Custom Permissions are now available in Process Builder too! Check out my how to here: https://thewizardnews.com/2018/01/19/power-custom-permissions-process-builder/
At the start of the new year it’s considered tradition to come up with some resolutions. Many of these we won’t keep. For example, my “I won’t eat anymore chocolate” was just a stupid resolution choice and lasted as long as it took for someone place a very nice hot cup of cocoa near me. A good resolution should contain an achievable goal, some milestones, and a timeline. For example a resolution for an Admin could be “To have less stress and a more manageable Salesforce org by updating all my validation rules to use custom settings in six months.”
I love validation rules. They’re fantastic way to keep your data clean and to help guide your users to the path they should be taking. As a company grows, every rule has this tendency to gain exceptions. We don’t want anyone to edit this field except for sales managers. Now it’s Sales Managers and their assistants. Now it’s Sales Managers, their Assistants, and this temporary consulting. Now it’s… and so forth. Sometimes these exceptions are temporary. We just need access for the next week while we update our Opportunities before the big price update.
This can be a pain in the Admin’s side. Those exceptions are typically based on Role ID, Profile ID, or even User ID. There’s been many rules that break down to:
text(StageName) = "Qualified" &&
Amount < 0.01 &&
not($User.ProfileId ="00eE0000000QPl2") &&
not($User.ProfileId = "00eE0000000qtl3") &&
not($User.Id = "005E0000000MQb4")
That’s pretty horrifying. I can feel the stress building up just looking at it. It’s also not very friendly. Which profiles are being referenced? Who’s the User who gets this exception? You could add some more comments in there to make it better, but it’ll still be difficult to manage when you have many validation rules. Here’s a real life example of how this causes stress: You have a new manager who’s learning the business process. He comes to you and asks what our rules are who and who has exceptions to them. Unless you have an extremely well documented and easy to search org, this can turn into a huge time sink.
So why use such a horrible to manage and difficult to read method. Let’s simplify that rule using a Custom Permissions! This is a feature that became available in the Winter ’15 release and which I completely didn’t see the value until recently.
We can take the above validation rule and strip out all the exceptions to a single line:
text(StageName) = "Qualified" &&
Amount < 0.01 &&
Isn’t that so beautiful? It’s so easy to read. A custom permission is really nothing more than a record that can be assigned to Profiles and Permission Sets. Users who are then assigned those Profiles and Permissions sets are also assigned this custom permission. Salesforce will look at the running user and see if that custom permission exist.
Using Custom Permissions
Creating a permission set is very easy. You’ll find Custom Permissions under the develop menu or you can be efficiently lazy like me and just type custom perm in the quick find box in setup. Once you are on the Custom Permissions page, just click “New”.
Once your permission is created, you can easily add it to your validation rule using the “Insert” button.
Now we have our custom permission and validation rule created, let’s see what happens if I try to update my Opportunity Name, Amount, and Closed Date. You’ll see I get the error message. This is because my user does not have a Profile or Permission set with our Custom Permission. Let’s fixed that.
Adding a Custom Permission to a Profile or Permission Set is very easy. First, go to your Profile. Second, scroll to the bottom. And click “Edit” on the Enable Custom Permissions related list. Note – do not EDIT the profile. This will only work if you’re viewing the profile.
Ta da! You can also do something similar using Custom Settings – which I also love. I’ll do an example of Custom Settings in a different post. What’s great about Custom Permissions is it’s very flexible. Want to be able to send an email automatically to customers when records are modified, but only by certain people? You can use a Custom Permission for that. You’re a developer and want to hide a section on your Visualforce page except for certain people? You can use a Custom Permission for that! When using APEX, you still have to query for the Custom Permission. Sadly the nifty global reference isn’t available yet in Apex.
The only thing missing from a Custom Permission is a very nice handy list of the Profiles and Permission Sets that have it.
So please go vote up these ideas:
Was this post helpful? Consider subscribing to my e-mail notifications or following my Facebook page. Also check out Wizard Apprentice, my video training guides and of course the WizardCast podcast – Salesforce with a sense of humor.
Finally, if you want to support the site, we’re an Amazon affiliate. Purchases that start from the search widget on the page helps me pay the hosting fees. Alternatively, you can see the products that I’ve personally bought, use, and actually like on my influencer page: https://www.amazon.com/shop/kwongerific