ship
SalesForce Simplified

Your Go-To Resource for Streamlined Solutions and Expert Guidance

mountains
Empower Your Business
Dive deep into the world of CRM excellence, where innovation meets practicality, and transform your Salesforce experience with Forceshark's comprehensive resources

Access Control with Custom Permissions Verification Techniques

In Salesforce, custom permissions play a crucial role in fine-tuning and enhancing access control within your organization. These specialized permissions offer a nuanced way to manage and restrict user access to specific features, objects, or fields based on business requirements. Unlike standard profiles and permission sets, custom permissions provide a more granular level of control, allowing administrators to define precise conditions under which users can perform certain actions.
For instance, you might use custom permissions to grant access to a custom app only for users with a specific role or to enable advanced features for a select group of individuals. This fine-grained control not only enhances security but also contributes to a more efficient and streamlined user experience.

The Role of Custom Settings in Business Use Cases

Let's consider a business use case for a fictional company named "TechCo," which provides a variety of software products to its customers. In this scenario, TechCo wants to offer a premium feature called "Advanced Reporting" to a specific group of users, such as administrators or users with a specific role.

Here's how the Salesforce custom permission feature could be conveniently used in this case:

Define a Custom Permission

Create a custom permission called "Advanced_Report_Permission" in Salesforce. This permission will act as a flag to determine whether a user has access to the advanced reporting feature.


CLI command for retrieving the 'Advanced_Report_Permission':

sf project retrieve start -m CustomPermission:Advanced_Report_Permission

Assign Custom Permission to Relevant Users

At the time of writing the article, custom permissions can only be assigned through:
  • permission sets (Setup - Permission Sets - Select the desired permission set - Custom Permissions) 
  • profiles (Setup - Profiles - Select the desired profile - Custom Permissions). 
However, it seems that shortly, there will likely be the possibility to add custom permissions to individual users, groups, or roles, as indicated by this idea.

Enhance User Experience

Depending on whether the user has the custom permission, you can dynamically adjust the user interface to show or hide advanced reporting options, providing a seamless and personalized experience.
By using Salesforce custom permissions in this way, TechCo ensures that only authorized users have access to the advanced reporting feature. This approach provides a flexible and scalable solution, allowing administrators to control access to premium features without modifying the underlying code.

How to Check if the Running User has a Custom Permission?

In your Apex code, use the FeatureManagement.checkPermission('CUSTOM_PERMISSION_NAME') method to check if a user has the custom permission.

Now, let's create a small test class that will generate a test user, assign a custom permission set to him, and then link our custom permission 'Advanced_Report_Permission' to this custom permission set. Subsequently, we will utilize FeatureManagement.checkPermission('Advanced_Report_Permission') to confirm that the user possesses this permission.

@IsTest
public with sharing class FSRK_AdvancedReportingFeatureTest {
    @IsTest
    static void testAdvancedReportingPermission() {
        // Create a test user
        User testUser = new User(
            FirstName = 'John',
            LastName = 'Doe',
            Alias = 'jDoe',
            Email = 'j.doe@domain.invalid',
            Username = 'j.doe' + Datetime.now().getTime() + '@domain.invalid',
            EmailEncodingKey = 'UTF-8',
            LanguageLocaleKey = 'en_US',
            LocaleSidKey = 'en_US',
            TimeZoneSidKey = 'America/Los_Angeles',
            ProfileId = [SELECT Id FROM Profile WHERE Name = 'Standard User' LIMIT 1].Id
        );
        insert testUser;
        // Create a permission set
        PermissionSet ps = new PermissionSet(
            Label = 'Advanced Reporting',
            Name = 'AdvancedReporting'
        );
        insert ps;
        // Create SetupEntityAccess
        CustomPermission advancedReportPermission = [SELECT Id FROM CustomPermission WHERE DeveloperName = 'Advanced_Report_Permission' LIMIT 1];
        insert new SetupEntityAccess(
            ParentId = ps.Id,
            SetupEntityId = advancedReportPermission.Id
        );
        // Create PermissionSetAssignment record
        insert new PermissionSetAssignment(
            AssigneeId = testUser.Id,
            PermissionSetId = ps.Id
        );
        Test.startTest();
        System.runAs(testUser) {
            // Check the custom permission programmatically
            Boolean hasAdvancedReportPermission = FeatureManagement.checkPermission('Advanced_Report_Permission');
            // Assert that the test user has the 'Advanced_Report_Permission' custom permission
            Assert.isTrue(hasAdvancedReportPermission, 'Test user should have Advanced_Report_Permission');
        }
        Test.stopTest();
    }
}

Conclusion

In this article, we explored the strategic implementation of Salesforce custom permissions, specifically focusing on a practical business use case. We delved into the creation of a test class that seamlessly generates a test user, assigns a custom permission set, associates a custom permission with it, and utilizes Feature Management to verify the user's entitlement to the specified permission. This comprehensive approach not only ensures the security and efficiency of business processes but also showcases the flexibility and power of custom settings in tailoring Salesforce solutions to unique organizational needs.