12 May 2014

How to get a list of permissions for your organization

I see this question on discussion boards and forums often:

"why doesn't salesforce publish a list of permissions available in my organization?"

The simple answer is because permissions are far more dynamic than what a static list defined in the documentation can enumerate.

User permissions like 'New Report Builder' are dependent on specific organization configurations called organization permissions and organization preferences.

Organization permissions are controlled by salesforce support and organization preferences are controlled by organization administrators. That way, features can be enabled selectively in an organization based on paying for it or requesting it from support but administrators often have the ultimate control to determine whether or not to actually use that feature by going into setup and enabling the preference. This makes introducing new functionality dependent on the administrator's release schedule rather than salesforce.com's upgrade schedule.

All this means is that permissions are dynamic based on what the organization has enabled. By going to a profile or permission set in the setup user interface,  you can see what permissions are assignable to users. However, you can also use the API to generate a list of permissions on the profile or permission sets. It won't include 100% of permissions, but it will include most of them.

On the profile and permissionset subjects is a series of fields that are prefixed with the word, 'Permissions.' For instance, 'PermissionsCustomizeApplication' is the 'Customize Application' permission found on your profile or permission sets.

Some permissions are fairly straight forward like PermissionsModifyAllData. Others take some thought like PermissionsInstallMultiforce which actually grants the access to download AppExchange Packages.

Using a tool like workbench can help you understand which permissions are available in your organization. Just go to Info > Standard & Custom Objects > Choose 'Profile' or 'Permission Set'.

We've heard that administrators and developers want more of these user permissions exposed to the API. With the Spring '14 release, we added the following permissions to version 30.0 of the API:

  • PermissionsAllowEmailIC
  • PermissionsAssignTopics
  • PermissionsChatterInternalUser
  • PermissionsChatterInviteExternalUsers
  • PermissionsChatterOwnGroups
  • PermissionsContentAdministrator
  • PermissionsContentHubUser
  • PermissionsCreateTopics
  • PermissionsCreateWorkspaces
  • PermissionsDeleteTopics
  • PermissionsEditTopics
  • PermissionsEnforceMutualAuthentication
  • PermissionsForceTwoFactor
  • PermissionsHasFileSync
  • PermissionsIdentityEnabled
  • PermissionsIsSsoEnabled
  • PermissionsManageContentPermissions
  • PermissionsManageContentProperties
  • PermissionsManageContentTypes
  • PermissionsManageNetworks
  • PermissionsManageRealm
  • PermissionsModerateChatter
  • PermissionsModerateNetworkFeeds
  • PermissionsModerateNetworkFiles
  • PermissionsTwoFactorApi
  • PermissionsViewContent
  • PermissionsViewGlobalHeader

There are more to add. Until then, continue to use tools like workbench or describeSObject('Profile') in your code to easily find out what permissions are available to you in your organization.


  1. Replies
    1. Great Article Cloud Computing Projects

      Networking Projects

      Final Year Projects for CSE

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. ?m impressed, I must say. Really rarely do I encounter a blog that?s both educative and entertaining, and let me tell you, you have hit the nail on the head. Your idea is outstanding; the issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this in my search for something relating to this.Get Best Flame-resistant fabric from Daletec.com in all over the world.

  3. This is really an awesome article. Thank you for sharing this.It is worth reading for everyone.

    iso 14001 lead auditor training

  4. here you can get more information about joining the Pakistan navy
    Join Pak Navy

  5. KKPL is that the most prominent platform, which offers premium quality Flame resistant fabric to their customers at a very affordable price. The corporate is additionally well-known because of the famous Flame Resistant Fabric Suppliers within the entire world. This well-known place always tries to supply you with excellent fabric to protect you from the sudden fire accidents of industries.