Add Custom Permissions to Your Tool Belt.

Why You Should Add Custom Permissions to Your #AwesomeAdmin Tool Belt

By

Hello, #AwesomeAdmins! Today, I’d like to introduce you to custom permissions, a fairly underutilized configuration feature that’s been around since Winter ’15. While this is more heavily used in code, it’s also available for use by admins. In fact, I believe every admin should have this feature in their superpower tool belt.

So, what are custom permissions?

The custom permissions feature lets you define access checks to your apps or processes. Custom permissions can be assigned to users via permission sets or profiles, similar to how you assign user permissions and other access settings.

Custom permissions are commonly used by developers in Apex. For example, if there’s a button on a Visualforce page and only certain users should have access, a custom permission can be referenced. If the user has the custom permission, the button will display.

Boolean hasCustomPermission = FeatureManagement.checkPermission('your_custom_permission_api_name');

Okay, okay, I know I just pasted some code. Let’s break this down together. This code snippet is checking to see if the user has a certain permission. If the attribute hasCustomPermission is set to true, then allow access. Otherwise, access is denied.

Guess what? Custom permissions are not just for developers! Using similar logic as the developer did in the code snippet above, admins can grant access to features and actions when a user has a custom permission. They’re for admins too!

Custom permissions can be used for:

  • Validation rules
  • Flows
  • Component visibility (The possibilities here are endless!)
  • Processes
  • Dynamic Form configuration

When do I use custom permissions?

  • When a validation rule applies to the same profiles/users
  • When a validation rule applies to a subset of users
  • When you need the ability to grant or deny access to a specific app or process
  • When an action only applies to a subset of users or select profiles
  • When select data is only available to a subset of users or select profiles
  • When access to a component is provided to a subset of users or select profiles
  • When access to a process is only provided to a subset of users or select profiles

How do I configure it?

First, you need to create your custom permission. In Setup, search for ‘Custom Permissions’ in the Quick Find box.

Create a new custom permission.

Pro-tip: Be descriptive with the name of your custom permission so it’s clear what it’s for. Don’t forget to provide a description of what the custom permission is intended for. Is it to grant or deny access? This will remind you (yes, you may need a reminder of this later) as well as other team members working in your org.

Creating a custom permission.

Next, determine who needs to be given access to this custom permission. Does everyone in a specific profile need this ability? Are only select individuals allowed this access?

If this applies to all users of a profile, you’ll assign the custom permission at the profile level. Every user assigned to the profile will have this custom permission.

A custom permission being added to a profile.

If this only applies to select individuals, add this custom permission to a permission set. Find the Custom Permission attribute, then find the custom permission and add it to the permission set. Once you assign the permission set to a user, that user will have this custom permission.

Adding a custom permission to a permission set.

Pro-tip: If the custom permission is the only attribute of the permission set, I recommend you name the permission set the same name as your custom permission. It makes it easier to maintain and assign/remove access later on.

A custom permission added to a permission set.

Next, you reference the custom permission in a component. You’ll follow this step whether it’s a validation rule, flow, process, or a component using component visibility.

In a validation rule or formula, under Insert Field, find $Permission, locate your custom permission, and insert. Once inserted, the syntax should look like $Permission.<Custom Permission API name>, such as ‘$Permission.Update_Opp_in_Stage_Closed_Won.’ Then, add the rest of the syntax. It’s that easy.

Adding a custom permission reference to a validation rule.

In Flow, create a Formula resource, find $Permission, then locate and select your custom permission. Once inserted, the syntax should look like $Permission.<Custom Permission API name>, such as ‘$Permission.Update_Opp_in_Stage_Closed_Won.’ Then, add the rest of the syntax you’re checking for — and voila!

Referencing a custom permission in a Flow formula resource.

In a process, select the type Formula, select System Variables, select Permission, and then locate and select your custom permission. Once inserted, the syntax should look like $Permission.<Custom Permission API name>, such as ‘$Permission.Update_Opp_in_Stage_Closed_Won.’ Then, add the rest of the syntax you’re checking for, and that’s it.

Referencing a custom permission in a process criteria.

To use with a dynamic action with component visibility, add the action, then add a component visibility filter. Select Advanced as the filter type. Select the field Permissions > Custom Permission > your custom permission. Then, set the operator and value.

A Custom Permission in action.

Your configuration can now check whether the user has that specific custom permission. And, depending on how you configured it, you can grant or deny that user access to your custom process at a much finer level.

Let us know how you used custom permissions in your org by sharing with us on Twitter @SalesforceAdmns!

Resources

Sandboxes vs. Scratch Orgs and How to Use Them

Sandboxes vs. Scratch Orgs and How to Use Them

A best practice for building and configuring new solutions is to always build and test outside of your production org. But what org type should you use for building and testing? There are many resources that break down sandboxes and scratch orgs separately—but on the Admin Relations team, we often hear from admins who want […]

READ MORE
Save Time with the Your Account App

How Salesforce Admins Can Save Time with the Your Account App

As Salesforce Admins, you’re expected to be the expert in all things Salesforce—and that often includes details of your company’s relationship with Salesforce. We know how important it is for you to be able to access key details of your Salesforce subscriptions and contracts, manage billing details, get copies of key documents, and even add […]

READ MORE
Permissions Updates

Permissions Updates | Learn MOAR Spring ’23

Follow and complete a Learn MOAR Spring ’23 trailmix for admins or developers by March 31, 2023, 11:59 p.m. PT to earn a special community badge and be automatically entered for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA