Salesforce Developer Data Security Object Access Permission

salesforce-developer-data-security

TODO: Put each specific instruction into its own page and link to them.

// Salesforce - Developer - Data Security - Object Access - Permission Sets:

A permission set is a collection of settings and permissions that give users 
access to various tools and functions. The settings and permissions in 
permission sets are also found in profiles, but permission sets extend users’ 
functional access without changing their profiles. 

For example, to give users access to a custom object, create a permission set, 
enable the required permissions for the object, and assign the permission set 
to the users. 

You never have to change profiles, or create a profile for a single use case. 
While users can have only one profile, they can have multiple permission sets.

Permission sets are additions on top of profiles.  Permission sets are very 
similar to profiles. Many of the things that are included in permission set are 
also found in profiles. Use permission sets to grant additional permissions to 
specific users, on top of their existing profile permissions, without having to 
modify existing profiles, create new profiles, or grant an administrator profile 
where it’s not necessary.  A user can be assigned only one profile, but can be 
assigned many permission sets. 

Every user is assigned one profile, which give the least permissions.  Create 
additional permission sets, and assign these permission sets to specific users
to grant additional permissions to these users.

Here are two common scenarios in which permission sets are useful:

1. To grant access to custom objects or entire apps: Let’s say you have many 
   users in your organization with the same fundamental job functions. You can 
   assign them all one profile that grants them all the access they need to do 
   their job. But suppose a few of those users are working on a special project 
   and they need access to an app that no one else uses. And suppose a few 
   other users need access to that app, as well as another app that the first 
   group doesn’t need. If we only had profiles, you’d have to create more 
   profiles that were customized to those few users’ needs, or take your 
   chances and add more access to the original profile, making the apps 
   available to users that don’t need it. Neither of these options is ideal, 
   especially if your organization is growing and your users’ needs change 
   regularly. Permission sets make it easy to grant access to the various apps 
   and custom objects in your organization, and to take away access when it’s 
   no longer needed.

2. To grant permissions—temporarily or long term—to specific fields: For 
   example, let’s say you have a user, Tom, who needs temporary edit access to 
   a field while his co-worker is on vacation. You can create a permission set 
   that grants access to the field and assign the permission set to Tom. When 
   Tom’s co-worker returns from vacation and Tom no longer needs access to the 
   field, you just remove the permission set assignment from Tom’s user record.

A permission set's overview page provides an entry point for all of the 
permissions in a permission set. 

To open a permission set overview page:

1. From Setup, enter Permission Sets in the Quick Find box
2. Select Permission Sets
3. Select the permission set you want to view.

In any permission set, permissions and settings are organized into categories, 
corresponding to app settings, system settings, object permissions, and field 
permissions.

From the permission set overview page, you can:

1. Search for permissions and settings

2. Create a permission set based on the current permission set

3. If it's not assigned to any users, remove the permission set by clicking on
   Delete

4. Change the permission set label, API name, or description by clicking on
   Edit Properties

5. View and manage the users assigned to the permission set, by clicking on
   Manage Assignments

6. Under Apps and System, click any of the links to view or edit permissions 
   and settings

Permissions sets are additive. You cannot remove a user’s existing permissions 
by assigning a permission set. You can only add permissions. To limit access for 
a group of users, ensure that their base profile—as well as any of their 
permission sets—limits this type of access.

To Creating a New Permission Set:

1. From Setup, enter Permission Sets in the Quick Find box, then select 
   Permission Sets.

2. Do one of the following:

   1. To create a permission set with no permissions enabled, click New.

   2. To create a permission set based on an existing set, click Clone next to 
      the set you want to copy. You can also select the permission set and click 
      Clone in the overview page or one of the settings pages.  

      Clone a permission set only if the new one should have the same user 
      license as the original. In a cloned permission set, you cannot select a 
      different license.

3. Enter a label, API name, and description. The API name is a unique name used 
   by the Force.com API and managed packages. It will auto-populate based on the 
   label, but you can modify it.

4. If this is a new permission set, select a user license option. If you plan 
   to assign this permission set to multiple users with different licenses, 
   select --None--. If only users with one type of license will use this 
   permission set, select the user license that’s associated with them.

   If you are cloning a permission set, you can’t select a user license. If the 
   User License field is blank, no user license is associated with the 
   permission set.

5. Click Save. The permission set overview page appears. From here, you can 
   navigate to the permissions you want to add or change.

To Assign a Permission Set:

1. From Setup, enter Permission Sets in the Quick Find box, then select 
   Permission Sets.

2. Select a permission set.

3. In the permission set toolbar, click Manage Assignments.

4. Click Add Assignments.

5. Select the users to assign to this permission set.

6. Click Assign.

7. Review the messages on the Assignment Summary page. If any users weren’t 
   assigned, the Message column lists the reasons.

8. To return to a list of all users assigned to the permission set, click Done.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License