As a Salesforce admin, I’m responsible for managing user access, permissions, and organization security. In our organization, there is an Employee profile in which employees have different roles, such as junior and senior.
In Salesforce, any permission assigned to a profile gets assigned to all users within that profile. I wanted to give the extra permissions to the employees according to their roles. For that, I created different permission sets according to the roles.
Now, the requirement is that whenever a new employee account is created or an existing employee Role is updated, I want to automatically assign the permission set to the employee according to their role.
In this tutorial, we will learn how to automatically assign a permission set to new users using Salesforce Flow.
Why We Need to Assign a Permission Set to a User in Salesforce?
In Salesforce, a Profile controls what a user can do, such as which objects and fields they can see or edit.
When we give permissions through a profile, those permissions are given to all users who have that profile. For example, if the ‘Employee’ profile has access to the account object, then every user with the employee profile can access accounts.
However, not all users with the same profile require the same level of access. For example, senior employees might need more access than junior employees.
If we add extra access to the profile, it will apply to everyone, which is not according to our requirements. For that, we use Permission Sets to give extra access only to specific users.
Automatically Assign Permission Set to New Users Using Salesforce Flow
Below, I will explain how we can assign the permission set to the newly created users according to the role they have been assigned.
Permission Sets in Salesforce:
First, we need to create a Permission Set and add the extra permissions you want to grant to the user, as per your requirements.
I have created two permission sets, which we will assign to the respective roles of employees.
Role Hierarchy in Salesforce:
Since I want to assign a permission set to the same profile based on the user role, I have created two roles in the Role Hierarchy.
We also require the User Role ID, which we will use in the flow to determine that the permission set should be assigned to the specific user role.
For that, I used the SOQL query to retrieve the IDs of the employee roles.
Create Record Trigger Flow in Salesforce:
Now, let’s create the flow to automate the process whenever a new employee account is created or an existing employee’s Role is updated; the respective permission set should automatically be assigned to the user.
Click on the Setup. -> Home Page. -> In the Quick Find Box, Search for Flows. You will see an option under Process Automation. -> Click on Flows.
In the flows setup window, click on the button New Flow -> Start From Scratch -> select the Record Trigger Flow -> Next.
In the start element, we have to select the object on which we want to perform automation. In our scenario, the User is a triggering object.
In the Configure Trigger, we need to select ‘A record is created or updated’.
Now we need to retrieve the permission sets that we have created for this scenario. Select the Permission Set object.
Then, to Filter Records for the object, we need to add a condition:
- In the Field option, you will see all fields from the Permission Set. There, we need to select the API Name.
- Equals operator.
- In the Value, we need to select which permission set we want to retrieve from the object.
To assign the permission set according to the role, we need to add a Decision element that checks the user’s role. Then, by adding the Create Record element, we will assign the respective permission set to that user.
In this condition, we need to provide the User Role ID that we retrieve using a SOQL query. For this, you need to add the number of outcomes corresponding to each role.
Next, to assign the permission set to the user, we need to add a Create Record element.
In the permission set, when we assign it to the user, we see it listed in the Permission Set Assignment. For that, we need to select Permission Set Assignment in the Object field.
After that, in the ‘Set Field Values for the Permission Sent Assignment‘ section, we need to set values for the fields.
Now we are ready to save the flow. For that, click the Save button, provide the flow Label, and the API Name will be automatically populated.
After that, always debug the flow before activating it to ensure that the working flow is correct and that there are no runtime errors. Then activate the flow.
In this way, we can automate the process of assigning the permission set to the user using Salesforce Flow.
Proof of Concept:
Now, we will test the flow to see if it assigns the permission set to the new user. To do that, navigate to the User details page. Open any Active User record.
You can see that John Joy’s user doesn’t have any permission set assigned. Also, he is not in any role.
- Now, I update the User Role according to our scenario and save the record.
- You can see in the Permission Set Assignment that one set has been assigned to the user.
- As I open the assigned permission set, Junior Employee PS, which is assigned according to the user role.
Conclusion
I hope you have got an idea about how to automatically assign a permission set to new users using Salesforce Flow. This helps us automate the process of assigning a permission set to a user based on their role.
You may like to read:
- Salesforce Profiles and Permission Sets
- Add User to Group or Permission Set Using Salesforce Apex
- Assign Permission Sets using Data Loader in Salesforce
- Salesforce Flow: Add Users to Public Group Without Code
- Auto-Assign Records to Users Using Salesforce Flows
Shubham is a Certified Salesforce Developer with technical skills for Building applications using custom objects, approval processes, validation rule salesforce flows, and UI customization. He is proficient in writing Apex classes, triggers, controllers, Apex Batches, and bulk load APIs. I am also familiar with Visualforce Pages and Lighting Web Components. Read more | LinkedIn Profile
