Currently, in Salesforce we have many features require access checks that specify which users can access certain functions. Permission set and profiles settings include built-in access settings for many entities, like objects, fields, tabs, and Visualforce pages etc. . . . However, permission sets and profiles don’t include access for some custom processes and apps. Custom permissions let you define access checks that can be assigned to users via permission sets or profiles, similar to how you assign user permissions and other access settings. For example, you can define access checks in Apex that make a button on a Visualforce page available only if a user has the appropriate custom permission. Any time admin can revoke the custom permission from the profile or permission set to revoke the processor app access.
Let’s Define Custom permission
Go to Setupà Develop -> Custom Permissions à Click on New and enter information as shown below.
Now you can assign this custom permission to profile or permission based on need. In this case, I assign it to the profile “System Admin “. Under system admin profile edit Custom Permissions section and assign the custom permission as shown below.
So far looks nice. we defined the custom permission and assigned it to the profiles.Let’s understand how to use it.
Usage 1: – Validation rules
You can use custom permission in the number of ways namely from Apex, Formulas and Approvals and workflows and validation rules.
Now let us see how to use it in validation rule.let’s suppose if you wanted to edit the Opportunity Stage for only specific profiles.you can assign the custom permission to the profile and you can use in validation rules. Custom permission can be access by using “$Permission” global variable.
Go to Opportunity Validation rules, create a new rule as shown below
Once you save it, the user who is not having access to the Opportunity_Stage_Edit custom permission not able to update the stage and it will prompt an error as shown below.
Usage 2: – Formulas and Workflow and Approval process and Process Builder
You can use custom permission in approval and formulas and workflows andProcessBuilder to perform the process actions based the custom permission assignment. like submitted discount approval for the only specific profile .what you can do is simply you can assign the custom permission and check the custom permission in approvals process entry criteria. same will be the application in the case of workflows and formulas.
Usage 3: – Visualforce page
In Visualforce you can use access by Using $ Permission global variable. you can use in different ways to visual force. let us suppose take you want to provide access to specific button based on the Custom permission assignment or wanted to render specific sections for profiles and etc.
The below logic will render the button based on the Custom permission
You can use custom permission in the OAuth scope as shown below image
Usage 5: – Apex, use your own way
You can use custom permission in the apex code as well. you can query custom permission by using CustomPermission and SetupEntityAccess object by using SOQL as shown below.
CustomPermission permission =[SELECT Id, DeveloperName
Where DeveloperName = 'Opportunity_Stage_Edit' Limit 1];
List<SetupEntityAccess> setupEntities =[SELECT SetupEntityId
WHERE SetupEntityId=:permission.Id AND
ParentId IN (SELECT PermissionSetId