Skip to main content
Unisciti a noi al TDX, a San Francisco o su Salesforce+, il 5-6 marzo per la conferenza degli sviluppatori sull'era degli Agenti IA. Registrati ora.

Migrate Users with User Access Policies

Learning Objectives

After completing this unit, you’ll be able to:

  • Create manual user access policies.
  • Configure user access policies for migrating access and permissions.

Example Scenarios

As we mentioned in unit 1, user access policies can come in handy when you’re making large-scale user access changes, like migrating users from one setup to another. Some examples of this include:

  • Assigning permissions using permission sets and permission set groups, instead of profiles
  • Restructuring group and queue membership based on annual realignment
  • Rolling out new features and granting users access via permissions and licenses
  • Removing access and permissions for obsolete processes and features

For these types of changes, you create manual user access policies. You apply the policies directly to the users meeting the criteria, giving you more control over when the changes are applied. But the same benefits of user access apply. You can aggregate access and apply these changes to users in a single operation, saving you time, clicks, and effort. Plus, as always, you can easily track which users were affected.

For Ursa Major Solar, Maria Jimenez wants to migrate some of the company’s existing profiles to have a permission set- and permission set group-led access configuration. She knows that this is a user management best practice. She’s starting this work with the Support team, and wants to set up a user access policy instead of manually updating access for each member of this team.

Five office workers at Ursa Major Solar, Inc., working at a conference-room table with individual laptops open.

Set Up the User Access Policy

Maria’s ready to create another user access policy, this time a manual one. The initial creation and configuration steps are the same.

  1. From Setup, in the Quick Find box, enter User Access Policies, and then select User Access Policies.
  2. Click New User Access Policy.
  3. Enter a value for the Policy Name. Maria enters Support Profile Migration. The API Name auto-populates.
  4. Because this policy is manual, not active, she skips adding a value for Order.
  5. She enters a Description.
  6. Then click Save.

Setup screen for creating a new user access policy.

Like before, Maria sets up the user criteria to target the Support Team and then configures the actions.

  1. On the user access policy’s detail page, click Edit Criteria to configure the policy’s user criteria filters and actions.
  2. Under Define User Criteria, set up the filter:
    • Resource: Profile
    • Operator: Equals
    • Value: Custom: Support Profile
  3. In the “Select additional user fields to filter on” section, set up the filter:
    • Resource: Active
    • Operator: Equals (Ignore Case)
    • Value: True
  4. Under Define Actions, grant the Support User permission set group:
    • Action: Grant
    • Target: Permission Set Group
    • Value: Support_User
  5. Click Save.
Note

Note: Maria can’t revoke the Custom: Support Profile profile, because users must still have one profile. But after the policy is applied, Maria can go back and remove the profile’s included permissions so that it only contains default settings.

Setup screen for setting user criteria and actions in a user access policy

Did that process seem familiar? You’ll soon be a pro at creating user access profiles. Pay attention to the next steps, though, because applying the policy is a bit different for manual user access policies.

Apply the User Access Policy

  1. Back on the policy’s detail page, Maria clicks Apply Policy. She sees a list view with all the users that meet the policy’s criteria.
  2. You can select a subset of users to apply the policy to, or click Apply to All. In this case, Maria clicks Apply to All to update all three members of the Support team in one click.

User access policy user application screen.

On the new Support Profile Migration policy’s detail page, under Recent User Access Changes, Maria can see when this policy was applied and the affected users. She also reviews the user records to confirm that the users were granted access correctly.

Well done! In this badge, you learned all about user access policies and practiced creating multiple policies. We hope that user access policies become a trusty tool in your tool belt of user management features.

Resources

Sfida pratica

+500 punti

Preparati

Completerai questa unità, questo progetto o questa fase nella tua organizzazione di prova. Fai clic su Avvia per iniziare o seleziona il nome della tua organizzazione per sceglierne un'altra.

La tua sfida

Migrate Access with a Manual User Access Policy
Remove users from the Technical Support and Expert Support public groups and add them to the new Tier 3 Support public group (Team Trailhead has already created the users and the public group for you).
  • Create the user access policy and configure its criteria and actions:
    • Policy Name: Tier 3 Group Setup
    • API Name: Tier_3_Group_Setup
    • Don’t specify a value for Order.
    • Add a description (We won’t check for this.)
    • For User Criteria:
      • Group
      • Equals
      • Technical_Support
        AND
      • Group
      • Equals
      • Expert_Support
    • Define three Actions:
      • Grant
      • Group
      • Tier_3_Support group
        AND
      • Revoke
      • Group
      • Technical_Support
        AND
      • Revoke
      • Group
      • Expert_Support
  • Apply the policy to all the users who meet its criteria.
Condividi il tuo feedback su Trailhead dalla Guida di Salesforce.

Conoscere la tua esperienza su Trailhead è importante per noi. Ora puoi accedere al modulo per l'invio di feedback in qualsiasi momento dal sito della Guida di Salesforce.

Scopri di più Continua a condividere il tuo feedback