Skip to main content

Quick Tips: Custom security settings (When to use Salesforce Custom Permissions?)

How often did each one of us get into a situation where we have to create custom security rules? For e.g.
  • Call center agents should not be able to give credits. Only Supervisors or Finance team can give credits
  • Only Finance and Account Manager can generate invoice.
And the most trivial way to achieve it is something like

if(profileName == 'Supervisor || profileName == 'Finance'){
     //business logic to give credits
    //throw error message

Now, one of the best ways to handle this is by using "Custom Permissions". It allows you to leverage Salesforce security infrastructure and loosely bind that to your custom logic. This helps in making your code scalable and robust. You'll learn that below.

What are Custom Permissions?
Custom Permissions was made GA in Summer '15 (ver 34.0). It is a unique way of creating a custom permission which is required/ to be used by your custom logic. For e.g. in above example, if we create a custom permission "Can give Credits" then we have ability to provide this permission to user via profile/ permission set.

Apex code needs to be modified as (Helper class implementation shared later) :-
    //business logic to give credits
    //throw error message

Now, the above code is flexible as it doesn't have hard-coded reference to the profile and hence, if in future there are new profile which need same ability to give credits, it can be achieved by simply giving custom permission to the new profiles.

How to use Custom Permissions?
  • In Formulas (easy):- In validation rules it can be simple used by using global variable "$Permission". For e.g.
  • In Visualforce (easy) - 
<apex:commandbutton action="{!save}"
value="Create Credit"> </apex:commandbutton>
  • In Apex (bit tricky as of now) - This is a little tricky wherein data is to be extracted from multiple entities (refer below entity diagram) to evaluate user's access to custom permissions.
Custom Permission - entity diagram

So, in order to retrieve custom permissions via Apex, following queries can be used:-

  1. Query to retrieve all custom permissions and where ever that permission is assigned (profile / permission set)
    Select c.Id, c.DeveloperName, (Select ParentId From SetupEntityAccessItems) From CustomPermission c
  2. Retrieve all permission sets/ profiles assigned to current user (loop through all permissions to determine permission assigned to current user)
    Select SetupEntityId From SetupEntityAccess Where SetupEntityId in :mapCustomPermissions.keySet() AND ParentId in (Select PermissionSetId From PermissionSetAssignment Where AssigneeId = :UserInfo.getUserId())


Popular posts from this blog

Quick Tips: Salesforce default Images

Well, I'm sure a lot of you still rely on using out of the box salesforce images for displaying quick icons within formula fields or even using them within your Visualforce pages. Lately, I realized that a lot of earlier resources are no longer accessible, so I tried to quickly extract all images from Salesforce CSS files and provide a quick reference here. Please note, I've referenced all images from SF servers directly, so if anything changes, the image should stop rendering here. As these images are completely controlled by Salesforce, and in case they change anything, it might lead to image not being accessible. Image path Image /img/samples/flag_green.gif /img/samples/flag_green.gif /img/samples/flag_red.gif /img/samples/color_red.gif /img/samples/color_yellow.gif /img/samples/color_green.gif /img/samples/light_green.gif /img/samples/light_yellow.gif /img/samples/light_red.gif /img/samples/stars_100.gif /img/samples/stars_200.gif /img/samples/stars_300.

Lightning: Generate PDF from Lightning components with in-memory data

I'm sure as everyone is diving into lightning components development, they are getting acquainted with the nuances of the Lightning components framework. As well as, its current limitations. Being a new framework, this is bound to happen. Although we have our users still using salesforce classic, we have started using lightning components framework our primary development platform and Visualforce is considered primarily for rendering lightning components within Classic Service console. Recently, while re-architecting a critical module, we encountered a problem wherein we needed to generate PDF from lightning components. Now, being Javascript intensive framework, it has limited room for such features (may be included in future roadmap). As of now, there is no native feature within the lightning framework to do so (at least I didn't find anything). Common Scenario - Create Visualforce page to retrieve data and generate PDF For scenarios where the data exist within Sa

Quick Tips: Setup SFDX Manually without Admin access

We all have faced challenges while working in different enterprise environments, where there may be lot of controls/ checks/ red-tape to get by. In such situations, getting access to simple tools (even git) can take lot of time. Note: This tutorial is to be followed at your own risk, as it may not be complaint to your organization's IT policies. What is SFDX? SFDX is a command line utility for managing salesforce builds/ deployments. Being command line, it can be easily embedded to automation chains, to help build fully automated build and deployment processes. To get started, refer Setup SFDX on Windows machine without admin access As you may have already realized, SFDX installation needs admin access to one's machine. Which may be a luxury a lot of developers may not have. So, i tried to provide a step-by-step guide to setup SFDX on your computer without any admin access Steps: Note: