How can you use Flow to automatically assign permission sets to new users?
Objectives:
After reading this blog post, the reader will be able to:
Use After-save Record-Triggered Flow to assign permission sets to new users
Best practice to refer Permission Set into Record-Triggered Flow
Use a Decision element to find – record variable or record collection variable contains a record or not
Use After-save Record-Triggered Flow to create a record
Business Use case
Brenda David is a System Administrator at Universal Containers (UC). She has received a requirement to auto-assignTwo Factor Authentication permission set to the new users.
Automation Champion Approach (I-do):
Salesforce allows you to add Permission Sets to the User to extend the user’s functional access without changing their profile. For example, you can grant Modify All access to the Account object to a set of users without changing their profile or creating a new profile.
This is a basic use case to start with the lightning flow. To solve the above requirement, we will use the After-save Record-Triggered Flow.
PermissionSetAssignment:- This object represents an association between a User and a PermissionSet.
Field Name
Details
AssigneeId
ID of the user to assign the permission set.
PermissionSetId
ID of the PermissionSet to assign to the user.
Before discussing the solution, let me show you a diagram of a Process Flow at a high level. Please spend a few minutes to go through the following Flow diagram and understand it.Let’s begin building this automation process.Read the rest of this entry!
Posted at 3:41 AM by Rakesh Gupta, on August 14, 2014
Permission Sets are helpful for providing a particular set of functionalities to a user in addition to the permissions provided to their Profile. For example, you may want to grant only a few of your sales users to convert leads or two-factor authentication access. In this case, rather than having a special sales profile with the convert lead permission or two-factor authentication permissions. You have to create a permission set with the lead conversion permission and assign it to a specific user. So most of the time you came around this situation mentioned below
Assign permission set to a user after 7 days from Today i.e. 21-Aug-2014 future date
Assign permission set for a specific time period 22-Aug-2014 to 30-Aug-2014 (Like you have defined start and end time)
Remove permission set from user on 31-Aug-2014 i.e. future date
Note: – Remember Today is 14-Aug-2014.
So what you will be done in these cases, wants’ to automate this process if yes then have a look at this article.
Business Use Case
Management in Universal Container wants to automate permission set assignment process so their admin workload will be reduced.
Solution for the above business requirement
In this article, I am going to discuss how to auto assign Permission Sets to a user and In the next articl I, will discuss about auto remove Permission Sets. First of all create few fields on theUser object to save condition to auto assign Permission Sets to the user. In this demo I will create few fields on the User object as shown in the below screenshot
Custom Fields on User object
To solve this requirement we will use Visual Workflow and Workflow Rule (i.e Headless Flow). Before going ahead with the solution you have to understand about PermissionSetAssignmentObject. It’s represents the association between a User and a Permission Set. Below are the key fields from PermissionSetAssignmentobject
Field Name
Details
PermissionSetId
ID of the PermissionSet to assign to the user specified in AssigneeId.
AssigneeId
ID of the User to assign the permission set specified in PermissionSetId.
To develop this application follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | Flows
2) Click on New Flow, it will open flow canvas for you. Create Two Text type variable UserID (To pass User ID) and PermissionsetID (To pass permission set ID)
3) Drag and drop a Record Create ( Give the name Assign Permission Set) onto the window to assign permission set to userand map the fields according to below details
Select Object PermissionSetAssignment
AssigneeId= {!UserId}
PermissionSetId= {!PermissionSetID}, You can take help from the following screenshot
Assign Permission Set
4) Finally our Flow will look like the following screenshot
8) Save the flow with name Add Permission Set and close the canvas.
Create Workflow rule to fire our Flow
Our next task is to create a workflow on the User object on creation and every time it’s edited event. To create a workflow on the User object follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | New Rule
2) Select object User from the drop-down
3) Enter Name, for Evaluate criteria select Created, and any time it’s edited to subsequently meet criteria ( To create a time dependent workflow), For Rule Criteria select From Date != False and Start= False as shown in the following screenshot
Workflow Rule1
4) Now Add a time trigger to to set Start flag True after 1hr of From Date. To do this click on Add Time Trigger button and Set the length after how many days/hours workflow will fire i.e. in hours and days, I selected 1hr after the From Date. Now add one field update action for time dependent workflow and set Start flag to True. You can take help from the following screenshot
Time based action
5) Save the workflow and activate it.
6) Create another workflow (i.e. workflow Rule2 ) on the same object to fire our Flow, set entry criteria of trigger is Start= True
Workflow Rule2
7) Add one Immediate Workflow Actions i.e.New Flow Trigger and Select Flow (Add Permission Set) and set Variable (UserID and PermissionSetID) value as shown in the following screenshot
New Flow Trigger Action
8) Add one Immediate Workflow Actions i.e.New Field Update and Set Start flag to False.
9) Save the workflow and activate it.
It’s time to test this feature
1) Go to the User’s detail page to whom you want to assign Permission Sets and fill the detail. In this demo I am going to assign Permission Sets with Name “Test“, it will look similar to below screenshot
Permission Set Assignment Detail
2) To check time dependent workflow queue Follow the path, Click on Name | Setup | Administration Setup |Monitoring | Time–BasedWorkflow and search the queue
Time-Based Workflow Queue
3) Below is the Proof of concept for your reference