There is no doubt that Salesforce has significantly changed how businesses used to operate their daily activities. From exemplary lead generation to flourishing return on investment, and from well-organized business operations to building strong customer relationships, Salesforce has benefited all those businesses from different industries that have embraced and integrated it.
Though Salesforce and its standard functionalities are unparalleled, there are still some areas where the users of Salesforce face one or the other limitation.
One such limitation is to update a large scale of schema permission work simultaneously in a time saving and cost-effective manner.
To resolve this downside, Fexle Services has come with one of its kind utility, and this utility is called Easy Permission.
Easy permission, as the name suggests is a tool to make the Permission Customization process very easy for any complex use case. It is a Salesforce AppExchange Single Page application to analyze, design, develop, deploy & QA to your Org’s Schema Permissions.
Do you want to know what this utility is? What functions does it perform? How will it ease out the lives of users? And how it will augment system permission?
Try not to skip this blog. Read it entirely, and get ready to behold the magic tool that Fexle is going to reveal.
But before hop on to the tool description, let us first walk you through a few important aspects such as, the meaning of the permission, CRED operations, teams and processes involved in Permissions, and the limitations with Salesforce standard functionalities, which have induced our Salesforce professionals to develop Easy Permission tool.
Understanding Permission, CRED Operations, and The Limitations
In an ideal and traditional Salesforce world, the word Permission’s bibliography is quite diverse, and it includes different names such as access, profiles, permission set, roles, objects, security, and many more.
Whether it’s a real-world or software world, or the world of Salesforce, we all require certain access and permission to perform certain tasks. In the real world, a student or a working employee requires an ID card, entry pass, biometric entry, etc. to enter the school or office premises.
In the computer or software world, a person requires login authentication, authorization, API authentication, etc. to use that system or software.
In the same way, the Salesforce world also has some permissions, such as user licenses, profiles, permission sets, roles, object/field permissions, etc. which allows users to access and explore the Salesforce environment.
In Salesforce, schema permission can be defined through profile and permission set for an object and field.
Schema permission can be referred to as CRED – Create, Read, Edit, and Delete, along with Modify All and View All. Different profiles have access to different sets of CRED.
Some users can read and edit but not delete, while others have a mix and match of what Salesforce users can do with each object or field.
The Permission Set Limitations with Standard Salesforce Functionalities
System permission is a tricky functionality, wherein users with different roles, multiple teams, and various processes interact. Different users have different roles, and each role has a special set of approaches/skills towards the permission update. These roles include Admin, Developers, and Specialists.
Apart from the roles, there are also different teams and processes that often interact with system permissions. These roles, teams, and process are as follows:
| Roles | Teams | Processes |
| Admin | App Support Team | New Application Development |
| Developers | Solution Designers | Departments – Onboarding |
| Specialists | Development | Roles-Sales/Service/Marketing |
| QA Team | Org Splits | |
| Auditors | Org Merge | |
| UAT Users | Department Head CXO Queries | |
| Most Complex Architecture | ||
| Audit Tracking | ||
| License Cost-Clone Apps | ||
| Apps Enhancements |
Together, teams, roles, and processes involve a huge cost and time if one follows a traditional approach.
Our Salesforce experts have calculated that ballpark estimate for new application security set up for 20 profiles and 50 objects, and it ranges between 31 to 62 hours.
In the table below, you can see the time bifurcation for the same.
| Process | Time |
| Analysis & Design | 2 to 4 Hours |
| Development | 8 to16 Hours |
| QA | 4 to 8 Hours |
| UAT | 4 to 8 Hours |
| Regression Testing | 4 to 8 Hours |
| Deployment | 4 to 8 Hours |
| Smoke Testing | 4 to 8 Hours |
| Hypercare | 1 to 2 Hours |
| Reporting | 2 to 4 Hours |
| Total | 31 to 62 Hours |
It means that if you follow a traditional path of setting up permission, then it is high time you should start thinking about the huge time and cost involved in this process.
Limitations, A User Faces in The Traditional Approach of Permission Set
Apart from time and cost, there are ample of other limitations that make the traditional approach and process daunting. These are as follows:
- Harsh and tiresome approach
- Clumsy and tough deadlines
- Accessible to only admin/developers
- Lack of understanding among admin, developers, and specialists
- Needless team involvement & efforts
- The traditional approach is not cost-friendly
- Dependency on technical experts
- Lack of the presence of security experts
- App support have to close more cases with huge time investment
- Lack of transparency in auditing of permissions
- Lack of accuracy, as it depends on experience & expertise
- Daunting deployment process
Here are some more limitations with the existing Salesforce setup:
Sequential Approach – Users have to go through a proper hierarchy to give permission. It leads to delay in task completion.
