For instance, you might use custom permissions to grant access to a custom app only for users with a specific role or to enable advanced features for a select group of individuals. This fine-grained control not only enhances security but also contributes to a more efficient and streamlined user experience.
The Role of Custom Settings in Business Use Cases
Let's consider a business use case for a fictional company named "TechCo," which provides a variety of software products to its customers. In this scenario, TechCo wants to offer a premium feature called "Advanced Reporting" to a specific group of users, such as administrators or users with a specific role.
Here's how the Salesforce custom permission feature could be conveniently used in this case:
Define a Custom Permission
Create a custom permission called "Advanced_Report_Permission" in Salesforce. This permission will act as a flag to determine whether a user has access to the advanced reporting feature.
CLI command for retrieving the 'Advanced_Report_Permission':
sf project retrieve start -m CustomPermission:Advanced_Report_Permission
Assign Custom Permission to Relevant Users
At the time of writing the article, custom permissions can only be assigned through:
- permission sets (Setup - Permission Sets - Select the desired permission set - Custom Permissions)
- profiles (Setup - Profiles - Select the desired profile - Custom Permissions).
Enhance User Experience
Depending on whether the user has the custom permission, you can dynamically adjust the user interface to show or hide advanced reporting options, providing a seamless and personalized experience.
By using Salesforce custom permissions in this way, TechCo ensures that only authorized users have access to the advanced reporting feature. This approach provides a flexible and scalable solution, allowing administrators to control access to premium features without modifying the underlying code.
How to Check if the Running User has a Custom Permission?
In your Apex code, use the FeatureManagement.checkPermission('CUSTOM_PERMISSION_NAME') method to check if a user has the custom permission.
Now, let's create a small test class that will generate a test user, assign a custom permission set to him, and then link our custom permission 'Advanced_Report_Permission' to this custom permission set. Subsequently, we will utilize FeatureManagement.checkPermission('Advanced_Report_Permission') to confirm that the user possesses this permission.
@IsTest
public with sharing class FSRK_AdvancedReportingFeatureTest {
@IsTest
static void testAdvancedReportingPermission() {
// Create a test user
User testUser = new User(
FirstName = 'John',
LastName = 'Doe',
Alias = 'jDoe',
Email = 'j.doe@domain.invalid',
Username = 'j.doe' + Datetime.now().getTime() + '@domain.invalid',
EmailEncodingKey = 'UTF-8',
LanguageLocaleKey = 'en_US',
LocaleSidKey = 'en_US',
TimeZoneSidKey = 'America/Los_Angeles',
ProfileId = [SELECT Id FROM Profile WHERE Name = 'Standard User' LIMIT 1].Id
);
insert testUser;
// Create a permission set
PermissionSet ps = new PermissionSet(
Label = 'Advanced Reporting',
Name = 'AdvancedReporting'
);
insert ps;
// Create SetupEntityAccess
CustomPermission advancedReportPermission = [SELECT Id FROM CustomPermission WHERE DeveloperName = 'Advanced_Report_Permission' LIMIT 1];
insert new SetupEntityAccess(
ParentId = ps.Id,
SetupEntityId = advancedReportPermission.Id
);
// Create PermissionSetAssignment record
insert new PermissionSetAssignment(
AssigneeId = testUser.Id,
PermissionSetId = ps.Id
);
Test.startTest();
System.runAs(testUser) {
// Check the custom permission programmatically
Boolean hasAdvancedReportPermission = FeatureManagement.checkPermission('Advanced_Report_Permission');
// Assert that the test user has the 'Advanced_Report_Permission' custom permission
Assert.isTrue(hasAdvancedReportPermission, 'Test user should have Advanced_Report_Permission');
}
Test.stopTest();
}
}
Conclusion
In this article, we explored the strategic implementation of Salesforce custom permissions, specifically focusing on a practical business use case. We delved into the creation of a test class that seamlessly generates a test user, assigns a custom permission set, associates a custom permission with it, and utilizes Feature Management to verify the user's entitlement to the specified permission. This comprehensive approach not only ensures the security and efficiency of business processes but also showcases the flexibility and power of custom settings in tailoring Salesforce solutions to unique organizational needs.