In APEX, Visualforce, Lightning Components, Automation, Blog, Salesforce Lightning, Security

>

Using Custom Permissions With Lightning Component Visibility

<

I love custom permissions. I believe they may be the most flexible feature within Salesforce.

Lightning experience admins out there are likely familiar with component visibility. It is the ability for a page to hide or display a component on the page based on some criteria.

At Dreamforce 18, Salesforce announced lightning pages. This adds even more custom pages by hiding and displaying fields based on criteria. This means you could potentially have a one-page layout with all the differences being controlled by component visibility criteria. No more tons of different page layouts by profile!

This change does cause a complication. It will increasingly get more difficult to know why a given user can or cannot see something on the page. Oh what is a Salesforce Admin to do?

The Issue with Lightning Component Visibility

Before we dive into a better solution, let’s take a look at a simple example of why Component visibility on Salesforce Lightning pages is a potential headache.

Lightning Component Visibility by Profile

Lightning Component Visibility with Profile and Username

With Lightning Component Visibility, we can decide if the component will display on the page for the user based on some set of criteria. Common practice is based on the user’s profile or username. The example we have here is actually pretty simple. It’s referencing only two profiles and a single username. This could have even more criteria and more complicated logic. You can imagine how more complicated these component visibility criteria have the potential to become.

Why do I hate this setup for Lightning Component Visibility? Close your eyes, well actually don’t because you’re reading this. Imagine the scenario. It’s late Friday afternoon. You’re eager to shut down and go home for the weekend, maybe for a favorite meal or hobby. Right before you’re about to close the laptop, the CEO pops his head in, cradling his “best boss” coffee mug and asks “Before you leave, when the CFO looks at this page he sees all this information and I don’t. Plus, the CFO can’t see the same dashboard as I see even though we’re looking at the same page. Can you tell me why? That’ll be great?”

Ugh. In classic, we would check record types and page layouts, Field Level Security and profiles. With Lightning Component it could be due to one of the above options PLUS the component visibility logic. Heaven forbid if your logic is complicated that you have to spend ten or more minutes trying to figure this out.

We can do better. Way better.

The Joy of Custom Permissions

We’ve seen what a headache using Component Visibility criteria can be. Let’s look at a more simple solution.

Using Custom Permission for Lightning Component Visibility

Using Custom Permission for Lightning Component Visibility

Take a look at this example.

One item in the criteria. That’s it.

Simple.

 

 

 

 

 

 

 

Why is this better? Not only is the component visibility criteria significantly simpler, but it’s also easier to determine who can see it.  Custom Permissions can be assigned to a user through a Permission Set or directly to a profile. All you need to do is name your Custom Permission and/or Permission Set to mirror what the Lightning Component is. All we have to do then is look at the Permission Sets assigned to the user and the Custom Permissions assign to their profile. Boom! We can clearly see that this particular user can see Dashboard 1, Dashboard 2, and Time Card Flow Access. No need to open the Lightning page.

What if we need to make a change to visibility? No worries. We either add or remove a custom permission from the user. No need to mess around with the Lightning Page. No need to confirm the Lightning Component Visibility criteria logic. Just update the Custom Permission and you’re done!

Creating Custom Permissions

Let’s take a look at how we create a Custom Permission. Prepare yourself. It takes a lot of work.

  1. Open Setup
  2. Use quick find to filter to Custom Permission and click
  3. Click New
  4. Enter a Label & Name
  5. Click Save
    Creating a custom permission

    Creating custom permissions

Oh, the humanity! So much work.

Assigning the Custom Permission for Lightning Component Visibility

It’s easy to use a Custom Permission for Lightning Component Visibility. In the Lightning App Builder, click on the component and then click “Add Filter” Then we click “Select” and we’ll see a pop up screen.

Select Permissions

Step 1 Select Permissions

When the screen first displays, we choose “Permissions” from the drop down menu which will display a new drop down.

Select Custom Permissions

Select Custom Permissions

From the second drop down, we choose “Custom Permissions.”

Selecting a specific Custom Permission

Select from the available custom permissions

Finally, we choose the Custom Permission from the list of available permissions and click “Done.”

Recap

Custom Permissions are fantastic. They’re available in Validation Rules, Workflow Rules, as well as Lightning Process Builder.

They’re also a savior to the Salesforce Admin on a Friday night attempting to determine why a user can see or not see something on a Lightning Page.

Are you using Custom Permissions? How else are you using them?

Don’t miss a post! Sign up to receive email notications.

Subscribe

Subscribe to our mailing list

* indicates required
I want to receive email notifications about:

I run this site, the podcast, and my training videos for the community. I do incur some costs. I greatly appreciate if you can help me out by checking out my affiliates and – if you shop amazon – start your search on my site.

Recommended Posts
Showing 2 comments
  • Matthew Kelly
    Reply

    Totally sold. FIRST TIME I’ve even HEARD about custom permissions.
    Question: Is it possible to create a report that shows a list of custom permissions, and all of the places that permission has been applied? You can also imagine the variations on that sort of report theme, like for a given person, has this permission been somehow granted to them? It would have been great if there had been one additional field so that you could document CONTEXT for that custom permission (why and wherefore). A report listing just the permissions and contexts would also be helpful.

    Now I’m going to go look to see if Custom Permission is an object which can be modifled.

    • Brian Kwong
      Reply

      So there’s no way to do a report on custom permissions. It’s accessible in the metadata. What’s not clear is the assignment of those permissions. You can find which Custom Perms are assigned to which Perm Set by querying SetUpEntityType [SELECT Id,ParentId,SetupEntityId,SetupEntityType FROM SetupEntityAccess WHERE SetupEntityType = ‘CustomPermission’]; Then query which users have the Permission Set. What I haven’t found is what stores the custom permissions associated directly to a profile.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start typing and press Enter to search

Salesforce Labs Feature Image