Limited View – You cannot open and view multiple profiles or multiple objects.
No Export – There is no provision to download or export permissions.
No Mass Update – Since there was rigidity, users cannot mass update the permission.
No Cloning – In standard functionality, users cannot clone permission from one profile/object to another profile/object.
No Deployable Package – There was no facility to deploy profile/object packages from one org to another.
Tricky Process – There is no view through which you can update permission of many objects with one profile/permission set or one object with many profiles/permission sets.
Easy Permission and It’s Flawless Features
Easy Permission and It’s Flawless Features
| Features | Properties |
| View Permissions | View Existing Permissions in very few clicks Analyse permissions on the fly Large no of results are available to analyse and preview. |
| Export Permissions | Users can download the permissions in CSV format or can generate a package.xml file for objects, fields, profiles, and permission sets. Deployable Package CSV |
| Clone Permissions | Exact Clone – Can clone object/field permission for all available profiles/permission set in the org, in one screen Cross Clone – Clone object/field permission for multiple profiles and permission sets at the same time |
| Mass Permissions | CRED permission to N Object/Fields CRED Permission to N Profiles/Permission Sets |
| Custom Permissions | Users can update permission of multiple objects with different/similar permission for multiple profiles and permission sets at the same time. Object with Profiles Profile with Objects |
| Global Menu | Refetch Schema Refresh Feedback: Issue/Enhancements |
| Application Execution Behaviour | Synchronous Mode – This mode gives you real-time results on the App Screen. It is mostly used in executing small operations. Asynchronous Mode – In this mode, users can select multiple objects & fields and apply mass permission. You can do other tasks while easy permission will take care of the remaining. And you will receive updates on Error and Success files on your preferred email. This mode is very useful while updating a large set of schema permissions in a single save option. |
| Standard List & Custom List | Custom List – You can group all the required objects, fields, profiles, and permission sets and create a custom list of the group, and henceforth users do not have to drill down the entire system’s profile or objects and save ample time. Standard List – The standard list, however, does not have any such functionality and nor does it facilitate grouping the objects/fields/profiles.This feature helps in big organizations to manage a list of profiles and objects specific to department or projects. |
| Managed and Unmanaged | Object Selection: Using the Object selection screen, users can choose an option to select Managed Packages V/s Non Managed packages objects and profiles. Which helps to minify the no of objects and profiles also make a very easy way to customize permissions. |
Benefits of Easy Permission
View Permission – You can view the existing permissions in your Salesforce org within a few clicks.
Time Saving Exports – You can very easily export the permissions, either in the deployable package or in the CSV file format. It will surely streamline the reporting process as well as the deployment time.
Seamless Cloning – There is no rocket science when it comes to cloning the permission sets. Just a few clicks and you are done with both kinds of cloning exact cloning and cross cloning.
Multiple Selection – The Easy Permission utility enables users to apply to create, edit, read, and delete permissions to multiple objects, multiple fields, and multiple profiles altogether.
Easy Customization – Users often face problems while setting up permission. Sometimes, they have fewer object counts and the higher profile counts in such a situation they can choose the Object with Profiles option.
And if users have profile counts lesser than the object counts, they can select the option, Profile with Objects. In this way, users can easily customize their permission by selecting the suitable view available in this utility.
The Upcoming Feature Enhancements For Easy Permission
| Features | Details |
| Audit Tracking | Permission level audit tracking and Audit filters |
| Deploy Permissions | Develop in one org and deploy in diff org. Speed up development |
| Permission Analyzer | Comparison in connect orgs Comparison in non-connected orgs Comparison with Excel/CSVs |
| Import Permissions | CSV/Excel/ANT Script |
| Other Metadata Permission Update | One place for all Apex Class, VF Page, Layout Assignments, Record Types, Apps, Tabs, Lightning Component/Pages & Misc. |
| Profiles To Permission Set | Create Permission Set from Profile Create Profiles from Permission Set |
| Snapshot & More Export Features | Save work as SnapshotUtilize as template |
