Mastering Permission Sets in Salesforce: A Practical Guide

Leave a Comment / Blog / By

Mastering Permission Sets in Salesforce: A Practical Guide 

When managing user access in Salesforce, Permission Sets are one of the most powerful tools in your admin toolbox. They allow you to extend a user’s access without modifying their profile—a great way to follow the principle of least privilege while staying flexible. 

In this blog, we’ll walk through what Permission Sets are, how they work, and a hands-on use case to help you create and assign one. Let’s dive in! 

📌 What Are Permission Sets? 

Permission Sets grant additional permissions to users on top of their existing profile permissions. Think of them as add-ons that enhance what users can do in Salesforce. 

Key Points to Remember: 

  • Like Profiles, they can grant access to objects, fields, apps, and more. 
  • They do not control Login IP Ranges or Login Hours—only Profiles can do that. 
  • Permission Sets are used to extend profile-level access, not restrict it. 
  • A user can have only one Profile but can be assigned multiple Permission Sets. 
  • Best used when only a subset of users need specific permissions. 

📝 Note: A Profile is mandatory when creating a user, but assigning a Permission Set is optional. 

🛠️ Use Case: Grant Edit Access on Account and Position Objects to a Customer User 

Let’s say we want to give “Customer User (Platform Profile)” users the ability to edit Account and Position records. Here’s how to create and assign a Permission Set to achieve that. 

Step-by-Step Guide: 

Creating the Permission Set 

  1. Go to Setup in Salesforce. 
  1. Under the “Administer” menu, expand “Manage Users”. 
  1. Click on “Permission Sets”. 
  1. Click “New” to create a new Permission Set. 
  1. Fill in the details: 
  • Label: Grant Edit Access on Account and Position 
  • API Name: Grant_Edit_Access_Account_Position 
  • Description: Grants edit access to Account and Position objects 
  1. Click “Save”. 

🔧 Configuring Object Permissions 

  1. After saving, go to the Object Settings section of the Permission Set. 
  1. Click on “Accounts”. 
  1. Click “Edit” and select the following: 
  • Read 
  • Edit 
  • Create 
  1. Click “Save”. 
  1. Repeat the same steps for the “Position” object. 

⚠️ Note: You can’t set Login IP Ranges or Login Hours through Permission Sets. 

👥 Assigning the Permission Set to Users 

Once the Permission Set is created, you can assign it to one or more users: 

  1. Go to Setup > Manage Users > Users. 
  1. Select the user you want to assign the Permission Set to (e.g., Customer User). 
  1. On the user detail page, scroll down to Permission Set Assignments. 
  1. Click “Add Assignments”. 
  1. Select your Permission Set from the list. 
  1. Click “Assign” and then “Done”. 

📘 The relationship between Users and Permission Sets is a many-to-many relationship, managed via the PermissionSetAssignment junction object. 

🔍 Testing the Permission Set 

Let’s test to see the Permission Set in action: 

Case 1: Login as Customer User 

  • Navigate to any existing Account or Position record. 
  • You should see the Edit button on the record detail page. 

Case 2: Login as a Testing User (without the Permission Set) 

  • Open a similar record. 
  • You should not see the Edit button—only view access is allowed. 

🔍 Profiles vs Permission Sets in Salesforce 

🧠 Final Thoughts 

Permission Sets offer a clean and modular way to manage permissions in Salesforce. Instead of creating multiple custom profiles, use Permission Sets to layer on access for specific users—keeping your org clean and scalable. 

If you’re managing multiple roles and need flexibility, Permission Sets are your best friend. Try it out, and you’ll love the control it gives you! 

Leave a Comment

Your email address will not be published. Required fields are marked *