Sunday, November 25, 2018

Custom Permissions

In Salesforce, many features require access checks that specify which users can access certain functions. Permission set and profiles settings include built-in access settings for many entities, like objects, fields, tabs, and Visualforce pages. However, permission sets and profiles don’t include access for some custom processes and apps.

Challenge 1 :
Suppose We have an object “Product Complaint” and it has filed like below,
1.      Status [Open/ Closed/ Other] è Pick list filed.
2.      Reason For Other è Text
Now create a validation rule so that if Status is selected as “Other” and if user was not entered any value for “Reason For Other” field, then an warning/error/validation message will be thrown as “Please enter reason to select other”.



Now our aim is that this validation rule will be fire for every users except the user belongs to System Admin profile. That mean user with system admin profile will able to save any PC record with status value as “Other” and no value in “Reason For Other” filed.


Solution:
1. Create a custom permission.











2. Assign it to System Admin Profile.


3. Update the validation rule.

Now user with System Admin profile can create PC record with “Other” status – without entering “Reason For Other” value. But other profile user will get the validation message.

Challenge 2 :
Now if we want this validation in user level i.e. some System Admin user will face this validation rule and some not.

Solution:
1. Remove “Custom Permission” form System Admin Profile.
2. Create a permission set (Named it same as custom permission).


3. Click on “Manage Assignments” button to assign the user who can use this permission set.
4. Now click on the “Custom Permissions” link to assign custom permission to “Permission Set”.


5. Now try to test the validation rule for 2 System Admin Users, one who is assigned in Permission Set and one who is not assigned.

Note: We can also use custom permission in VISUALFORCE page. Like some render condition.
Syntax  is look like below,
(Not($Permission. Can_Set_PC_Status_to_Other))
at

Permission Sets Concept.

1. Why Permission Set is used in Salesforce?
 
     In Salesforce each user should has one and only one profile. But there could be multiple users for a single profile. Now taking the above consideration check the below scenario :

     Suppose we have a Profile named as "My Custom Profile" and suppose this profile has only read permission on Account Object. Now there are 3 users (U1, U2, U3) have assigned to this profile.
So, as per above scenario all 3 users (U1, U2, U3) should have only read permission as their assigned profile has read permission on Account object.

Now, suppose there is a requirement that U2 can also perform create and edit operation on Account irrespective of it's profile permission (i.e. only read permission). So this the place where we can use Permission Set.



2. How to create and configure Permission Set for the above scenario?


  • Search "permission sets" under "Quick Find" box and click on "Permission Sets" link and it will open "Permission Sets" detail page.Now click on "New" button to create a new permission set. For example our permission set name is "My Custom Permission" and the screen like below screen,




  • Now open newly created permission set named as "My Custom Permission Set" and then click on "Object Setting" link and it will open list of objects and then click on the object link for which you want to give the extra permission which not available in Profile. For the above example click on "Account" object.




  • Once we click on "Account" link it will open "my Custom Permission Set" for "Account" object and then click on "Edit" button and set the extra permission on Object and Field level and finally click on "Save" button.

  • Now its time to set the above create permission set to different user and for our case it is for user "U2". So, open user "U2" and then scroll down to " Permission Set Assignments" section and click on "Edit Assignments" button.

  • Once click it will shown you the available and enabled permission sets bucket and form available bucket we have to add "My Custom Permission Set" to enabled bucket and once done then click on "Save" button and its done. Now test the scenario.



Is it mandatory to select User License while creating permission sets? If not, what is the significance of selecting a User License?


It is not mandatory to select a User License while creating a permission sets.
If users with one type of license will use this permission set, then choose the same license that’s associate with them.
If you are planning to assign this permission set to multiple users with different licenses then, choose none.


at
Subscribe to: Posts (Atom)

LWC to LWC Communication using Lightning Messaging Service (Part - 2)

In my previous post ( previous post link ) we have learn how to create a Lightning Messaging Service with 6 steps and today we will use the ...