Francis Pindar - 5 years ago
Another possible workaround for this is to use Hierarchical custom settings. You can then setup a custom setting which you can set different values based on the individual user, profile or org default value. For example creating a custom setting for "Has Invoice Creation permission" then set the org default to No. Admin user profile to Yes, Joe Bloggs to Yes etc...
Ian Sze - 6 years ago
You can now do this using Custom Permissions.
Simply create a Custom Permission and add it to the permission set. In a formula field / workflow / validation rule you can then query it via the $Permission section.
Jason McLain - 6 years ago
We desperately need this as we're fairly heavy users of permission sets. I tried to implement @Tony Barrow 's idea but coudn't come up with a good way to trigger the update to the field on the user table. My first thought was to put the trigger on PermissionSetAssignment but that object doesn't allow triggers. The field on users would need to be updated any time we updated an assignment so it pretty much has to be there.
Stephanie Adams - 6 years ago
We tried the work-around given by Tony, but it doesn't look like we can reference custom fields in lookup filters. We very much need the ability to filter Contacts based on the permission set on their user records, or at the very least , on the custom text and multi-select picklist fields we created on the User record. Any ideas or update on the timeframe for this Idea? Thanks!
Francis Pindar - 7 years ago
@Matthew Lamb: Just saw your response (ok two years later). At the time (I don't think its changed) you could only query the contents of PermissionSetAssignments if you have setup menu access / via Apex code, otherwise any query would return no results for the user even if the user had the same queried permission sets assigned to them. I assumed that it would work similarly to sharing rules so if a user had a permission set they would be able to query it but alas not :( would be nice but understand why.
Andrew Wheeler - 7 years ago
Same as @davcondev I would be keen to see this broken down some more. (@Tony Barrow or @Adam Torman) We have the issue where we have been profile based in our applications and would like to move across to permission sets. This issue is hindering our movement across as we have areas in workflows where we use $Profile. A $PermissionSet global variable that we could reference in workflows would make our lives much easier.
dav condev - 7 years ago
@Tony Barrow or @Adam Torman can you break this down some more? I figure the field would be on the User object. But AFAIK you can't put a before trigger on PermissionSetAssignment, and I don't see how any other object would provide a continually up to date permission set list.
Tony Barrow - 8 years ago
I've needed this for quite sometime now and decided enough is enough. Until SF adds this feature natively I'll use a workaround I developed.
WORKAROUND: In a before trigger I populate a custom text field with ALL permission sets assigned to current user. Then in my validation rule I (or an Admin can) check to see if the custom text field contains target permission set. Viola!
Dan Wooding - 8 years ago
This would be great to have for validation rules especially. We are trying to create general profiles and use permission sets to add on access, such as adding edit rights to a field for a manager. If you have a validation rule that says that once a field is populated it can only be editied by a manager there is no other way to specify that manager unless you hardcode their id.
If you could say if they have a specific perm set then it can be more dynamic and we can rotate different managers in and the validation rule would not need to be changed.