One key aspect of Salesforce development is managing permissions, and sometimes, the need arises for developers to work with custom permissions to control access to specific features or functionalities within their applications.
What are Custom Permissions?
Custom permissions in Salesforce are a way to grant or restrict access to certain features or functionalities within an application. They provide a granular level of control, allowing administrators and developers to define who can perform specific actions or access particular parts of an application.
Determining Custom Permissions in APEX
Before we explore how to add or remove custom permissions programmatically, it's important to understand how to check for the existence of a custom permission within APEX. This can be done using the FeatureManagement class, which provides methods for querying custom permissions.
Here's an example of how you can check if a custom permission exists:
Boolean hasCustomPermission = FeatureManagement.checkPermission('Your_Custom_Permission_Name');
if (hasCustomPermission) {
// Custom permission is granted
// Your logic here
} else {
// Custom permission is not granted
// Your alternative logic here
}Replace Your_Custom_Permission_Name with the actual name of your custom permission. This code snippet checks whether the specified custom permission is granted and executes the corresponding logic accordingly.
Adding Custom Permissions Programmatically
Adding Custom Permission to a Permission Set
Adding custom permissions programmatically involves creating a Permission Set and assigning the desired custom permissions to it. Here's a basic example:
// Creating a Permission Set
PermissionSet ps = new PermissionSet();
ps.Label = 'Your_Permission_Set_Label';
ps.Name = 'Your_Permission_Set_Name';
insert ps;
// Assigning custom permissions to a Permission Set using SetupEntityAccess.
CustomPermission cp = [SELECT Id FROM CustomPermission WHERE DeveloperName = 'Your_Custom_Permission' LIMIT 1];
insert new SetupEntityAccess(
ParentId = ps.Id,
SetupEntityId = cp.Id
);
// Assigning the Permission Set
PermissionSetAssignment psa = new PermissionSetAssignment();
psa.AssigneeId = 'User_or_Profile_Id';
psa.PermissionSetId = ps.Id;
insert psa;Replace Your_Permission_Set_Label, Your_Permission_Set_Name, and Your_Custom_Permission with the desired label and name for your Permission Set and DeveloperName of Custom Permission. Also, replace User_or_Profile_Id with the Salesforce User Id or Profile Id to whom you want to assign the custom permission.
Adding Custom Permission to a Profile
At the moment, Apex does not provide straightforward mechanisms for modifying profile configurations as a whole. In other words, there is no direct equivalent to inserting a SetupEntityAccess record (as is the case with Permission Set). Programmatically assigning a custom permission to a profile is still possible, but it requires the use of either the Tooling API or Metadata API. Exploring this topic in depth exceeds the scope of the current material. However, we plan to write a series of articles in the future that will delve into the intricacies of the Tooling API, providing a comprehensive understanding of its capabilities.
Removing Custom Permissions Programmatically
To remove custom permissions programmatically, you need to delete the SetupEntityAccess associated with the Permission Set and Custom Permission. Here's an example:
// Deleting a Permission Set
PermissionSet ps = [SELECT Id FROM PermissionSet WHERE Name = 'Your_Permission_Set_Name'];
CustomPermission cp = [SELECT Id FROM CustomPermission WHERE DeveloperName = 'Your_Custom_Permission'];
SetupEntityAccess sea = [SELECT Id FROM SetupEntityAccess WHERE ParentId = :ps.Id AND SetupEntityId = :cp.Id];
delete sea;Replace Your_Permission_Set_Name with the Permission Set Name and Your_Custom_Permission with the DeveloperName of Custom Permission. Also, replace Your_Permission_Set_Name with the name of the Permission Set containing the custom permission.
Conclusion
Custom permissions in APEX provide a powerful tool for managing access to specific features within Salesforce applications. Understanding how to determine, add, and remove custom permissions programmatically empowers developers to create more dynamic and customizable solutions. As you navigate the world of Salesforce development, incorporating these practices will contribute to building secure and tailored applications that meet the specific needs of your users.