Permission Set Groups (2024)

Table of Contents
Learning Objectives The Basics of Permission Set Groups Benefits of Permission Set Groups Use Permission Set Groups in Package Development Calculating Permissions in a Permission Set Group Resources FAQs

Learning Objectives

After completing this unit, you’ll be able to:

  • State what a permission set group is.
  • Describe two use cases for using permission set groups.
  • Explain how permissions are calculated in a permission set group.

The Basics of Permission Set Groups

As an admin, it’s very possible that you have many permission sets that you assign to users. And you likely spend a lot of time managing the permissions that users require while trying to ensure that they have only the permissions that they need to perform their work. For example, your assignment structure might resemble this image, where you must assign several users to several permission sets.

Permission Set Groups (1)Given how quickly permission sets can multiply, you may have wondered how to simplify permission set management while maintaining the principle of least privilege to protect your org. Well, we have a solution for you: permission set groups. With permission set groups, you can bundle permission sets together based on a job function. A permission set group includes all permissions in the permission sets. You can even include a permission set in more than one permission set group.Permission Set Groups (2)Granting permissions to users based on the tasks they perform in their different job functions becomes much simpler.

Benefits of Permission Set Groups

Assigning permissions to users via permission set groups does look simpler, but how does grouping permission sets make your job easier and help you to enforce assignments based on least privilege?

Let’s say that the vice president of your sales department, E.J. Agarwal, has users who require permissions to create, edit, and delete surveys; create and customize list views and reports; and create and edit price books. These users all perform work involving price surveys.

There are a couple of ways that you can provide E.J.’s users with what they need. You can create a new permission set with allof the permissions needed for this job function. However, permission sets should remain fairly limited—in general, you don’t want a permission set with too many permissions. Alternatively, you can grant the permissions by individually assigning users to permission sets that include permissions for each task, but this is a messy approach and becomes challenging to manage.

See Also
Understanding Roles, Profiles and Permission Sets in SalesforceEffective Permissions - NTFS.comHow to Use Permission Set Groups in Salesforce - RoyconHelp And Training Community

Complicating our scenario further is that the users who need permissions for price surveys have different job titles and responsibilities.

  • Maria Hernandez, Consultant
  • Shaun Chen, Sales Manager
  • Aaron Jones, Sales Service Director

By using permission set groups, you create a single group that contains the permission sets with the permissions needed for the price surveys job function. The individual permission sets in the group can also be used outside of the group.

There’s more, too: E.J. has informed you of other changes coming. Maria’s consultancy ends next month, and a contractor will soon require the same permissions that Maria has. And two new hires also need permissions to manage price surveys. Streamlining how you assign user permissions becomes more important as the team continues to change and grow.

For example, you could create a single permission set group called Price Surveys organized around the requirements of the price surveys job function. With this approach, you can ease the user assignment process now and as the team grows.

Just assign the Price Surveys permission set group to users who need permissions to create, edit, and delete surveys; create and customize list views and reports; and create and edit price books. There’s no need to create a new permission set specific to price surveys or to add users to several permission sets.

Permission Set Groups (3)

See Also
Help And Training Community

TIP: If you need to create a new permission set for a permission set group, you can. However, we strongly suggest that you limit the permissions within a permission set to a few related tasks. In the next unit, we cover strategies for thinking about and modeling permission sets and permission set groups to maximize their functionality.

Use Permission Set Groups in Package Development

There’s one more thing. If you’re a subscriber to an app with permission set groups, you can add managed permission sets to your local group. Or, you can add a local permission set to a managed group. Why are these options so great? The package development team might include permission changes in a package upgrade; if so, you can receive important updates while making sure that your users retain the access that they need.

You can also take advantage of a function we call muting, which comes in handy when you’re working with managed packages in your org. We go into detail about muting in an upcoming unit.

Calculating Permissions in a Permission Set Group

You might ask how the permissions in a permission set group are determined, especially if you update permission sets within the group. For example, in the Price Surveys permission set group, we have three permission sets.

  • Survey Creator Standard Permission Set
  • A Custom Permission Set for List Views and Reports Access
  • A Custom Permission Set for Price Book Access

Let’s say that E.J comes to you and says that he forgot to tell you something: Users in the price surveys permission set group also need to delete price books. You add delete permission to the permission set for price books. When you add the permission, you kick off a permission set recalculation. A recalculation propagates the change you make in the permission set through to the permission set groups that contain the permission set.

While a permission set group recalculates, assigned users retain the permissions as of the last completed recalculation.

Changes that trigger a recalculation of a permission set group include:

  • Changing existing permission sets
  • Adding permission sets
  • Removing permission sets

The status of a permission set group appears in the Status column of the Permission Set Groups list view page.

Valid statuses are Updated, Outdated, Updating, and Failed.

Permission Set Groups (4)
IMPORTANT: When you update permissions in a permission set, review the business requirements of all users assigned to the permission set and related permission set groups.

In the next unit, you create a permission set group and assign it to users.

Resources

  • Salesforce Help:Permission Set Groups
  • Trailhead:Data Security
Permission Set Groups (2024)

FAQs

Can permission sets be assigned to groups? ›

In the Permission Set Group detail page, under Permission Sets, click Permission Sets in Group. Click Add Permission Set. You can add up to 100 permission sets to a permission set group. On the Add Permission Sets detail page, select the permission sets that you want to add to the group, and click Add.

Get More Info Here
What are the benefits of using permission set groups? ›

What Are the Benefits of Permission Set Groups? Custom permission sets require maintenance with each new release of features. By using Permission Set Groups, you can eliminate the tedious process of auditing and updating custom permissions.

