In a previously published blog post, Why You Should Add Custom Permissions to Your #AwesomeAdmin Tool Belt, I introduced you to custom permissions. While this feature has been around since Winter ’15, it still remains fairly unknown and underutilized by the admin community. Now’s the time, #AwesomeAdmins — use this superpower to lock or unlock user access to apps or processes!
In this blog post, we’ll focus on how admins can use custom permissions to selectively show components — such as an action, field, or flow — to a group of users with component visibility on a Lightning record page. However, this technique can be extended to any component in Lightning App Builder using component visibility.
In case you’re wondering what component visibility is, when you select a component on a record, app, or Home page in the Lightning App Builder, the component visibility properties appear. This allows you to apply filter logic and conditions to standard components, custom components, and components from the AppExchange. If you don’t define a filter, the component displays on the Lightning page as usual. When you define one or more filters and set the filter logic for a component, the component is hidden until the filter logic criteria are met. BTW, component visibility properties are also available in components used in screen flows, which is pretty cool.
Devohne Mays, Operations Manager at Sunshine Cupcakes, meets with Salesforce Admin Addison Dogster. Devohne tells Addison that he would like certain fields, actions, and components to only show to a select group of employees — sales associates (those who can actually process cupcake orders) and managers — when they view a cupcake order. Currently, these elements are visible to all users. Devohne has discovered that there are some users making changes or taking actions on the record when they shouldn’t. All other employees (such as cashiers or drivers) should not see these fields, actions, and components when they view the same Cupcake Order record.
In addition, Devohne needs coaching comments, which a shift manager provides to the sales associate handling the cupcake order, to only be shown to sales associates as a teaching moment.
The actions to Log a Call, Process Order, Complete Order, and Edit should only appear to sales associates and managers. No one else should be able to take these actions.
Lastly, the Actions & Recommendations component, similar to the actions, should only be actionable by sales associates and managers.
In the Sunshine Cupcakes org, sales associates and managers are represented by two profiles.
Addison thinks this is the perfect use case for custom permissions and component visibility filters in the Cupcake Order Lightning record page. While she could easily apply the component visibility filter condition on both profiles, Addison thinks about the maintenance ramifications of specifying the two profiles everywhere this requirement needs to be applied. What if another profile or a select group of users is needed in the future? It can easily get out of control. Here, it makes sense to filter on whether the user has the custom permission to determine whether the component is displayed.
Since access at the moment is needed for everyone in both the Sales Associate and Manager profiles, Addison can add the custom permission directly to the profiles instead of creating a new permission set to associate the custom permission to.
In summary, Addison’s solution comprises of:
Addison first creates the custom permission. In Setup, search for ‘Custom Permissions’ in the Quick Find box. Create a new custom permission. Provide the label, name (API name), and description. The description should further describe the purpose of the custom permission and, possibly, where it’s used.
Addison creates the custom permission with these attributes:
Label: Access Exclusive Cupcake Order Components
Name: Access_Exclusive_Cupcake_Order_Components
Description: Access components only viewable by certain users
Then, Addison enables the custom permission by adding it to the profile. She adds it to the Sales Associate profile first.
Now, any user she assigns to the Sales Associate profile will automatically get the custom permission. Addison repeats the steps to enable the custom permission in the Manager profile.
Currently, all users in the Sunshine Cupcakes org have access to all actions, the Actions & Recommendations component, and the Coaching Comments field on the Cupcake Order record page.
Using Dynamic Actions, Addison adds flexibility and control to actions on her Lightning record pages. She assigns Dynamic Actions in the Lightning App Builder instead of the page layout editor, and can apply filters to control when and where actions are visible to users.
Note: You can create Dynamic Actions for custom objects on mobile and desktop and for some standard objects (Account, Contact, Lead, Opportunity, and Case) on desktop. All other standard objects are Beta for desktop.
Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Once she configures Dynamic Actions for the Cupcake Order page, Addison sets component visibility for the Log a Call, Process Order, Complete Order, and Edit actions:
And voila! Addison set actions to only show if the user has the custom permission Access Exclusive Cupcake Order Components.
Using Dynamic Forms, Addison can migrate the fields and sections from the page layout as individual components into the Lightning App Builder. Then, she can configure them just like the rest of the components on the page, and give the users of that page only the fields and sections that they need using component visibility.
Note: At the time of writing, Dynamic Forms is currently only available on custom objects. For more information on Dynamic Forms, including tips and considerations, limitations, and known issues, please visit the Salesforce Help article, Break Up Your Record Details with Dynamic Forms.
Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Once she configures Dynamic Forms for the Cupcake Order page, Addison sets component visibility for the Coaching Comments field:
Just like that, Addison set the Coaching Comments field to only show if the user has the custom permission Access Exclusive Cupcake Order Components.
Lastly, Addison can set component visibility on any standard or custom component on the Lightning page. Devohne only wants specific users to see the Actions & Recommendations component.
Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Addison chooses the Actions & Recommendations component and sets the component visibility:
In just a few clicks, Addison set the Actions & Recommendations component to only show if the user has the custom permission Access Exclusive Cupcake Order Components.
Sometimes, there are actions, data, or other things you don’t want to show all users in your org. Be security-minded and apply least privilege access to all the things in your org.
When you need to selectively show actions, fields, or components to some users and want to hide them for others, consider whether it makes sense to use custom permissions as a way to control that access. Custom permissions is the way to go if you want to apply access across multiple profiles or users and don’t want to manually maintain the access or denial list. It will allow you to design a better user experience for your users. So, rather than showing them actions they shouldn’t have access to (and then they click on the action and get a nasty error message), just don’t show them the action. They won’t know what they’re missing.
Now that you know how to configure a custom permission and use it in conjunction with component visibility to show an action, field, or component on a Lightning record page, I want you to try this solution yourself.
You can also dynamically show components on a flow screen using custom permissions and component visibility.
Take custom permissions for a spin! Share how you use this new admin superpower in your org with us on Twitter using #AwesomeAdmin.
Summer ’24 is almost here. Learn more about user management below and check out Be Release Ready to discover more resources to help you prepare for this release. Welcome to a new era of user management! At Salesforce, we believe in the power of community-driven innovation. Your feedback as Trailblazers is invaluable—it’s the compass that […]
As an admin, you’ve probably heard of Data Cloud, but maybe you haven’t prioritized it right away because you have other company challenges to address. Well, now’s the time to move Data Cloud to the top and dig in. If you’re thinking, “What is Data Cloud? Can you break it down for me?”, you’re in […]
As Salesforce continues to revolutionize how users interact with the Einstein 1 Platform, Einstein Copilot is poised to provide a new and exciting layer of artificial intelligence (AI)-powered conversations for your users. Einstein Copilot is your trusted AI assistant for CRM — built into the flow of work for any application, employee, and department. With […]
