Unlike profiles which have pre-created (or standard) examples like ‘Standard User’ or ‘System Administrator’, permission sets have no pre-created examples in an org.
Below is a list of permission set examples you may want to create and why they are a good idea.
As a general rule, as you remove a permission from a profile and add it back to individual users through a permission set, you reduce the risk that users who share a profile don't have more access than what they need.
|Permission Set Examples||Why you might want to create them|
|View All Data|
- Recertify who can view all data in an org to manage the running user of dashboards rather than giving it out to all users in a profile
- Enables users to run reports and retrieve all the org data
|Modify All Data|
- Be the Automated Case User (for Web to Case forms)
- Be the Default Lead Creator (for Web to Lead forms)
- Empty the organization Recycle Bin
- Unlock all workflows
|Manage Users||Reduce the number of users who can:|
- Create/Modify Profiles and Permission Sets
- Create/Modify Sharing Rules
- Manage all aspects of users including resetting passwords
|Is Single Sign-On Enabled|
- Roll-out single sign on throughout the organization regardless of a user's profile.
|Price Book Administrator (Read, Create, Edit, Delete on Price Book )|
- Consolidate who in Sales Ops can manage products and price books
|View Encrypted Fields|
- Control which users have the ability to View Encrypted Fields rather than relying on larger groups of users having this ability
|API Only User|
- Manage Integrations more easily by migrating this permission from all profiles to a single permission set
- Quickly lock all users from the user interface while performing release updates
- Control who can customize more easily by migrating this permission from all profiles to a single permission set
- Reduce risk that comes with distributing customization rights to more users than is necessary
- Use field level security to determine who can approve a record in an approval process
Post a Comment
Note: Only a member of this blog may post a comment.