Our company is growing fast, and I’m finding it impossible to keep up with creating unique Profiles for every slightly different role. I've heard that Permission Set Groups are the future, but how do I start transitioning away from a Profile-heavy architecture without breaking current user access levels?
3 answers
Salesforce is definitely moving toward a "Minimum Access Profile" model. The idea is to give everyone a very basic profile and then layer on permissions using Permission Set Groups. Start by auditing your current profiles and identifying the common denominators. Group specific tasks—like "Delete Leads" or "Export Reports"—into individual Permission Sets. Then, bundle those into Groups based on job functions like "Sales Manager" or "Junior Marketing." This makes onboarding much faster because you just assign one group instead of toggling fifty checkboxes.
Are you worried about the "Muting Permission Set" feature, or have you found it useful for excluding specific permissions within a group for certain users? I've been trying to figure out if it's cleaner to use a muting set or just create a separate group entirely.
The User Access Policy (Beta) feature is also worth looking into. It can automate the assignment of Permission Set Groups based on user attributes like Department or Title.
That is a game changer, Laura. Automating the assignment based on the User record fields reduces manual errors and ensures new hires get the access they need on day one.
Steven, Muting Permission Sets are actually quite elegant. They allow you to use a broad Permission Set Group but specifically "turn off" one or two permissions for a subset of users. It prevents you from having to duplicate the entire group just because one person shouldn't have the "View All Data" permission, keeping your list of sets much shorter.