Skip to main content
GroupsUser Access & Permissions Assistant
Group

User Access & Permissions Assistant

This group is for collaborating around using User Access & Permissions Assistant (formerly known as Permission Helper). The app will be fully supported on July 18, 2022, so if you run into issues, please open a case with support.
Ask a question...
Allan Pheiffer (Sr. Salesforce System Specialist at Scoutz)
May 11, 5:11 AM
Update FederationId in Azure AD User Provosioning setup

Hi,

 

We have merged 2 organisations and now we see a lot of requests to change the UserPrincipalName in Azure AD. UserPrincipalName is mapped to FederationIdentifier in Salesforce. 

Here is what I think will happen: 

1. UserPrincipalName is changed in Azure AD 

2. Azure AD cannot find the User anymore in Salesforce as it do the lookup with a new UserPrincipalName 

3. Azure AD creates a new User in Salesforce 

4 I will how have 2 Users in Salesforce 

 

OR will Azure AD be able to find the Salesforce User in another way? 

 

Best Regards, 

Allan Pheiffer

2 answers
  1. Allan Pheiffer (Scoutz)
    May 15, 6:39 AM
    @Sindoora G

    That was also my tought. As we have no AD test environment I just had to be 100% before implementing. I do no want to end up with all my Useres created as doublets 😉

    Best Regards,

    Allan Pheiffer

Write an answer...
0/9000
Heath Parks (Information Systems/Salesforce Manager at Cincinnati Works)
Mar 10, 11:02 AM
Converting System Admin Profile to Permission Sets - Best Practice?

Any thoughts, suggestions, on best practices around converting the System Admin Profile to Permission Sets? I just finished converting all of the regular users, 2 base profiles and a handful of Permission Sets and PSG's based on Persona's.  So all I have left if the System Admin and a QA role. So just trying to determine the "best" way to handle the System Admin. Multiple Permission Set's or just one overall? And what about all of the system permissions an Admin has? Do I really need all of those permissions? 

 

Any thoughts, tips, suggestions would be appreciated. 

 

#Salesforce Admin #Systems Administrator #Nonprofit #Permissionset

3 answers
  1. Heath Parks (Cincinnati Works)
    Mar 10, 12:08 PM

    @Divya Chauhan I am assuming that I need to clone the existing System Admin Profile and create a new one, since the "base" one, you can't edit. Correct? And when installing apps from the app exchange, I am also assuming that I would hit the Selected Profiles and choose the new cloned System Admin? Correct?

Write an answer...
0/9000
Niki Vankerk (Salesforce Architect at Vankerk Solutions) asked in * Salesforce Administrators *
Jan 22, 8:15 PM
Advice on cleaning up permission sets and profiles

I have a new client with a crazy mess of permission sets and profiles.  It looks like some other consultant converted all their previous profiles straight into permission sets and we now have about 150 permission sets named after various roles in the company, with no documentation of course.  Any suggestions on how to start sorting this out? 

 

  1. Sys Admins - do people generally have a single permission set for Admins that has R/W access to all fields/objects rather than relying on the profile?  Now that the field creation flow shows permission sets, we have lots of fields that are not available to system admins as it was not added to the admin profile.
  2. Role based vs functionality or object based - any thoughts on having perm sets around each object (view only vs standard user edit vs special edit scenarios) or by functionality (quotes and opps together for a 'Quoting' permission, other objects grouped for 'Account Mgmt' and 'Customer Service' etc)?
  3. Any recommended tools you have used to document or discover what is in each of the existing permission sets to evaluate if we keep them, or perhaps we just start fresh and eventually retire all the existing perm sets?

Thanks for any advice or experience you can share 

@User Access & Permissions Assistant @The Future of User Management @Architect Trailblazers

10 answers
  1. Niki Vankerk (Vankerk Solutions)
    Feb 2, 8:41 PM

    Thanks everyone for chiming in, this is a great discussion.  @Mike Megliola I have used PermComparator before and it's pretty good at highlighting differences but still doesn't show all the nuances of what you can have on a profile (record types, page assignments etc).  I'm going to check out Jetstream and I think I will likely ignore most of what the client has today and start fresh.  The existing permission sets are mostly just profiles that were auto converted into perm sets and have a lot of conflicting information, like FLS on objects that they don't have CRUD for etc.  

Write an answer...
0/9000
Gustavo A. Seluja (Salesforce Administrator at Optum-WellMed) asked in * Salesforce Essentials *
Mar 28, 2025, 2:41 PM
App installation: only Production available

Hello- 

 

I've installed AppExchange apps before.  This time, for the Salesforce app 'User Access and Permissions Assistant', only Production is available, not Sandbox.  Is there a trick or step I forgot about?  Thanks 

App installation: only Production available@User Access & Permissions Assistant

9 answers
Write an answer...
0/9000
Archana Madhu Sudan (ICT Systems at Trocaire) (Originally asked by Archana Madhu Sudan)
Mar 4, 2025, 2:50 PM
Write a comment...
0/9000
Chris Deutschmann (Solutions Consultant (HCM) at Sage)
Feb 5, 2025, 7:41 PM
When will this app support converting Salesforce Platform Licenced Profiles?

