Custom Permissions
Custom Permissions in Salesforce, is something that can be utilised to grant a User access to certain things like apps & processes, something that standalone permissions can not do.
As we know, a Profile in Salesforce can grant a user access to things such as Objects, Fields, VisualForce Pages, Tabs, and even the running of specific Apex classes. Unfortunately, they cannot be used to grant access to some custom processes that may be built in your org, or in this use case, avoiding certain processes.
Use Case
In this article, I will go over a practical use case for Custom Permissions. Picture the scene… you have a Profile assigned to a set of Users, but half of those Users have a slightly different role in comparison to the other half and you’re asked to build a solution that includes a Validation Rule to prevent them from performing a certain action, unless X = Y. But, this should only impact one half of them.
Now, you cannot use the Profile because as we discussed, they all have the same Profile. And to your knowledge, there are no other key identifiers that allow you to distinguish 1 half of Users from the other, so how do you do it? Custom Permissions is how.
So to get started, we firstly need to create the Custom Permission itself.
- To do this, we need to go into the Setup menu,
- In the search bar on the left type in ‘Custom Permissions’ and press the first option that comes up,
- Press ‘New’ and wait for the screen to load,
- Here you will see 7 different fields, but we only need 3 of them… those being Label, Name, & Description,
- In the Label field, we want to type ‘Allow Technical Support to bypass Validation Rule X’,
- Click out of this field and the Name field will auto-populate,
- In the Description we want to add a meaningful description so future Admins know what the Custom Permission does,
- And then hit Save once done
Great! We’ve just created our first Custom Permissions,but right now, it serves no purpose. So we need to go into our Validation Rule we want our Users to bypass and edit the formula
In the formula, we need to add the line of code:
&&
NOT($Setup.Configuration__c.{Name of the Custom Permission})
This is basically saying, {the rest of your VR} AND if the User does not have the Custom Permission, throw an error message.
You can use $Setup.Configuration__c.{Name of the Custom Permission} = False although it is not best practice to compare a boolean to another boolean (one of the booleans being our Custom Permission, as it returns either True or False).