The Salesforce Summer ’23 release includes many changes to the platform, like the ones we’re seeing with Account Engagement that include the ability to copy marketing assets between business units. However, the thing we’re going to talk about in this blog post are two new features that (hopefully) help you simplify user access management for the Salesforce platform.
First, we’re going to quickly go over the new User Access Policies (Beta) feature and then we’ll talk about setting field-level security in permission sets.
Salesforce User Access Policies (Beta)
User access policies are a new feature that allows you to control user access based on criteria such as user roles profile, or other user fields. For example, we can give users different access to the same data, depending on their role in the organization or their department.
Users can be assigned to permission set licenses, permission sets, permission set groups, package licenses, queues, and groups using user access policies.
User Access Policies are broken down into two types, Manual User Access Policies and Active User Access Policies.
Manual User Policies
Manual User Access Policies are one-time processes to grant or revoke bulk access for designated users. What this means is that you can identify users by using filters and modify, add, or remove access that you define in the policy itself.
Example: You’re migrating permissions for a group of users from profiles to permission sets. You would create filters to identify the users assigned to the profile, then create actions in the user policy to assign permission sets and permission set groups.
Active User Policies
Active User Access Policies automatically grant or revoke user access. An active user access policy runs in the background and is triggered by an event like a created or updated user record.
Example: You can have an active policy set to assign a series of permission sets permission set licenses and groups to a user when they are created and have the Sales Manager role, or grant/revoke assignments to an existing user who’s been updated with this role.
Sounds like a flow if you ask me…
Ok, that’s cool Jason. So how do I get to it?
- Go to Setup > Quick Find “User Management Settings” then enable User Access Policies (Beta).
- Then, Quick Find “User Access Policies” to create or manage user access policies.
Considerations before enabling User Access Policies
A couple of things to be aware of before you go and enable this setting in your org:
- Each org is limited to 20 access policies in total.
- This feature is in Beta and is subject to change without notice. Be sure to watch future Salesforce releases to find out when this will be made Generally Available (GA).
Set Field-Level Security for a Field on Permission Sets Instead of Profiles (Generally Available)
In the past, field-level security could only be set on profiles which, even with the Enhanced Profile User interface, could be extremely tedious. However, in the Summer ’23 release, you can now set field-level security on permission sets when creating a new custom field.
What does this mean?
When creating a field you would normally have a step that would have you pick which profiles have access to view or edit..
Now, once the Set Field Level Security for a Field on Permission Sets feature is enabled, this step (Profiles step) is replaced with something that looks like this screenshot:
This was originally a beta feature in Spring ’23 but is now Generally Available in Summer ’23.
How do you enable it?
- Go to Setup>Users>User Management Settings, then Enable Field Level Security for Permission Sets During Field Creation.
Considerations for the Set Field Level Security for a Field on Permission Sets feature
Things to keep in mind when enabling Field Level Security for Permission Sets During Field Creation:
- Enabling this setting will remove the profile list from view when setting or changing field level security at the profile level.
- When you set or change field-level security for a field on permission sets, you can view by permission sets with object permissions, or by all permission sets.
Streamlining Salesforce user management today and beyond
Cool stuff, but how is this going to affect me now and in the future?
These changes are all part of Salesforce’s master plan to streamline User Management to make it less tedious, less challenging, and less time-consuming so we can spend more time taking the dog for a walk or enjoying the awesome Pacific Northwest Summers.
Eventually, we will see Salesforce sunset Profiles and move solely to controlling record access via permission sets as outlined in this Salesforce Admins Article.
If you would like to know more about the future of User Management I encourage you to check out this awesome blog by Cheryl Feldman and the Awesome Admin team over at Salesforce. And reach out to Sercante when you’re ready to talk about how these changes fit in with your overall marketing and technology operations strategy.