In the last article Auto Add/Remove Permission Set – Part 1 I have gone through the way to automate Assign Permission Sets process based on user defined criteria. In this article I will discuss a way to automate Unassign Permission Sets based on criteria.
Business Use Case
Management in Universal Container wants to automate permission set removal or Unassigned process so that their admin workload will be reduced.
Solution for the above business requirement
In this article, I will discuss how to auto Unassign/Remove Permission Sets from the user. First of all, create few fields on the User object to save condition to auto Unassign/Remove Permission Sets to the user. In this demo, I will create a few fields on the User object as shown in the below screenshot
Custom Fields on User object
To solve this requirement we will use Visual Workflow and Workflow Rule (i.e Headless Flow). Before going ahead with the solution you have to understand about PermissionSetAssignment Object. It represents the association between a User and a Permission Set. Below are the key fields from PermissionSetAssignment object
| Field Name | Details |
| PermissionSetId | ID of the PermissionSet to assign to the user specified in AssigneeId. |
| AssigneeId | ID of the User to assign the permission set specified in PermissionSetId. |
To develop this application follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | Flows
2) Click on New Flow, it will open flow canvas for you. Create Two Text type variable UserID (To pass User ID) and RemovalPermissionsetID (To pass ID of permission set which system admin want to remove from user)
3) Drag and drop a Record Delete ( Give the name Delete Permission Set) onto the window to assign permission set to user and map the fields according to below details
- Select Object PermissionSetAssignment
- AssigneeId= {!UserId}
- PermissionSetId= {!RemovalPermissionSetID}, You can take help from the following screenshot
Remove Permission Set
4) Finally, our Flow will look like the following screenshot
8) Save the flow with name Remove Permission Set and close the canvas.
Create Workflow rule to fire our Flow
Our next task is to create a workflow on the User object on the creation and every time it’s edited event. To create a workflow on the User object follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | New Rule
2) Select object User from the drop-down
3) Enter Name, for Evaluate criteria select Created, and any time it’s edited to subsequently meet criteria ( To create a time-dependent workflow), For Rule Criteria select End Date != False and Remove = False as shown in the following screenshot
Workflow Rule1
4) Now Add a time trigger to set Remove flag True after 0hr of End Date. To do this click on Add Time Trigger button and Set the length after how many days/hours workflow will fire i.e. in hours and days, I selected 0hr after the End Date. Now add one field update action for time-dependent workflow and set Remove flag to True. You can take help from the following screenshot
Time-based action
5) Save the workflow and activate it.
6) Create another workflow (i.e. workflow Rule2 ) on the same object to fire our Flow, set entry criteria of trigger is Remove = True
Workflow Rule2
7) Add one Immediate Workflow Actions i.e. New Flow Trigger and Select Flow (Remove Permission Set) and set Variable (UserID and RemovalPermissionsetID ) value as shown in the following screenshot
New Flow Trigger Action
8) Add one Immediate Workflow Actions i.e. New Field Update and Set Remove flag to False.
9) Save the workflow and activate it.
It’s time to test this feature
1) Go to the User’s detail page to whom you want to Unassign Permission Sets and fill the detail. In this demo I am going to Unassign Permission Sets with Name “Test“, it will look similar to below screenshot
Permission Set Removal Detail
2) To check time-dependent workflow queue Follow the path, Click on Name | Setup | Administration Setup | Monitoring | Time–Based Workflow and search the queue
Time-Based Workflow Queue
Note: -I will suggest you Implement this first on your developer org test it and then move it to Production. Let me know if you have any difficulty to Implement it.
