org, which can dramatically reduce administrative overhead in some scenarios.
When is the use of permission sets appropriate?
Use the profile to set the foundation for a user’s privileges. Then use permission sets to grant additional privileges for one-off cases, or instances where the same set of privileges must be granted for users that are assigned to different profiles (e.g. providing access to a 3rd party application shared by several departments).
I’ve defined a custom profile “Inside Sales Rep” which does not have the ability to delete leads.
However, I would like to grant one inside sales user “Jane Doe” the ability to delete leads.
|Jane Doe||Inside Sales Rep||Yes|
|Inside Sales Team||Inside Sales Rep||No|
Instead of creating a custom profile just for Jane, I’ve created a permission set called “Delete Leads”:
I add that permission set to Jane Doe’s user record:
Jane now has the ability to delete leads, while other inside sales team members will not. And I’ve accomplished this without creating another profile to maintain.
Your organization has recently built an application in Salesforce to track job applicants. Each department will have several users that will be provided access to manage their department’s career postings.
Using just profiles, you would need to create a new profile for each user that needed access to the application (cloning the existing assigned profile and then adding the required privileges). Instead, you could create a single permission set that grants the appropriate privileges and grant that permission set to each user as needed.
- Permission sets can only grant (not revoke) privileges.
- Permission sets are optional, and a user can be assigned more than 1 permission set (a user is assigned zero to many permission sets).
- The profile controls some elements (e.g. page layout assignment) that a permission set cannot influence.