
>
Using Custom Permissions With Lightning Component Visibility
<
I love custom permissions. I believe they may be the most flexible feature within Salesforce.
Lightning experience admins out there are likely familiar with component visibility. It is the ability for a page to hide or display a component on the page based on some criteria.
At Dreamforce 18, Salesforce announced lightning pages. This adds even more custom pages by hiding and displaying fields based on criteria. This means you could potentially have a one-page layout with all the differences being controlled by component visibility criteria. No more tons of different page layouts by profile!
This change does cause a complication. It will increasingly get more difficult to know why a given user can or cannot see something on the page. Oh what is a Salesforce Admin to do?
The Issue with Lightning Component Visibility
Before we dive into a better solution, let’s take a look at a simple example of why Component visibility on Salesforce Lightning pages is a potential headache.
With Lightning Component Visibility, we can decide if the component will display on the page for the user based on some set of criteria. Common practice is based on the user’s profile or username. The example we have here is actually pretty simple. It’s referencing only two profiles and a single username. This could have even more criteria and more complicated logic. You can imagine how more complicated these component visibility criteria have the potential to become.
Why do I hate this setup for Lightning Component Visibility? Close your eyes, well actually don’t because you’re reading this. Imagine the scenario. It’s late Friday afternoon. You’re eager to shut down and go home for the weekend, maybe for a favorite meal or hobby. Right before you’re about to close the laptop, the CEO pops his head in, cradling his “best boss” coffee mug and asks “Before you leave, when the CFO looks at this page he sees all this information and I don’t. Plus, the CFO can’t see the same dashboard as I see even though we’re looking at the same page. Can you tell me why? That’ll be great?”
Ugh. In classic, we would check record types and page layouts, Field Level Security and profiles. With Lightning Component it could be due to one of the above options PLUS the component visibility logic. Heaven forbid if your logic is complicated that you have to spend ten or more minutes trying to figure this out.
We can do better. Way better.
The Joy of Custom Permissions
We’ve seen what a headache using Component Visibility criteria can be. Let’s look at a more simple solution.
Take a look at this example.
One item in the criteria. That’s it.
Simple.
Why is this better? Not only is the component visibility criteria significantly simpler, but it’s also easier to determine who can see it. Custom Permissions can be assigned to a user through a Permission Set or directly to a profile. All you need to do is name your Custom Permission and/or Permission Set to mirror what the Lightning Component is. All we have to do then is look at the Permission Sets assigned to the user and the Custom Permissions assign to their profile. Boom! We can clearly see that this particular user can see Dashboard 1, Dashboard 2, and Time Card Flow Access. No need to open the Lightning page.
What if we need to make a change to visibility? No worries. We either add or remove a custom permission from the user. No need to mess around with the Lightning Page. No need to confirm the Lightning Component Visibility criteria logic. Just update the Custom Permission and you’re done!
Creating Custom Permissions
Assigning the Custom Permission for Lightning Component Visibility
It’s easy to use a Custom Permission for Lightning Component Visibility. In the Lightning App Builder, click on the component and then click “Add Filter” Then we click “Select” and we’ll see a pop up screen.
When the screen first displays, we choose “Permissions” from the drop down menu which will display a new drop down.
From the second drop down, we choose “Custom Permissions.”
Finally, we choose the Custom Permission from the list of available permissions and click “Done.”
Recap
Custom Permissions are fantastic. They’re available in Validation Rules, Workflow Rules, as well as Lightning Process Builder.
They’re also a savior to the Salesforce Admin on a Friday night attempting to determine why a user can see or not see something on a Lightning Page.
Are you using Custom Permissions? How else are you using them?
Don’t miss a post! Sign up to receive email notications.
I run this site, the podcast, and my training videos for the community. I do incur some costs. I greatly appreciate if you can help me out by checking out my affiliates and – if you shop amazon – start your search on my site.
Totally sold. FIRST TIME I’ve even HEARD about custom permissions.
Question: Is it possible to create a report that shows a list of custom permissions, and all of the places that permission has been applied? You can also imagine the variations on that sort of report theme, like for a given person, has this permission been somehow granted to them? It would have been great if there had been one additional field so that you could document CONTEXT for that custom permission (why and wherefore). A report listing just the permissions and contexts would also be helpful.
Now I’m going to go look to see if Custom Permission is an object which can be modifled.
So there’s no way to do a report on custom permissions. It’s accessible in the metadata. What’s not clear is the assignment of those permissions. You can find which Custom Perms are assigned to which Perm Set by querying SetUpEntityType [SELECT Id,ParentId,SetupEntityId,SetupEntityType FROM SetupEntityAccess WHERE SetupEntityType = ‘CustomPermission’]; Then query which users have the Permission Set. What I haven’t found is what stores the custom permissions associated directly to a profile.
Great post Brian! We’re looking to redo our profiles soon and this may factor into that project now that I’ve read about it. Thanks for providing such great content to the Ohana!
Thanks for the feedback!
I did find a bug in their system. If the users can’t view setup the custom perm visibility doesn’t work on components. I was told this is being considered a bug but I don’t know if or when it’s being fixed
Hey Brian – been awhile – hope all is well!! – great post but am I missing something? I get how to create the custom permission which should give access to a lightning component on a home page (my use case) – I’m just not seeing how to assign it to a specific user – is that possible? or do I need to create a permission set?
To apply a custom perm to a specific user, you need to assign the custom perm to a permission set and THEN assign the perm set to the user.
Custom permissions can be assigned thru Profile or permission set
ok – thanks Brian – that makes sense – hope to say hi again at the next dreamforce 🙂
Hello Brian,
Thank for answer. I followed step by step on your point. I created a permission set but i couldn’t find it in my Custom permission. Do you know what i should do? Thank in advance!
Okay, so here’s the steps I do:
1. Create a custom permission
2. Create a permission set
3. Add the custom permission to the permission set. You’ll see a section for “Custom Permissions” when you are looking at the perm set
4. Add Permission set to users as needed
Based just on your comment I think you’re trying to add a Perm set to a custom permission. It’s the other way around