Salesforce functionality has evolved immensely over the last years, yet not enough attention has been paid to the way we manage Salesforce’s security and the core principles that everyone should follow.
Join me in this session where we’ll take a step back and look at the evolution of the Salesforce security features. We’ll discuss the issues with having multiple profiles, how complex security requirements can be met using the minimum-profile approach, and what its benefits and limitations are.
3. I T ’ S F I N A L LY H E R E !
We’re announcing the end of life
(EOL) of permissions on profiles that
will be the Spring ’26 release.
Salesforce, Jan 2023
4. P R O F I L E S
When was Salesforce
launched?
User Profile
Bob
Sales Team
Sales Team
Profile
1999
Fiona
Sales Manager
Sales Manager
Profile
5. P E R M I S S I O N
S E T S
When was Salesforce
launched?
When did Salesforce
launch permission sets?
2012
Sales
Profile
User
Profile
Permission Set
Sales
Manager
Permission
Set
Bob, Sales
Team
Fiona, Sales
Manager
6. P E R M I S S I O N
S E T S C H A L L E N G E
1000 users + 1000 permission sets
= 1,000,000
permission set assignments
7. P E R M I S S I O N
S E T G R O U P S
When did Salesforce launch
permission set groups?
2020
9. I S S U E S W I T H
P R O F I L E S
01
HARD TO
DEPLOY
02 03 04
INFLEXIBLE NOT
REUSABLE
NO
NEW FEATURES
10. P E R M I S S I O N S
A F T E R S P R I N G ‘ 2 6
User Permissions (System & App)
Object & Field Permissions
Record Types (not defaults)
Apps (not defaults)
Connected Apps Access
Apex Classes & VF Pages
Tab Settings
Custom Permissions
PERMISSION SETS PROFILES
Login Hours
Login IP Ranges
Default Record Types/Apps
Page Layout Assignments
11. P E R M I S S I O N S E T S A N D
P E R M I S S I O N S E T G R O U P S
D E S I G N P R I N C I P L E S
Secure
Following the
Principle of Least
Privilege
Reliable
Scalable
Simple
Easy to maintain
12. W A Y S T O M O D E L
P E R M I S S I O N S E T S
Use Case
Example Naming Convention
Option
To provide all users a base level of
access
• [Company Name] - Base Access;
Company-wide permission set
To provide CRED access to a certain
object when it's not part of the Base
Access
• Manage Contacts;
Object-specific permission set
To provide granular access to a
certain object when it's not part of the
Base Access
• Create Contacts;
• Read Contacts;
• Edit Contacts;
• Delete Contacts;
Granular object-specific permission set
Additional access for a persona/
department/ team/ user
• Marketing Department;
• Marketing - Edit Contacts;
• CEO - Delete Opportunities;
Persona/ department/ team/ user - specific
permission set
13. S A M P L E U S E C A S E
Sales Marketing
Face-to-Face
Sales Team
Telesales Team
Email
Marketing Team
Social
Marketing Team
Executives Compliance
Need to create
Opportunities of
'Telesales' record
type
Need to create
Opportunities of
'F2F' record type
Need to be able to
delete Campaigns
14. P E R M I S S I O N S
M O D E L L I N G – O P T I O N 1
Face-to-Face Sales
Team
Telesales
Team
Executives Email Marketing
Team
Social Marketing
Team
Compliance Team
Minimum Access Profile
Sales Permission Set
Group
Marketing Permission Set
Group
Compliance
Permission Set Group
F2F Sales - Create
Opportunities Permission
Set
Telesales - Create
Opportunities Permission
Set
Email Marketing - Delete
Campaigns Permission Set
Executives
Permission Set Group
15. P E R M I S S I O N S
M O D E L L I N G – O P T I O N 2
Minimum Access Profile
Face-to-Face Sales
Permission Set Group
Telesales
Permission Set Group
Executives
Permission Set Group
Email Marketing
Permission Set Group
Social Marketing
Permission Set Group
Compliance
Permission Set Group
Company-Wide Permission Set
Sales Teams Permission Set
Marketing Permission Set
Compliance
Permission Set
F2F Sales
Permission Set
Telesales
Permission Set
Executives
Permission Set
16. C O N S I D E R A T I O N S A N D
L E S S O N S L E A R N T
1000 Permission Sets 100 Permission Sets per Permission Set Group
Less granular = easier to maintain
Home Pages
Document your model and ensure everyone follows it
Lookup Filters, Duplicate Rules
17. A N A L Y S E & M I G R A T E U S E R P E R M I S S I O N S
F R O M P R O F I L E S T O P E R M I S S I O N S E T S
A N D P E R M I S S I O N S E T G R O U P S
Analyse
Migrate
User Access Policies
(Open Beta as of Summer '23)