Take Control over the “Who”

Topic: Using Custom Permissions
Target Group: Admins, Architects & Developer
Complexity: Medium

Who does what when why?
These simple questions guide our requirements. Once the solution is implemented it becomes (almost) the wild west.

A finance User updates Opportunities for Sales, the Service User orders products and the Marketing Intern deletes Leads.

We try to keep on top of it with Profiles and Permission Sets, sometimes Custom Settings or even Fields on the User Record.

All of these options are either too fine-grained, not fine-grained or hard to maintain. I think the cleanest way to control business processes in Salesforce is Custom Permissions.

Custom Permissions seem to be the perfect solution to take back control.


Case Creation Flow:

-> Check if Service Permission at the start of the Flow

Invoice Creation only by Finance Users:

-> APEX Error on insert of not Finance Permission 

Account Name Update only by Data Steward:

-> Custom Permission Data Steward

While all of this can be achieved with Custom Hierarchy Settings or Flags on the User, I think Custom Permission is by far the cleanest solution.

Going forward I’ll try to always start with a Custom Permission based on my Actors (e.g. Finance User) and implement the Custom Permission check everything I’m building.

I’m sure many of you are already way ahead in the use of Custom Permissions.

What are your experiences and thoughts?

PS; As an ISV, Custom Permissions are just gold. By far the easiest way to design my solution