Start tracking your progress
Trailhead Home
Trailhead Home

Activate Session-Based Permission Sets Without Code

Learning Objectives

After completing this unit, you'll be able to:
  • Name the ways in which you can activate a session-based permission set.
  • Explain why you might want to use declarative tools to activate a session-based permission set.
  • Activate a session-based permission without code.

Activation Options for Session-Based Permission Sets

Now that you’ve created a session-based permission set of your own, let’s make it usable. To make it usable, you need to have a way to activate a session for the permission set. If you like getting your hands dirty with APIs, you can do that, and we won’t stop you. The PermissionSet object in the Soap API contains a field called HasActivationRequired, a boolean that indicates whether the permission set requires an associated active session (true) or not (false). Insert a record into the SessionPermSetActivation object with the combination of session ID and permission set to achieve the activation.

Don’t know how to code? That’s OK. Salesforce has a nice declarative tool that you might already use: Flow. We’ll use a flow to help make your session-activation process smooth, even if you don’t code.

Get Started

Before you jump in, it helps if you’re familiar with using Flow. If you’re not familiar with flows, no problem. We create a simple one here. In fact, this flow functions with only one step! However, you probably already guessed that Trailhead has you covered if you want to learn more—and we encourage you to do so. Check out the Build Flows with Flow Builder trail. Make sure that you have permissions to access flow to continue, though! Let’s check permissions right now.
  1. Go to your profile. In Setup, go to Users and select your profile. You’re more than likely using the System Administrator profile.
  2. Look for Manage Flow and make sure it’s selected.
Now back to our flow for session-based permission sets.
  1. From Setup, enter Flows in the Quick Find box, then select Flows, and click New Flow.
  2. Select Screen Flow and click Create.
  3. From the Elements tab in the toolbox, drag Action onto the canvas.
  4. In Search All actions..., begin typing Activate and select Activate Session-Based Permission Set.
  5. For Label, use Activate Employment Contracts Access. The API Name defaults to Activate_Employment_Contracts_Access.
  6. On Set Input Values in Permission Set Name, type Employment_Contracts_Access. (This value is the API name of your permission set!
  7. Click Done.
  8. Drag the connector node at the bottom of Start onto your Action.
  9. Save your flow with the name Activate Contracts Access as a Screen Flow.
Note

Note

You might receive a message stating that your action isn’t connected to anything. You can ignore the message for now.

Here’s what the flow looks like.

The Flow Builder screen with one action to activate a session-based permission set.

The flow creation steps were easy, right? So easy, in fact, that if you’re an experienced user of flows, you’re probably thinking, “Can’t we do more than a one-step flow?” We can. Right now, though, we’re focused on using session-based permission sets, so let’s proceed. Run the flow from Flow Builder by clicking Run. Running the flow activates the permission set. But after you click Run, you see an error screen. Oops. Now, check your email.

What? “Check your email”?

Yup. The reason why is that you’ll also receive a message explaining the error you saw in Salesforce. It seems that no one is assigned yet to the Employment Contracts Access permission set. If you run across problems when working with your flow, check if you received any emails about errors. Remember that we’re working with three different areas: permission sets, user assignments, and flows. The detail in the emails can help you troubleshoot quickly. For example, you receive an error if you reference a non-existent permission set name in your flow, if your flow contains logical issues, or if you haven’t assigned the permission set referenced in the flow to a user. In this case, you get an email that includes detail about the lack of user assignment.

Error Occurred: The permission set must be pre-assigned to the user before being activated

Remember that we said you could ignore the warning you got earlier, because we're still building this flow? You can ignore this error too. We assign the permission set to a user, but that user doesn't exist yet in our org. We create the user next. Typically you probably assign users to your permission set first. However, let’s say you forgot to assign a new employee to the permission set. What would happen if this person attempted to run the flow? You guessed it.

It’s good to be aware of some of the errors you or users can run across that have easy solutions. Now activate your flow: return to Flow Builder, and click Activate. Activating your flow without a user assigned to the permission set causes no harm. However, our flow can't accomplish what we need until someone is assigned to the permission set.

Create a user who can edit and create contracts. This person is a hiring manager and needs access to employment contracts for contractors.
  1. Assign the user to a profile, making sure that the person has read-only (no edit) access to the Contracts object. The person must run flows. For example, you could assign the user a clone of the read-only profile and enable the Run Flows permission.
  2. Assign the Employment Contracts Access permission set to the user.
Now sign in as this user and go to the Contracts object. You can see contracts. However, there’s no New button, so you can’t create one right now.
Contracts list view without the 'New' button.

Stay logged in as the user, go to Flows in Setup, and run the Activate Contracts Access flow. If you go to the Contracts object, notice that there’s now a New button available to create a contract.

Contracts list view with the 'New' button.
Tip

Tip

If the New button doesn’t appear, try refreshing your screen or switching to Salesforce Classic and then back to Lightning Experience.

For the rest of the current session, the user has Create, Read, Edit, and Delete access to the Contracts object, and edit access for Contract Name, Contract Start Date, and Contract Terms (months). But we probably don't want to make our users run flows from Setup every time they want to create or change a contract. In the next unit, we make the process easier for everyone.