Why transition to Permission Sets?

Salesforce Profiles are becoming increasingly irrelevant as they are no longer being enhanced and are difficult to maintain. Salesforce is shifting its development focus to Permission Sets, a much more flexible and scalable model for access management. Using Permission Sets allows you to assign user rights based on their specific roles and responsibilities, without the limitations imposed by Profiles.

Key benefits of Permission Sets:

• Minimal rights: Users are granted only the minimal rights necessary to perform their jobs, significantly improving the security of your data.
• Scalability: It's easier to assign and manage rights, especially when working with a large number of users.
• Flexibility: Permission Sets are based on job roles, meaning you can adjust access rights as the functions or responsibilities of a user change, without having to maintain complex profile structures.

What remains in Profiles?

While most access rights will be managed through Permission Sets in the future, some settings in Profiles are retained. These mainly concern user-specific access:

• Login hours and IP ranges: Determine when and from which locations users can log in.
• Default values for record types and apps: Assigning default settings such as record types and applications to users.
• Page layouts: These will remain in Profiles for now, but with the advent of App Builder and Dynamic Forms, this element will eventually migrate to a different solution.

What goes into Permission Sets?

With the transition to Permission Sets and Permission Set Groups, a large part of the access control shifts to these tools. Some of the main elements included in Permission Sets are:

• Object rights (CRUD) and field permissions (FLS): Access to objects and fields is fully managed via Permission Sets.
• Access to non-standard tabs, record types, and apps: All modifications to the default settings are transferred to Permission Sets.
• Apex classes and visualforce pages: These are now only managed via Permission Sets, ensuring a more detailed control over what users can see or edit.
• Custom permissions and access to connected apps: Permission Sets offer a flexible way to manage access to specific apps and custom functionalities within Salesforce.

Challenges of continuing to work with Profiles

Many Salesforce organizations continue to use Profiles due to familiarity, but this poses several challenges:

• Difficult to Maintain: Profiles are often poorly or not at all maintained. Cloning of profiles leads to many duplicates, complicating management.
• Challenging to Implement: Deploying metadata in Salesforce with Profiles requires a lot of manual work, limiting efficiency.
• No Role-Based Control: Profiles are not role-based, making it difficult to logically align access control with job titles or roles within your organization.

For example, suppose an account manager needs access to multiple processes such as creating accounts, managing opportunities, and generating quotes in Salesforce CPQ. With Profiles, it can be difficult to configure all these rights efficiently. Permission Sets, however, offer the flexibility to easily assign and manage these rights based on the actual needs of the role.

How PossibilIT assists with the transition to Permission Sets

The transition to Permission Sets is a critical step in keeping your Salesforce environment secure and efficient. At PossibilIT, we provide tailored support to make this process as smooth as possible. We assist you with:

1. Evaluation of your current Profiles: We start by analyzing your current Profiles and determining which access rights need to be transferred to Permission Sets.
2. Building Permission Sets: We then create the appropriate Permission Sets and Permission Set Groups that align with the functions and responsibilities of your users. This helps to precisely tailor the rights to their role within the organization.
3. Testing and implementation: We test the new security model to ensure that everything functions correctly and that your users have access only to the necessary data and functionalities.
4. Training and support: We ensure that your team fully understands how Permission Sets work and how to manage them, so your security model continues to function smoothly in the future.