Custom Permissions : Way to control user access to different functionality in Salesforce

Problem Statement

There is a very common scenario in which admin has to configure different validation rules, workflow rules which fires based on User Id or Profile Id.

Consider below mentioned scenarios:

• Position (Custom Object) records can be closed by user belonging to specific profile.
• You have created a VF page where you display specific section to users based on profile. 

In both scenarios, you have to check for profile Id in validation rule as well as in VF (to rendered specific section).

Now after some time if you have to enable the above mentioned functionality to new profile or to specific user then, you have to modify the validation rule as well as your VF page code.

Solution

You can use custom permission for these kind of scenarios.

Custom permission is just a record which can be referenced in validation rule, workflow rules, VF, Apex etc. You can assign custom permission to profile or permission set (similar way in which we assign VF page and Apex class).

Now you can check custom permission in validation rules and VF by using global $Permission variable.

Steps to use custom permission and use as per above scenario:

• Create custom permission (Navigate to Set Up--> Develop--> Custom Permissions).
• Create new custom permission.

• Add custom permission to profile or permission set(navigate to Enable custom permission section).

• Modify the validation rule to and VF to refer custom permission instead of profile id.

So custom permission help us to control different functionality in salesforce to different users. If you have to enable functionality for single user then add custom permission to permission set and then add that permission set to user.

Alternate Approach

All admins/developers were using custom setting to control functionality for different users but after launch of custom permission, jobs of developer or admin will be easy.

Custom Permission in Apex

You can use below static method to find out list of user who have permission for custom permission:

public static List<User> findUsersWithCustomPermission(String customPermissionname)

{

    List<user> userList = new List<User>();

Set<Id> permissionSetIds = new Set<Id>();

    for (SetupEntityAccess access : [ SELECT ParentId FROM SetupEntityAccess 

WHERE SetupEntityId IN ( SELECT Id FROM CustomPermission 

            WHERE DeveloperName = :name)]) {

        permissionSetIds.add(access.ParentId);

    }

if(permissionSetIds.size()>0){

userList = [SELECT Username FROM User 

WHERE Id IN (SELECT AssigneeId FROM PermissionSetAssignment

WHERE PermissionSetId IN :permissionSetIds)];

}

    return userList;

}

Hope this will help!!!