Explore More
What is the difference between profile and permission set group? ›

Essentially, a user's profile is the baseline authorization of access to the Org. Permission sets are, as the name implies, a set of additional CRED permissions that can be applied to different profiles. Typically they are task-based and related to different Objects and managed packages.

Show Me More
What are permission groups? ›

A permission group is a list of users by which to restrict access. You add users to one or more groups and then configure the group's level of access. This applies the same permissions to all group members.

Learn More
Can I add a public group to a permission set salesforce? ›

Update from Salesforce

They allow you to assign permission sets, permission set groups, other public groups, queues, permission set licenses, and managed package licenses to public group members. You can do this automatically during user creation or update or as more of a migration.

Discover More Details
What are the limitations of permission set group? ›

  • You can add up to 100 permission sets to a permission set group.
  • If your org has many permission sets, using permission set groups can help improve performance.
  • When viewing permission set groups in a list view, no actions are available in the list view dropdown menu.

Discover More Details
Can you clone permission set groups in Salesforce? ›

You can clone the Communications Cloud Plus Runtime permission set and then modify it to remove access to the other features. Note that when you clone and customize a permission set, the permission set license linked to the custom permission set doesn't change.

See More
How to deploy permission set group in Salesforce? ›

Deploy Permission Sets and Permission Set Groups
  1. Open VS Code.
  2. Ensure that you're using the latest version of SFDX and the org authorization plug in. ...
  3. Create a project in VS Code. ...
  4. Unzip the components file locally into your force-app\main\default folder.
  5. Replace the contents of the package.

Learn More
What are the three groups of permissions? ›

The Permission Groups used are:
  • u–Owner.
  • g–Group.
  • o–Others.
  • a–All users.

Read On
Is Salesforce getting rid of profiles? ›

As mentioned before, profiles will still exist and every user must have a profile. Here are the configurations that will remain on profiles: One-to-one relationships: Login Hours/IP Ranges. Defaults: Record Types/Apps.

Find Out More

What are the advantages of using groups when setting permissions? ›

With permission groups, you can assign multiple users sets of permissions in a single step, based on membership in a specific group, streamlining the process of provisioning and managing your Amplitude organization.

Explore More
What are the different types of permission sets? ›

Required Editions
Permission Set TypeDescription
Managed Permission SetInstalled from a managed package and has the package namespace.
Session-Based Permission SetAllows functional access only during a predefined session type.
3 more rows

Get More Info
What is the use of permission set group? ›

Permission Set Groups allow Admins to combine multiple permission sets into a single permission set group for user assignment. With the grouping mechanism, admins can apply role-based access control to manage user entitlements in Salesforce.

Discover More Details
What is the difference between permission sets and groups? ›

Each permission set can be assigned to multiple users. Permission set groups are collections of permission sets. They are a nice way to group or bundle related permission sets to make management of access easier for the admin.

Find Out More
What are the 5 permissions? ›

The “five permissions” are Ignore, Invest, Imperfect, Incomplete, and Protect. These accompany five choices – Eliminate, Automate, Delegate, Procrastinate, and Concentrate – arranged in a “Focus Funnel” to help us better approach our work and the opportunities around us. Key Concepts: What You Thought You Knew.

Continue Reading
Can we assign custom permission to permission set group? ›

On the permission set overview page, click CustomPermissions. Click Edit. To enable custom permissions, select them from the Available Custom Permissions list and then click Add. To remove custom permissions from the permission set, select them from the Enabled Custom Permissions list and then click Remove.

Continue Reading
How to mass assign permission set group in Salesforce? ›

Create the assignment CSV file
  1. Open Data Loader, click Insert, and login to your org.
  2. Check the checkbox Show all objects.
  3. Select the object Permission Set Assignments.
  4. Browse for your csv file.
  5. Click on Next button and click Ok on the pop-up.
  6. Click 'Create or Edit a Map'
  7. Map the columns from your spreadsheet.
Jan 9, 2024

Explore More
Why would you add permissions to a group instead of the individual? ›

Groups allow you to add multiple people to the same group or multiple groups and access collections based on the permissions of those groups. Individual allows for a bit more granular control, say in a case that an individual person needs access to a single collection, but not all collections as part of a group.

Get More Info Here
Top Articles
How Should You Invest a Large Sum of Money? | Ellevest
4 Types of Investments to Avoid - Money: The Simple Way
So spielt man Bloxorz: Tipps und Tricks für Anfänger
Bloxorz | coolmathgames.com
Craigslist Winnemucca
Clemson baseball vs. Coastal Carolina score, highlights: Tigers win Clemson Regional
Bevmo Club Member
5365 Otter Pond Way, Rancho Cordova, CA 95742 | Compass
Georgia Bank And Trust Calhoun Ga
21 Basic Baddie Wardrobe Essentials For Your Daily Baddie Outfits - Rozaliee
Latest Posts
10 Best Investments In 2023 | Bankrate
How to Invest a Lump Sum | The Motley Fool
Article information

Author: Lakeisha Bayer VM

Last Updated:

Views: 5433

Rating: 4.9 / 5 (69 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Lakeisha Bayer VM

Birthday: 1997-10-17

Address: Suite 835 34136 Adrian Mountains, Floydton, UT 81036

Phone: +3571527672278

Job: Manufacturing Agent

Hobby: Skimboarding, Photography, Roller skating, Knife making, Paintball, Embroidery, Gunsmithing

Introduction: My name is Lakeisha Bayer VM, I am a brainy, kind, enchanting, healthy, lovely, clean, witty person who loves writing and wants to share my knowledge and understanding with you.