The Salesforce Admin’s Guide to Profiles and Permissions
Summary
Managing user permissions in Salesforce has shifted towards a permission set-led model where profiles provide baseline user settings and permission sets with groups manage more granular access. This approach reduces complexity by minimizing the number of profiles and allows admins to assign flexible, reusable permission sets based on job tasks. Permission set groups enable bundling of permission sets with the added benefit of muting specific permissions, streamlining user access management. Adopting this strategy helps build scalable, auditable, and maintainable security models.
Takeaways
- Use profiles to define minimum baseline access for users.
- Employ permission sets to grant additional access based on user tasks.
- Assign multiple permission sets to users to avoid profile proliferation.
- Bundle permission sets into groups for efficient assignment and muting of permissions.
- Shift to a permission set-led security model for better scalability and maintenance.
User management is a huge responsibility to ensure the right people (both internal and external) have the right access. This includes creating and deactivating users, managing licenses, providing login access, understanding profiles, permission sets, and permission set groups, and troubleshooting user visibility issues. In fact, troubleshooting user management is something that admins everywhere report takes up the most time in their week! Historically, profiles handled a lot of user access in Salesforce. But in the past few years, Salesforce has moved to a permission set led model where profiles provide baseline settings, and permission sets and permission set groups handle most user access. What does that mean for admins everywhere who are updating their orgs to follow best practices? It’s rare that we get to start fresh in an empty org, building our profiles and permissions from scratch.