🌱 Root to leaf :
Object-level security settings can be implemented in Salesforce through the use of profiles or permission sets.
Profile :
- Used to grant CRUD (Create, Read, Edit & Delete) permissions to users on Salesforce objects
- Can be used to restrict users’ access to objects
Permission Set :
- A permission set is a collection of settings and permissions that extend users’ functional access without changing their profiles
- A permission set cannot be used to restrict users’access
- It is possibile to add an Expiration Date to a permission set
Permission Set Group :
- Instead of assigning multiple permission sets to a user, a Permission Set Group can be created which groups permission sets together and then assigned to the user.
- Multiple permission set groups can also be assigned to a single user.
Muting permission set :
- Permissions in a permission set group can be disabled or “muted” by adding a Muting Permission Set
- Only one muting permission set is allowed in a permission set group
💧🌿 Branch to Action :
Implementing Profiles and Permission Sets in Salesforce
When managing user access in Salesforce, it’s crucial to adopt a modular, secure, and scalable approach. Here are three common implementation strategies, along with their benefits and drawbacks:
1. Minimum Access Profile + Permission Set-Driven Access
This approach uses a baseline profile granting minimal access (Salesforce’s “Minimum Access” profile), and then builds all user permissions through individual Permission Sets and Permission Set Groups.
✅ Pros: Clear separation of concerns, high flexibility, easy to scale and audit without touching user profiles.
⚠️ Cons: More complex initial setup; without strong structure, it can lead to bloated permission sets.
2. Permission Sets by Role or Functional Scope
Permissions are grouped according to business roles (e.g., Sales Rep, Support Agent, Manager) or cross-functional needs (e.g., Mobile Access, Data Export).
✅ Pros: Aligns well with organizational charts, intuitive assignment.
⚠️ Cons: May lack granularity; requires updates if organizational roles evolve frequently.
3. Permission Sets by Object
Each Salesforce object (like Accounts, Opportunities, Cases) has its own dedicated Permission Set, granting create, read, update, or delete rights as needed.
✅ Pros: High granularity and control; great for dynamic teams or complex permission matrices.
⚠️ Cons: Can become hard to maintain without naming conventions and documentation.
Quick Comparison Table
| Criteria | Option 1: Min Access + PS | Option 2: By Role/Function | Option 3: By Object |
| Flexibility | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Ease of Maintenance | ⭐⭐ | ⭐⭐⭐ | ⭐ |
| Permission Granularity | ⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐ |
| Business Alignment | ⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐ |
Recommendation:
For most organizations, combining Option 1 and Option 2 strikes the right balance between adaptability and administrative clarity. Option 3 works well as a complementary layer when ultra-specific control is required—especially in regulated environments or complex orgs.
🎯 Bonus Tip: Don’t forget to implement naming conventions, maintain documentation, and review assignments regularly. A structured system today saves hours of clean-up tomorrow!
![[Salesforce] Les outils de développement OmniStudio](https://acommitted.com/wp-content/uploads/2025/02/8212a9615d97a63949461b2de4881c94_kix.my8rqd18pecp-400x250.webp)
0 Comments