Salesforce Summer ’23: User Access Management Updates

Salesforce Summer ’23: User Access Management Updates

min. reading

The Salesforce Summer ’23 release includes many changes to the platform, like the ones we’re seeing with Account Engagement that include the ability to copy marketing assets between business units. However, the thing we’re going to talk about in this blog post are two new features that (hopefully) help you simplify user access management for the Salesforce platform.

First, we’re going to quickly go over the new User Access Policies (Beta) feature and then we’ll talk about setting field-level security in permission sets.

Salesforce User Access Policies (Beta)

User access policies are a new feature that allows you to control user access based on criteria such as user roles profile, or other user fields. For example, we can give users different access to the same data, depending on their role in the organization or their department.

Users can be assigned to permission set licenses, permission sets, permission set groups, package licenses, queues, and groups using user access policies.

User Access Policies are broken down into two types, Manual User Access Policies and Active User Access Policies. 

Manual User Policies

Manual User Access Policies are one-time processes to grant or revoke bulk access for designated users. What this means is that you can identify users by using filters and modify, add, or remove access that you define in the policy itself. 

Example: You’re migrating permissions for a group of users from profiles to permission sets. You would create filters to identify the users assigned to the profile, then create actions in the user policy to assign permission sets and permission set groups. 

Active User Policies

Active User Access Policies automatically grant or revoke user access. An active user access policy runs in the background and is triggered by an event like a created or updated user record. 

Example: You can have an active policy set to assign a series of permission sets permission set licenses and groups to a user when they are created and have the Sales Manager role, or grant/revoke assignments to an existing user who’s been updated with this role. 

Sounds like a flow if you ask me…

Ok, that’s cool Jason. So how do I get to it? 

  • Go to Setup > Quick Find “User Management Settings” then enable User Access Policies (Beta). 
  • Then, Quick Find “User Access Policies” to create or manage user access policies.

Considerations before enabling User Access Policies

A couple of things to be aware of before you go and enable this setting in your org:

  1. Each org is limited to 20 access policies in total. 
  2. This feature is in Beta and is subject to change without notice. Be sure to watch future Salesforce releases to find out when this will be made Generally Available (GA).

Set Field-Level Security for a Field on Permission Sets Instead of Profiles (Generally Available)

In the past, field-level security could only be set on profiles which, even with the Enhanced Profile User interface, could be extremely tedious. However, in the Summer ’23 release, you can now set field-level security on permission sets when creating a new custom field. 

What does this mean? 

When creating a field you would normally have a step that would have you pick which profiles have access to view or edit.. 

Now, once the Set Field Level Security for a Field on Permission Sets feature is enabled, this step (Profiles step) is replaced with something that looks like this screenshot:

This was originally a beta feature in Spring ’23 but is now Generally Available in Summer ’23

How do you enable it? 

  • Go to Setup>Users>User Management Settings, then Enable Field Level Security for Permission Sets During Field Creation.

Considerations for the Set Field Level Security for a Field on Permission Sets feature

Things to keep in mind when enabling Field Level Security for Permission Sets During Field Creation:

  • Enabling this setting will remove the profile list from view when setting or changing field level security at the profile level. 
  • When you set or change field-level security for a field on permission sets, you can view by permission sets with object permissions, or by all permission sets. 

Streamlining Salesforce user management today and beyond

Cool stuff, but how is this going to affect me now and in the future? 

These changes are all part of Salesforce’s master plan to streamline User Management to make it less tedious, less challenging, and less time-consuming so we can spend more time taking the dog for a walk or enjoying the awesome Pacific Northwest Summers. 

Eventually, we will see Salesforce sunset Profiles and move solely to controlling record access via permission sets as outlined in this Salesforce Admins Article.  

If you would like to know more about the future of User Management I encourage you to check out this awesome blog by Cheryl Feldman and the Awesome Admin team over at Salesforce. And reach out to Sercante when you’re ready to talk about how these changes fit in with your overall marketing and technology operations strategy.

Subscribe to The Spot

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

Upcoming Salesforce Events

Salesforce Training Courses

Categories

Top 5 Recent Posts

  • Jason Ventura is a Salesforce Solutions Engineer at Sercante. He is an experienced technical project manager with a BS in Nuclear Engineering who decided to pivot into the Salesforce ecosystem after leaving the US Navy after 20 years of service. With his Salesforce Administrator Certification, AWS Cloud Practitioner Certification, and Project Management Professional Certification, he brings his wealth of knowledge and experience to clients through the Sercante Success Team. When he’s not working, you'll find Jason chasing after his branch managers, shuttling around his teenagers, earning a new badge on Trailhead, working with Veteran Transition programs, or spending time with his wife. Jason is driven to bring the best technical expertise to each and every client project he works on each and every day. His primary motivation is the feeling of helping clients really maximize Salesforce to its fullest potential (and build cool stuff too).

Leave Your Comment

Related Articles

Bot Single Post