Auto Assign or Remove Permission Set to Multiple Users (2024)

Last Updated on May 2, 2022 by Rakesh Gupta

Big Idea or Enduring Question:

Permission Sets are helpful for providing a particular set of functionalities to a user in addition to the permissions provided by their Profile. For example, you may want to allow only a few of your sales users to convert leads. In this case, rather than having a special sales profile with the convert lead permission, you can create a permission set and assign it to a specific user. What if you only want a permission set assigned for a designated time and don’t want to forget to remove it later.

• Assign permission set for a specific time period01-Jan-2022 to 15-Jan-2022 (Like you have defined start and end time)
• Remove permission set from user on31-Aug-2021 i.e. future date

I have written a few articles on automating Permission Setand automation. Why not check them out while you are at it?!

1. Getting Started with Salesforce Flow – Part 53 (Clone a User with their associated Public Group, Queue Membership, and Permission Sets)
2. Getting Started with Salesforce Flow – Part 24 (Automatically Assign Permission Sets to New User)

Objectives:

After reading this article, you will be able to:

• Use Schedule-Triggered Flow to assign or remove permission set at specified date automatically
• Best practice to refer Permission Set into Record-Triggered Flow
• Use a Decision element to find – record variable or record collection variable contains a record or not
• Assign permission set to users on 1st day of the month
• Remove the permission set from the users on the 6th day of the month
• Monitor Schedule job flow queue

Brenda Davidis a System Administrator at Universal Containers (UC). Management at UC has announced an initiative to allow their employee to update or delete vacation requests instead of sending a request via email to HR. To do this, users will need special permissions, like update or delete vacation requests (custom objects) that are outside their standard permissions. They should only have access from 1st day of every month to through 05th day of the month (Grant access for the first five days of the month).

Automation Champion Approach (I-do):

Before discussing the solution, let me show you a diagram of a Process Flow at a high level. Please spend a few minutes to go through the following Flow diagram and understand it. Let’s begin building this automation process.

Guided Practice (We-do):

There are 2 steps to solve Brenda’s business requirement using Scheduled-TriggeredFlow. We must:

1. Creating a permission set – Modify Vacation Request
2. Salesforce Flow Steps:
   1. Define flow properties for scheduled-triggered flow
   2. Add a formula to get days from date
   3. Add a get records element to find permission set id
   4. Add a decision element to check the permission set id from the record variable (from step 2.3)
   5. Add a get record element to find the permission set assignment Id
   6. Add a decision element to check the permission set assignment id from the record variable (from step 2.5) and day of month
   7. Add a create records element to assign the permission set
   8. Add a Delete Records element to remove permissions set

Step 1: Create a Permission Set

1. Click Setup.
2. In the Quick Find box, type Permission Sets.
3. Select Permission Sets, then click New.
4. Label the Permission Setthen press thetab key,theAPI Name will auto-populate.
5. Click Save.

Step 2.1: Salesforce Flow – Define Flow Properties

1. 1. Click Setup.
   2. In the Quick Find box, type Flows.
   3. Select Flows then click on theNew Flow.
   4. Selectthe Schedule-TriggeredFlowoption and click on Nextand configure the flow as follows:
      1. How do you want to start building: Freeform
      2. Set Schedule
         1. Start Date: Apr 27, 2021
         2. Start Time: 12:00 AM
         3. Frequency: Daily
         4. Click Done.
      3. Select Object: User
   5. SelectAll Conditions Are Met (AND).
   6. Set Condition
      1. Row 1
         1. Field: User | IsActive
         2. Operator: Equals
         3. Value: {!$GlobalConstant.True}
      2. + Add Condition
      3. Row 2
         1. Field: User | UserType
         2. Operator: Equals
         3. Value: Standard
   7. Click Done.

Step 2.2: Salesforce Flow – Create a Formula to Get Day from Date

1. Under Toolbox, select Manager,then click New Resource to create a formula to get day from date.
2. Input the following information:
   1. Resource Type: Formula
   2. API Name: forNDaysOfMonth
   3. Data Type: Number
   4. Decimal Places: 0
   5. Formula: {DAY({!$Flow.CurrentDate})
3. Click Done.

Step 2.3: Lightning Flow – Adding a Get Record Element to Find the Permission Set Id

The next step is to use theGet Recordselement to find the permissions set Modify Vacation Request. To do that follow the below instructions:

1. Under Toolbox, select Element.
2. Drag-and-dropGet Records element onto the Flow designer.
3. Entera name in the Labelfield; theAPI Name will auto-populate.
4. Select the Permission Setobject from the dropdown list.
5. Select All Conditions Are Met (AND).
6. Set Filter Conditions
   1. Row 1:
      1. Field: Name
      2. Operator: Equals
      3. Value: Modify_Vacation_Request
7. How Many Records to Store:
   1. select Only the first record
8. How to Store Record Data:
   1. Choose the option to Automatically store all fields.
9. Click Done.

Step 2.4: Salesforce Flow – Using Decision Element to Check the Permission Set Id from the Record Variable (from step 2.3)

Now we will use the Decision element to check the Record Variable from step 2.3 to find if it returns the permission set id or not.

1. Under Toolbox, select Element.
2. Drag-and-dropDecision element onto the Flow designer.
3. Entera name in the Labelfield; theAPI Name will auto-populate.
4. Under Outcome Details,enter theLabeltheAPI Namewill auto-populate.
5. Condition Requirements to Execute Outcome:All Conditions Are Met (AND)
   1. Row 1:
      1. Resource: {!Get_Permission_Set}
      2. Operator: Is Null
      3. Value: {!$GlobalConstant.False}
6. Click Done.

