Monday, December 25, 2017

Custom Permissions : Way to control user access to different functionality in Salesforce

Problem Statement

There is a very common scenario in which admin has to configure different validation rules, workflow rules which fires based on User Id or Profile Id.

Consider below mentioned scenarios:
  • Position (Custom Object) records can be closed by user belonging to specific profile.
  • You have created a VF page where you display specific section to users based on profile. 

In both scenarios, you have to check for profile Id in validation rule as well as in VF (to rendered specific section).





Now after some time if you have to enable the above mentioned functionality to new profile or to specific user then, you have to modify the validation rule as well as your VF page code.

Solution

You can use custom permission for these kind of scenarios.

Custom permission is just a record which can be referenced in validation rule, workflow rules, VF, Apex etc. You can assign custom permission to profile or permission set (similar way in which we assign VF page and Apex class).

Now you can check custom permission in validation rules and VF by using global $Permission variable.

Steps to use custom permission and use as per above scenario:
  • Create custom permission (Navigate to Set Up--> Develop--> Custom Permissions).
  • Create new custom permission.

  • Add custom permission to profile or permission set(navigate to Enable custom permission section).

  • Modify the validation rule to and VF to refer custom permission instead of profile id.



So custom permission help us to control different functionality in salesforce to different users. If you have to enable functionality for single user then add custom permission to permission set and then add that permission set to user.

Alternate Approach

All admins/developers were using custom setting to control functionality for different users but after launch of custom permission, jobs of developer or admin will be easy.

Custom Permission in Apex

You can use below static method to find out list of user who have permission for custom setting:


public static List<User> findUsersWithCustomPermission(String customPermissionname)
{
    List<user> userList = new List<User>();
Set<Id> permissionSetIds = new Set<Id>();
    for (SetupEntityAccess access : [ SELECT ParentId FROM SetupEntityAccess 
WHERE SetupEntityId IN ( SELECT Id FROM CustomPermission 
            WHERE DeveloperName = :name)]) {
        permissionSetIds.add(access.ParentId);
    }
if(permissionSetIds.size()>0){
userList = [SELECT Username FROM User 
WHERE Id IN (SELECT AssigneeId FROM PermissionSetAssignment
WHERE PermissionSetId IN :permissionSetIds)];
}
    return userList;
}

Hope this will help!!!

7 comments:

  1. You made some decent factors there. I looked on the internet for the difficulty and found most individuals will associate with along with your website.
    Logistic ERP
    Transport ERP
    Manufacturing ERP
    ERP software companies
    Best ERP software
    ERP for the manufacturing industry

    ReplyDelete
  2. Great article. This information is impressive. I am inspired with your post. I hope you post again soon. Your post is very helpful for me.....

    Best Training Institute in chennai

    ReplyDelete
  3. The Car featured content undergoes a thorough review process to ensure that it meets the highest standards in order to serve as the best car spare parts and fit the goals.

    Car Accessories in OMR

    ReplyDelete
  4. Hi,
    Thanks for your Blogpost. However I'm a bit confused. In the beginning of the article you write custom permissions can be added to profiles or permission sets. In the end you show some coding that will list all users with a specific custom permission, but only if that permission is linked to a permission set. This code neglects the custom permissions linked directly to a profile and the users associated with it.
    Can you please clarify how to get these users as well?

    ReplyDelete
  5. Amazing post.Thanks for your details and explanations..I want more information from your side.Thank you
    Education erp software in chennai

    ReplyDelete
  6. Everything is good with Custom Permissions except the fact that SOQL that we use to check the permission access costs us and we cannot see all the permissions associated to profiles or permission sets in a single view with Standard functionality.

    Brahma

    ReplyDelete
  7. Amazing Article ! I have bookmarked this article page as i received good information from this. All the best for the upcoming articles. I will be waiting for your new articles. Thank You ! Kindly Visit Us @ Coimbatore Travels | Ooty Travels | Coimbatore Airport Taxi | Coimbatore taxi

    ReplyDelete