Baking Your User Access Layer Cake
Summary
This article uses a creative layer cake metaphor to explain how to manage user access in Salesforce by defining personas, which act as recipes combining permissions for different user roles. It highlights how personas, though not a native Salesforce feature, help organize and simplify permission assignments beyond traditional profiles. With the introduction of User Access Policies in Summer '24, admins can automate permission set assignments declaratively, streamlining user management and moving toward a minimized-profiles setup. The metaphor frames User Access Policies as the kitchen tools that bake these layered permission cakes with ease. Salesforce teams can adopt this approach to structure permissions thoughtfully and utilize User Access Policies for efficient, automated user access control.
Takeaways
- Use personas as conceptual recipes for combining user permissions effectively.
- Map personas one-to-one with job categories for clearer access design.
- Leverage User Access Policies to automate permission set assignments.
- Minimize reliance on profiles by shifting to permission sets and policies.
- Avoid manual user setup flowcharts by implementing declarative policies.
In part one of [what has become] a series, I used a layer cake metaphor to explain licenses, profiles, and permission sets. If I'm going to really embrace that metaphor ( And I am!) , then it's time to write about how to bake that cake. Personas are Recipes To torture my layer cake metaphor: Personas are the recipes for how we build out a user's permissions layer cake. Personas are not actually a technical feature of Salesforce. You can search the Setup tree all you want but—at least as of this writing— there is nothing there for "persona." Nonetheless, personas are a useful way to organize your thinking about what you need for each user. Product design—particularly software design—is often based around the personas of the different kinds of users that might interact with a product or service. Your Salesforce implementation is no different in that regard.