When will this app support converting Salesforce Platform Licenced Profiles? 

 

I have a number of profiles that were shipped as part of a managed package that are linked to Platform Licences and would really like to use this tool to convert them to Permission Sets as well. 

 

Have converted my Salesforce License based Profiles already and they work perfectly. 

 

or can anyone recommend any other apps to try?

2 answers
  1. Chris Deutschmann (Sage)
    Feb 6, 2025, 9:11 AM

    @VINAY KUMAR K

    in our org we have a number of Profiles that are associated with the Salesforce Platform User License - see below: 

     

    in our org we have a number of Profiles that are associated with the Salesforce Platform User License - see below: however when wanting to use the tool to convert Profiles to Permission Sets the tool

    however when wanting to use the tool to convert Profiles to Permission Sets the tool only shows Profiles with the Salesforce User License. 

     

     

    Screenshot 2025-02-06 090914.png

     

     

    So, the ask is for the tool to also work with Profiles with the Salesforce Platform License. 

     

    Hope that makes sense. 

     

    Chris  

     

Write an answer...
0/9000
Natalia Krukar (B. Braun)
Nov 7, 2024, 9:45 PM
Connect existing muted permission set with a permission set group

Hello!

 

I have got a muted permission set available in org which got removed from a permission set group after this permission set group deployment.

I found the Id of the muted permission set and I can open its page only in Salesforce Classic. 

I cannot any field connection between muted permission set and permission set group to connect them again. There is also no possibility to connect them starting from a permission set group page. There is only a button "New" for creating a new muted PS, no way to view free ones and re-connect.

 Can somebody advise, please ;)

1 answer
  1. Alan McQueen (Fike Corporation)
    Nov 8, 2024, 2:20 AM
    If you have someone with skill using the salesforce SFDX experience it is worth a try associating them and deploying programmatically
Write an answer...
0/9000
Melissa Acosta (Administrador at Accenture)
Jun 13, 2024, 11:41 PM
Freeze user permission

Hi everyone,

 

I'm trying to add the permission Manage Multi-Factor Authentication in API to my user, but when I try to add the permission to an system admin, the system shows this message

The user license doesn't allow the permission: FreezeUsers

 

Do you know what's the issue?

6 answers
  1. Brandon Woodcook (School Specialty, LLC)
    Oct 16, 2024, 3:23 PM

    @Melissa Acosta Maybe you've resolved this by now, but we had an issue regarding the Freeze Users permission in a sandbox that seemed to come post Summer '24. The error came about when attempting to assign a Permission Set to a User and it said, 'The user license doesn't allow the permission: Freeze Users'. The user had the exact same setup in another sandbox so we knew it wasn't an issue with confliction perms/config. 

     

    The solution proposed here by cropredy worked to resolve it for us. 

     

    Setup > Company Information > Match Production Licenses 

Write an answer...
0/9000
Allan Pheiffer (Sr. Salesforce System Specialist at Scoutz)
Jul 21, 2022, 7:49 AM
Error when saving Named Credentials

Hi When saving the Named Credentials record I get error=redirect_uri_mismatch&error_description=redirect_uri%20must%20match%20configuration

 The URL is set as described in "The domain from the callback URL that shows in the authentication provider. For example, if the callback URL is https://www.example.com/services/authcallback/PermhelperAuth, then the domain is https://www.example.com."

6 answers
  1. Usman Ali
    Jul 21, 2022, 7:54 AM

    Hi Allan, 

     

    After creating/updating the connected app, salesforce takes up to 10 minutes to reflect the change, after that time you can configure the named credentials.

     

    Your error is for Mismatch URI which means Callback URL wasn't added in the connected app for which you are using Client ID and Secret, if added then you have to wait for few minutes. 

Write an answer...
0/9000
Elizabeth Webster
Sep 23, 2024, 5:49 PM
Permission Set to Enable/Disable Chat User and Service Cloud User

We are trying to create some permission sets/permission set groups and we would like to be able to enable/disable Chat User and Service Cloud User from a permission set. It isn't under system permissions, is it somewhere else or it is not possible to do it via a permission set?

 

#Permissionset #Einstein Bots #User Management #Service Cloud

4 answers
  1. Robin Yang (Self Employed)
    Sep 23, 2024, 9:35 PM

    @Elizabeth Webster, both these 2 settings are on the User Object and you can't use Permission Set to manage users with them. If your goal is to manage users with/without the checkbox for these 2 settings, you can use Salesforce Workbench to query and/or update the User records with field UserPermissionsLiveAgentUser (for Chat User) and UserPermissionsSupportUser (for Service Cloud User) to True.

     

    Select ID, UserPermissionsLiveAgentUser, UserPermissionsSupportUser from User

Write an answer...
0/9000