You add custom permissions, along with other types of permissions, to a Permission Set Group by adding Permission Sets that contain those permissions to the group.
Permission Set Groups are a powerful feature in Salesforce that allows administrators to bundle multiple Permission Sets into a single group. Users assigned to the group receive the combined permissions from all the Permission Sets included in that group.
Understanding Permission Set Groups
A Permission Set Group consolidates the permissions granted by its constituent Permission Sets. When you assign a user to a Permission Set Group, they gain all the access rights defined in every Permission Set within that group. This simplifies permission management, especially for users who require a specific set of permissions across multiple objects and functions.
Think of it like layering permission sets together. The group inherits the sum of capabilities from each layer.
Steps to Add Permissions to a Permission Set Group
To effectively "add custom permissions" or any other type of permission to a Permission Set Group, you need to create or identify a Permission Set that grants those specific permissions and then add that Permission Set to your desired group.
Here are the general steps:
- Identify or Create the Permission Set: Determine which permissions you want to add to the group. If a suitable Permission Set already exists, you can use it. Otherwise, create a new Permission Set and configure it with the desired permissions (e.g., object permissions, field permissions, custom permission access, Apex class access, Visualforce page access, etc.).
- Navigate to Permission Set Groups: In Salesforce Setup, find "Permission Set Groups" using the Quick Find box.
- Select the Target Group: Click on the name of the Permission Set Group you want to modify.
- Manage Included Permission Sets: On the Permission Set Group detail page, find the related list or section for "Permission Sets in Group" or "Included Permission Sets."
- Add the Permission Set: Click the button (often labeled "Add Permission Set" or similar) to include a new Permission Set. Select the Permission Set you identified or created in step 1 from the list of available Permission Sets.
- Save: Save the changes to the Permission Set Group.
Once the Permission Set is added, any user assigned to this Permission Set Group will automatically receive the permissions granted by the newly added Permission Set, combined with the permissions from all other Permission Sets already in the group.
What Types of Permissions Can Be Added?
Permission Sets can grant a wide array of permissions, including:
- Object Permissions: Create, Read, Edit, Delete, View All, Modify All for specific objects.
- Field Permissions: Read or Edit access for specific fields.
- Custom Permission Access: Granting access to processes or features that have been secured using Custom Permissions.
- App Permissions
- System Permissions
- Apex Class and Visualforce Page Access
- External Data Source Access
- Flow Access
- Connected App Access
By adding Permission Sets configured with these settings, you effectively add these capabilities to the users within the Permission Set Group.
Refining Permissions with Muting Permission Sets
While adding Permission Sets increases the overall permissions granted by the group, Permission Set Groups also offer the ability to reduce the combined permissions using Muting Permission Sets. This is a key feature for fine-tuning access.
Based on the provided references, Muting Permission Sets allow you to specifically revoke permissions that were granted by the Permission Sets included in the group:
- Object Permissions: You can use a Muting Permission Set to mute specific object-level functions, such as Create. This means if a regular Permission Set in the group grants "Create" access, but the Muting Permission Set mutes it, users in the group will not have Create access.
- Field Permissions: Muting Permission Sets can also control field-level access:
- Select Read Access Muted for fields you want to hide, even if a Permission Set in the group grants Read access.
- Select Edit Access Muted for fields users shouldn't edit, even if a Permission Set in the group grants Edit access.
Effectively, the net permissions for a user assigned to a Permission Set Group are the sum of permissions from all included Permission Sets, minus any permissions muted by a Muting Permission Set within that group.
Here's a simplified view of the combined permission model:
| Source | Action | Result in Group |
|---|---|---|
| Included Permission Set | Grants Permission | Adds Capability |
| Muting Permission Set | Mutes Permission | Removes Capability |
Example: If Permission Set A grants "Edit" access on the "Opportunity" object, and you add it to Group X, users in Group X get Edit access. If you then add a Muting Permission Set to Group X that mutes "Edit" access on "Opportunity," users in Group X lose the Edit access for Opportunity, even though Permission Set A grants it.
By combining the addition of Permission Sets with the use of Muting Permission Sets, you can build highly specific and flexible permission bundles within Permission Set Groups.
