Be aware of these considerations and special behaviors for permission sets.
|Available in: Salesforce Classic and Lightning Experience|
|Available in: Contact Manager, Professional, Group, Enterprise, Performance, Unlimited, Developer, and Database.com Editions|
- Differences between new and cloned permission sets
- A new permission set starts with no user license selected and no permissions enabled. A cloned permission set has the same user license and enabled permissions as the permission set that it’s cloned from. You can’t change the user license in a cloned permission set. Clone a permission set only if the new one requires the same user license as the original.
- Make sure to refer to the Salesforce Features and Editions Limits for your specific edition.
- User license restrictions
- Some user licenses restrict the number of custom apps or tabs that a user can access. In this case, you can assign only the allotted number through the user’s assigned profile and permission sets. For example, a user with the Force.com App Subscription user license with access to one Force.com Light App can access only that app’s custom tabs.
- Assigned apps
- Assigned app settings specify the apps that users can select in the Force.com app menu. Unlike profiles, you can’t assign a default app in permission sets. You can only specify whether apps are visible.
- Permission sets and profiles
- In API version 25.0 and later, every profile is automatically associated with a permission set, whether you explicitly assign it to one or not. This permission set stores the profile’s user, object, and field permissions, plus setup entity access settings. You can query on these profile-owned permission sets but not modify them. They’re not visible in the user interface.
- Permission sets and permission set licenses
- In API version 38.0 and later, you can create a permission set and associate it with a permission set license. When you create a permission set using a specific permission set license, users assigned to the permission set receive all functionality associated with the permission set license.
- Apex class access
- You can specify which methods in a top-level Apex class are executable for a permission set. Apex class access settings apply only to:
Triggers always fire on trigger events (such as insert or update), regardless of permission settings.
- Apex class methods, such as Web service methods
- Any method used in a custom Visualforce controller or controller extension applied to a Visualforce page