Permission Sets are helpful for providing a particular set of functionalities to a user in addition to the permissions provided to their Profile. For example, you may want to grant only a few of your sales users to convert leads or two-factor authentication access. In this case, rather than having a special sales profile with the convert lead permission or two-factor authentication permissions. You have to create a permission set with the lead conversion permission and assign it to a specific user. So most of the time you came around this situation mentioned below
- Assign permission set to a user after 7 days from Today i.e. 21-Aug-2014 future date
- Assign permission set for a specific time period 22-Aug-2014 to 30-Aug-2014 (Like you have defined start and end time)
- Remove permission set from user on 31-Aug-2014 i.e. future date
Note: – Remember Today is 14-Aug-2014.
So what you will be done in these cases, wants’ to automate this process if yes then have a look at this article.
Business Use Case
Management in Universal Container wants to automate permission set assignment process so their admin workload will be reduced.
Solution for the above business requirement
In this article, I am going to discuss how to auto assign Permission Sets to a user and In the next articl I, will discuss about auto remove Permission Sets. First of all create few fields on the User object to save condition to auto assign Permission Sets to the user. In this demo I will create few fields on the User object as shown in the below screenshot
To solve this requirement we will use Visual Workflow and Workflow Rule (i.e Headless Flow). Before going ahead with the solution you have to understand about PermissionSetAssignment Object. It’s represents the association between a User and a Permission Set. Below are the key fields from PermissionSetAssignment object
Field Name | Details |
PermissionSetId | ID of the PermissionSet to assign to the user specified in AssigneeId. |
AssigneeId | ID of the User to assign the permission set specified in PermissionSetId. |
To develop this application follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | Flows
2) Click on New Flow, it will open flow canvas for you. Create Two Text type variable UserID (To pass User ID) and PermissionsetID (To pass permission set ID )
3) Drag and drop a Record Create ( Give the name Assign Permission Set) onto the window to assign permission set to user and map the fields according to below details
- Select Object PermissionSetAssignment
- AssigneeId= {!UserId}
- PermissionSetId= {!PermissionSetID}, You can take help from the following screenshot
4) Finally our Flow will look like the following screenshot
8) Save the flow with name Add Permission Set and close the canvas.
Create Workflow rule to fire our Flow
Our next task is to create a workflow on the User object on creation and every time it’s edited event. To create a workflow on the User object follow the below instructions
1) Click on Name | Setup | App Setup | Create | Workflows & Approvals | New Rule
2) Select object User from the drop-down
3) Enter Name, for Evaluate criteria select Created, and any time it’s edited to subsequently meet criteria ( To create a time dependent workflow), For Rule Criteria select From Date != False and Start= False as shown in the following screenshot
4) Now Add a time trigger to to set Start flag True after 1hr of From Date. To do this click on Add Time Trigger button and Set the length after how many days/hours workflow will fire i.e. in hours and days, I selected 1hr after the From Date. Now add one field update action for time dependent workflow and set Start flag to True. You can take help from the following screenshot
5) Save the workflow and activate it.
6) Create another workflow (i.e. workflow Rule2 ) on the same object to fire our Flow, set entry criteria of trigger is Start= True
7) Add one Immediate Workflow Actions i.e. New Flow Trigger and Select Flow (Add Permission Set) and set Variable (UserID and PermissionSetID) value as shown in the following screenshot
8) Add one Immediate Workflow Actions i.e. New Field Update and Set Start flag to False.
9) Save the workflow and activate it.
It’s time to test this feature
1) Go to the User’s detail page to whom you want to assign Permission Sets and fill the detail. In this demo I am going to assign Permission Sets with Name “Test“, it will look similar to below screenshot
2) To check time dependent workflow queue Follow the path, Click on Name | Setup | Administration Setup | Monitoring | Time–Based Workflow and search the queue
3) Below is the Proof of concept for your reference
Auto Add/Remove Permission Set – Part 2