Ruth and Cloudy having a picnic next to text that says "Learn MOAR: #2 Security Enhancements."

Learn MOAR in Spring ’22 with Security Enhancements


Follow and complete a Learn MOAR Spring ’22 trailmix for admins or developers by March 31, 2022, 11:59 p.m. PT, to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page.

New and exciting security features for all

In Spring ’22, we’re introducing enhancements to permissions and record access that we’re sure you security-minded admins will be excited about! Check them out below.

Easy automation for managing user permissions with Assignment Expiration

Assignment Expiration gives you more control over user access. You can get rid of reminders, calendar entries, and complex, hard-to-maintain automation for managing user access. With Assignment Expiration, the platform does it for you! Make sure you turn this feature on and check out the new page where you can assign a permission set or group with or without expiration. This will eventually become the sole page used for assigning permission sets and groups. We’re always looking for feedback, so let us know what you think!

For detailed instructions on how to use this feature, check out this blog post.

Enhancements to Optimizer metrics for critical permissions

Have you run Optimizer lately? If not, you should! We’re always listening to our customers and we heard you. #AwesomeAdmins didn’t like the fact that the Critical Permissions Metric in Optimizer included View All Users instead of Manage Users. We’ve made changes in the Spring ’22 Release—the Critical Permissions Metric no longer includes View All Users and now includes Manage Users and dependent permissions. Please note that in order to see the updated metrics, you need to re-run Optimizer.

Time-saving option when creating criteria-based sharing rules

Some users, whether they’re a High Volume User in an Experience Cloud site or a system user, such as an Automated Process User or Platform Integration User, cannot have an assigned role. As an admin, this meant you had to change ownership of the record from the High Volume User or system user to another user in order to grant record access. With the enhancements to criteria-based sharing rules, when creating criteria-based sharing rules, they now default to include records owned by users who can’t have an assigned role, saving you time!

Criteria-based sharing rule with the option to include records owned by users who can’t have an assigned role.

One important caveat is that the API and UI have different default values. In the API, if you don’t pass in a value for “Include records owned by users who can’t have an assigned role,” it defaults to be more restrictive, matching what we did in prior releases.

Enhanced management for protecting external user PII

In Winter ’22, we released a new framework to protect external user personally identifiable information (PII). In the Spring ’22 Release, we now respect the Experience Cloud site’s “show nicknames instead of full names” option, when name is considered PII. If you enabled Enhanced Personal Information Management in Winter ’22, please adjust the name’s compliance category so it’s considered PII. This enhancement is important for protecting external users’ names and also allows you to have different PII policies per site for the name field!

In Spring ’22, we also changed how orgs enabling Enhanced Personal Information Management for the first time adjust which fields are considered PII, from Compliance Category to FieldSets.

User Management Settings in Setup with the Enhanced Personal Information Management setting enabled.

This means you can now view and edit what is considered PII in one place! We also made it easier to move changes from one org to another, through both change sets and unlocked packages.

Picklists in user criteria now supported by restriction rules

Have you ever wanted to create restriction rules for users but couldn’t filter by User Type? Now, with Spring ’22, you can choose which users are impacted by a restriction rule by picking a picklist. We also made it easier for customers or partners who want to share sample restriction rules through an unlocked package!

These are just a few of the Spring ’22 security enhancements we wanted to feature. Give these enhancements a test drive in your org and let Product Managers Larry Tung and Cheryl Feldman know what you think! They’re interested to hear what’s top of mind for admins as it relates to security. Reach out to them on the Trailblazer Community or on Twitter at @TungLarry and @CherFeldman, respectively.

Don’t forget to watch the Spring ’22 Admin Preview on February 4 where Larry and Cheryl will be taking questions live. And be sure to check out the Learn MOAR Spring ’22 for Admins Trailmix and follow along on the blog this week for more Learn MOAR!

More Learn MOAR

Introducing Files and Attachments Backup in Salesforce Backup.

Introducing Files and Attachments Backup in Salesforce Backup | Spring ’24

What is Salesforce Backup? Salesforce Backup is our native backup and restore solution designed to safeguard customers’ valuable data. Geared for user-friendly operation, Salesforce Backup automatically creates backup copies of business data, empowering organizations to effortlessly restore data and recover from even the most challenging scenarios. With the Spring ’24 Release, we’re thrilled to announce […]

Introducing Salesforce Backup.

Introducing Salesforce Backup: Your Data’s Safety Net

What is Salesforce Backup? On August 15, Salesforce announced the general availability of Salesforce Backup, a native backup and restore solution designed to safeguard customers’ valuable data. Built with ease of use in mind, Salesforce Backup automatically creates backup copies of business data, empowering any organization to restore data and recover from even the worst-case […]

Permissions Updates

Permissions Updates | Learn MOAR Spring ’23

Author’s note: You likely noticed that the official announcement about the End of Life (EOL) of permissions on profiles was never sent out. We’ve decided to no longer enforce the End of Life of permissions on profiles for Spring ’26. We realized, thanks to all the Awesome Admin feedback we’ve received, that we first have […]