Menu
New for the Salesforce Springโ20 release is Permission Set Groups. A feature intended to deliver value to the Admin, saving us time and making our lives easier.
The general principle is easy enough to understand; you can now bundle up any number of Permission Sets and assign them to Users en masse. Thereโs a great introduction post on them on Salesforce Ben by Bill Appleton, CTO of Metazoa.
Access and security is an essential part of the Admin toolbox. Yet itโs not an area you want to be meddling with on a daily basis. Itโs important that your settings and configurations are as stable as possible, as it is this stability that consequently improves security.
A common #AwesomeAdmin task is to update a User to be able to do X. Yet unpicking the access and permissions a User has can be a nightmare, and without careful planning itโs all too easy to fall into a situation where every User has a unique setup, which is difficult and time consuming to maintain.
When an Orgโs setup is failing to provide the flexibility to provide different Users with the permissions they need without opening up unnecessary access, then itโs time to review your setup.
Firstly, I always refamiliarise myself with the evergreen โWho Sees What?โ series on the Salesforce YouTube channel.
Then before getting into Salesforce, itโs always useful to create diagrams to define the setup youโre looking to support.ย
Begin with the groups of Users that exist in your company, an HR Org Chart can be a great place to start for this. There may be groups of staff who donโt use Salesforce – at least not currently. It can be a good idea to consider how you may support them down the line if asked!ย
However, weโre not necessarily looking to recreate the HR Org Chart. There will most likely be groups who are differentiated in the Org Chart yet require the same access in Salesforce. Amend the diagram to group people together who have the same base requirements of Salesforce. Youโll likely end up with something akin to this:
Until now it has followed that a good way to support these groups is to have a Profile for each and use Permission Sets to grant individuals within each group with additional functionality. Though if a number of people in a group require the same additions then you had a decision, manage them all separately assigning the multitude of Permissions to each User, or create another Profile bringing together the various Permissions to manage the Users together cohesively. Both approaches have detractions.
Now, Permission Set Groups provide a cleaner solution. For each subset of Users who have common additional needs you can create a Permission Set Group.
You can even go a step further. How different are the Profiles for your โbaseโ groups of Users? It may be possible to isolate the differences and bundle them into a Permission Set Group, enabling your Users to be supported on fewer Profiles.
Fewer Profiles is a good thing because any number of settings may be configured within them, and even if youโre organised enough to have them properly documented then maintaining them can become cumbersome, as Billโs Blog alluded to.
Permission Set Groups can help to reduce the number of Profiles in your Org by making it easier to manage your Permission Sets and their assignments.ย
This provides a cleaner set of mechanisms for managing Users, improving readability and understanding of access and permissions, empowering #AwesomeAdmin efficiency, increasing stability and therefore enhancing your Orgโs security.
I hope this helped shine a light on how best to take advantage of this new feature. If youโve got any questions or wish to discuss this further then Iโm regularly at the Bristol Admin User Group and I am on Twitter @ittooken.
Our independent tech team has been servicing enterprise clients for over 15 years from our HQ in Bristol, UK. Let’s see how we can work together and get the most out of your Salesforce implementation.
