06 February 2013

"Check All" Field Permissions in Permission Sets and Profile User Interfaces



I often hear from the admins that I talk with that the enhanced profile and permission set user interfaces *really* need the ability to check all field level permissions. In fact, I just heard it again from my friend, David Schach (@dschach), a couple days ago that he needed this exact kind of functionality. Especially where there can be 50, 100, or 800 custom fields for an object, you could sit around all day long checking checkboxes and cursing the interface.

There are ways to handle this programmatically or through a tool like the data loader or workbench where you can load fieldpermission (field level security) rows on permission sets and across objects very quickly. However, most admins will add field level security through the user interface and need a way to quickly enable *all* fields.

Someone posted the following blog by Keith Clarke on twitter: http://force201.wordpress.com/2011/10/17/check-all-in-permission-set-and-profile-ui/ which gives a great hack for handling this in the user interface. The workaround is to use a Google Chrome extension: https://chrome.google.com/webstore/detail/check-all/nnbihdpkeohjdfncchjhidbbonnihaob. I use chrome all the time and love this extension.

There is an idea to handle this natively in the profile and permission set user interface: http://success.salesforce.com/ideaView?id=08730000000k56ZAAQ. Until we get around to handling this, I definitely recommend either the chrome extension or using data loader to load field permission rows to permission sets.

4 comments:

  1. You mention that there are ways to handle this programmatically through the data loader or workbench (the preferred method when you have hundreds of objects). However, when I try it, I get the following error:
    You can't create, edit, or delete records for this permission set parent because it's associated with a profile.
    Am I missing something?

    ReplyDelete
    Replies
    1. Hi Patrick - there's a discussion about this in another salesforcehacker post (http://www.salesforcehacker.com/2013/01/using-soql-to-determine-your-forcecom.html) but basically, you can only read object/field permissions on permission sets that are owned by a profile (where isOwnedByProfile=true) and can't edit their values. The only values you can edit in data loader or workbench are permission sets which are not parented by a profile (where isOwnedByProfile=false). Try adding this conditional to your SOQL to see whether you were trying to modify a permission set parented to a profile or one that is independent.

      Delete
  2. There is a way to set/copy Object/Field Permissions for the profiles by using the Matadata API.

    ReplyDelete
    Replies
    1. Yes with some caveats. Check out http://www.salesforcehacker.com/2013/05/dude-wheres-my-permission.html?m=1

      Delete