How I Do Perms
Summary
The article outlines a practical, persona-based framework for managing Salesforce user permissions using profiles, permission sets, and User Access Policies. It emphasizes minimizing profile complexity by using them mainly for defaults and leveraging permission sets for granular access. Custom persona fields on users help assign the right permissions dynamically through policies, simplifying ongoing permissions management. It also covers real-world challenges when migrating existing orgs to this model and stresses thorough testing and user coordination. Salesforce teams can build a scalable permissions model by adopting these layered strategies for clean, maintainable access control.
Takeaways
- Use profiles only for default settings like record types and page layouts.
- Build baseline and specialized permission sets following least privilege principles.
- Create a custom Persona picklist field on User to drive access via User Access Policies.
- Use User Access Policies to assign multiple permission sets based on persona criteria.
- Consolidate profiles and page layouts before creating minimal access profiles for personas.
Third in a series. In part one I used a layer cake metaphor to explain licenses, profiles, and permission sets. Part two used Personas as the recipe for which users get which access and User Access Policies as the tools to execute the recipe. Now we talk actually getting it done! Disclaimer here: I have not invented anything new. At best I've synthesized smart ideas from others and translated them into the context of organizations the size and capacity of my small nonprofit clients. Hat tip in particular to Mike Reynolds who has been presenting on his persona-based framework for user access for years. And to many others from whom I've learned tips and tricks. Step 1: Define Profiles Remember: the profile is the bottom layer of your cake. We're working to get to a world where profile is used to set essentially one thing: defaults.