28 February 2013

SOQL Pinball Wizard Cleans Up Permission Sets



We had a chatter conversation internally yesterday that I'd like to share with you. A salesforce.com success manager wanted help with a customer who believed that they had too many permission sets and wanted to review which permission sets could be cleaned up.

Doug Bitting (@SFDCDoug) heeded the call and came up with some most excellent SOQL queries. I posted about using SOQL to determine your user's permissions in an earlier blog. In this posting, I'll focus exclusively on some more advanced SOQL but it's important to remember that anyone can run SOQL using a tool like workbench or data loader.

Use case: I want to find all permission sets that are only assigned to inactive users so that I can decide whether to unassign and delete:

SELECT Name 
FROM PermissionSet
WHERE IsOwnedByProfile = false
And Id Not In (
               SELECT PermissionSetId 
               FROM PermissionSetAssignment
               WHERE Assignee.IsActive = true
               )  

Use case: I want to find all permission sets that are not assigned to anyone so that I can decide whether to merge or delete.

SELECT Name  
FROM PermissionSet
WHERE IsOwnedByProfile = false
And Id NOT IN (
               SELECT PermissionSetId 
               FROM PermissionSetAssignment
               )

Using SOQL gives you a lot of flexibility to find a needle in a haystack and manage your permission sets. I hope this helps you manage your permission sets!


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.