Permission sets and Permission set groups have been slowly chipping away at Profiles to become the recommended way to manage permissions.
So in a turn that surprises no one, Salesforce team has now started working on enabling Record Type assignment via Permission Sets. We all knew this was under works, what I found interesting is how it could happen.
As per Cheryl Feldman from Salesforce product development team, the option to allocate record types to Permission Sets could show up in the record types page itself. Spicy!
What does it mean for you and me?
Permission set groups can no longer be ignored as just an option. This will need to be the default approach for managing permissions soon, just like Flow became the default from an automation planning point of view.
The transition will be easy if the knowledge on who need to do what is clearly documented somewhere for your org.
- Think of Permission Sets Groups as the group of requirements that is needed for a functionality as opposed to object specific or role specific.
- Start identifying the set of permission sets required by different users to do their work.
- Use this knowledge to create Permission set groups.
What should I be careful about?
Tracking Field Level Permissions
What worries me most are the field level permissions and how this can be tracked.
Having a solution for this could make the life of support users simple.
Permission creep
This is more of a governance problem than anything else. If a user requests as additional permission where should this be provided? Another permission set? How do we easily distinguish these ad-hoc permission sets from the more functionality oriented ones we have?
What do you think? Leave a Reply