Step 2.5: Lightning Flow – Adding a Get Record Element to Find the Permission Set Assignment Id

The next step is to use theGet Recordselement to find the permissions setassignment id. To do that follow the below instructions:

1. Under Toolbox, select Element.
2. Drag-and-dropGet Records element onto the Flow designer.
3. Entera name in the Labelfield; theAPI Name will auto-populate.
4. Select the Permission Set Assignmentobject from the dropdown list.
5. Select All Conditions Are Met (AND).
6. Set Filter Conditions
   1. Row 1:
      1. Field: AssigneeId
      2. Operator: Equals
      3. Value: {!$Record.Id}
   2. + Add Condition
   3. Row 2:
      1. Field: PermissionSetId
      2. Operator: Equals
      3. Value: {!Get_Permission_Set.Id}
7. How Many Records to Store:
   1. select Only the first record
8. How to Store Record Data:
   1. Choose the option to Automatically store all fields.
9. Click Done.

Step 2.6: Salesforce Flow – Using Decision Element to Check the Permission Set Assignment Id from the Record Variable (from step 2.5) and Day of Month

We will use theDecisionelement to check the Record Variable fromstep 2.5to find if the permission set is assigned to the user or not with the day of the month. There are two possibilities:

• • If today is the first day of the month and the permission set is not assigned to the user, then assign the permission set.
  • If today is the sixth day of the month and the permission set is assigned to the user, remove the permission set.

1. Under Toolbox, select Element.
2. Drag-and-dropDecision element onto the Flow designer.
3. Entera name in the Labelfield; theAPI Name will auto-populate.
4. Under Outcome Details,enter theLabel (Add Permission Set)theAPI Namewill auto-populate.
5. Condition Requirements to Execute Outcome:All Conditions Are Met (AND)
   1. Row 1:
      1. Resource: {!Get_Permission_Set_Assignment}
      2. Operator: Is Null
      3. Value: {!$GlobalConstant.True}
   2. + Add Condition
   3. Row 2:
      1. Field: {!forNDaysOfMonth}
      2. Operator: Equals
      3. Value: 1
6. Now add second node to decison element.
7. UnderOutcome Details, click on the+
8. Under Outcome Details,enter theLabel (Remove Permission Set)theAPI Namewill auto-populate.
9. Condition Requirements to Execute Outcome:All Conditions Are Met (AND)
   1. Row 1:
      1. Resource: {!Get_Permission_Set_Assignment}
      2. Operator: Is Null
      3. Value: {!$GlobalConstant.False}
   2. + Add Condition
   3. Row 2:
      1. Field: {!forNDaysOfMonth}
      2. Operator: Equals
      3. Value: 6
10. Click Done.

Step 2.7: Salesforce Flow – Create Records toAdd Permission Set

The next step is to add Permission Sets to Users. We will use the Create Records element. To do this, drag-and-drop theCreate Records element onto the flow designer and map the fields according to the details below:

1. Under Toolbox, select Elements. Drag and drop Create Recordsonto the canvas.
2. Input the following information:
   1. EnterLabeltheAPI Namewill auto-populate.
   2. How Many Records to Create: One
   3. How to Set the Record Fields: Use separate resources, and literal values
   4. Object: PermissionSetAssignment
   5. Set Field Values for the Permission Set Assignment
   6. Row 1:
      1. Field: AssigneeId
      2. Value: {!$Record.Id}
   7. Click Add Row
   8. Row 2:
      1. Field: PermissionSetId
      2. Value: {!Fet_Permission_Set.Id}
3. Click Done.

Step 2.8: Salesforce Flow – Add a Delete Records Element to Remove Permission Set

The next step is to remove Permission Sets to Users. We will use the Delete Records element. To do this, drag-and-drop theDelete Records element onto the flow designer and map the fields according to the details below:

1. Drag-and-dropDelete Records element onto the Flow designer.
2. Entera name in the Labelfield; theAPI Name will auto-populate.
3. For How to Find Records to Delete select Use the IDs stored in a record variable or record collection variable.
4. Select Record(s) to Delete
   1. Record or Record Collection: {!Get_Permission_Set_Assignment}
5. Click Done.

In the end, Brenda’sFlowwill look like the following screenshot (I turned onAuto-Layout)for this flow:

Once everything looks good, perform the steps below:

1. Click Save.
2. EnterFlowLabeltheAPI Namewill auto-populate.
3. Click Show Advanced.
4. Type: Schedule-Triggered Flow
5. API Version for Running the Flow: 52
6. Interview Label: Auto Add or Remove Permission Set{!$Flow.CurrentDateTime}
7. Click Save.

Almost there! Once everything looks good, click the Activate button.

Monitor Your Schedule Flow

To monitor Flows that are scheduled, navigate to the following path:

1. Navigate to Setup (Gear Icon) | Environments | Jobs | Scheduled Jobs.
2. Now look for your Scheduled Flow displaying information as shown in the following screenshot:
3. Use theDellink to delete the Scheduled Flow job from the queue.

Proof of Concept

Every night at 12:00 AM, a scheduled job will run and add or remove the or remove the permission set to user based on the day of month.

1. On 1st day of the month, navigate to the User record and confirm permission set Modify vacation request has been assigned.
2. On 6th day of the month, navigate to the User record and confirm permission set Modify vacation request has been removed.

Formative Assessment: