Salesforce allows you to add Permission Sets to User to extend user’s functional access without changing their profile. For example, if you want to grant Modify all access to Account objects to a set of users without changing their profile or create a new profile.
Business Use case
Universal Container is using Two Factor Authentication, to grant two-factor authentication permission to the user they created a Permission Set. Now Higher management wants to auto assign this Permission Sets to the new User.
Solution for the above business requirement
This is a basic use case to start with the Headless flow. To solve this requirement we will use Visual Workflow, Workflow rule to fire Flow Trigger. Before proceeding you have to understand PermissionSetAssignment objects in Salesforce.
PermissionSetAssignment :- This object represents an association between a User and a PermissionSet.
Field Name | Details |
AssigneeId | ID of the user to assign the permission set. |
PermissionSetId | ID of the PermissionSet to assign to the user. |
Now we will create a flow to add Permission Set (Two Factor Authentication) to the new user. To do that follow the below instructions
1. Click on Name | Setup | App Setup | Create | Workflows & Approvals | Flows
2. Click on New Flow, it will open flow canvas for you. Create One Text type variable UserID (to pass the new user id through Workflow Rule Flow Trigger action) as shown in the below screenshot
3. To add Permission Set (Two Factor Authentication) to new users, drag and drop a Record Create ( Give the name Add Permission Set) onto the window and map the fields according to below details
- Select Object PermissionSetAssignment
- Enter criteria AssigneeId= {!UserID} and PermissionSetId= ID of Permission Set (Two Factor Authentication), as shown in the below screenshot
4) Finally, your flow should looks like below screenshot
5) Save the flow with name (Add Permission Sets To User) and close the canvas.
Create Workflow rule to fire our Flow
Our next task is to create a workflow on User object on creating event to Fire our Flow Trigger. To create a workflow on the User object follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | New Rule
2) Select object User from the drop-down
3) Enter Name, for Evaluate the rule when a record is select Created, For Rule Criteria select is Active= True, as shown in the below screenshot
4) Add one Immediate Workflow Actions i.e. New Flow Trigger and Select Flow and set Variable (UserID) value as shown in the below screenshot
5) Save the workflow and activate it.
It’s time to test this feature
To test this application follow the below steps
1) Navigate to Name | Setup | Administration Setup | Manage Users | Users
2) Create a New User
3) Now navigate to Permission Set Assignment related list in the user detail page and check for Permission Set (Two Factor Authentication).
Note: – To migrate from Workflow rule to Process builder please see my comment:- https://automationchampion.com/2014/07/18/automatically-add-permission-sets-to-new-user/#comment-1811