Profile to permission set migration

Salesforce have stopped development for profiles as a means of user and system permission management. Profiles are to be retained, but with a much reduced role focused on basic permissions including default record types and apps. Most of the user permissions currently available through profiles will be moving to permission sets, including:

  • System and app permissions

  • Object permissions

  • Field level security

  • Tabs

  • Record types

    Default record types remain with profiles.

  • Apps

    Default apps remain with profiles.

  • Connected app access

  • Apex classes

  • Visualforce page access

  • Custom permissions

Permission sets and permission set groups are to become the main components for user permission management. Permission sets offer a much higher level of security that can be locked down to provide a stable set of access permissions supporting your Sage People implementation.

To support the change the Change User page has been updated to enable you to select permission set groups and additional permission sets when linking team members to user records.

Sage People has developed a migration tool to transfer permissions granted through existing profiles to permission sets.

The Profile to permission set migration tool:

  • Analyzes an existing custom profile and compares the permissions granted with those in a defined group of managed permission sets.

  • Produces a list of the differences identified.

    You can check the list to ensure the profile was granting permissions appropriate to the users assigned to it.

  • Creates a new permission set with any extra permissions granted by the profile.

  • Creates a new permission set group and adds the new permission set and the managed permission sets used for the profile comparison.

  • Assigns the new permission set group to the users assigned to the original profile.

  • Replaces the original profile with a standard profile.

The Profile to permission set migration tool is delivered as part of the Y24.2 release but requires no further action on your part at this stage. More information will be posted in future communications.