Loading
Feature degradation | Gmail Email delivery failureRead More

Salesforce CPQ Readiness for Permission Set License Assignment

Publish Date: Sep 2, 2025
Description

Context and Timeline

Permission Set Licenses (PSLs) for Salesforce CPQ were provisioned to existing CPQ Production Orgs in early February 2020. Customers who purchase Salesforce CPQ after the Spring '20 Production release will have PSLs provisioned to their Production Orgs on an ongoing basis. User licenses for Salesforce CPQ will be enforced via Permission Set License beginning in version 228 (Winter '21). The Managed Package License will no longer be enforced on the user level as it will transition to a site license. Prior to upgrading to Salesforce CPQ version 228, PSLs will have no influence over users' access to SF CPQ object data or features. After upgrading to 228, PSLs will control access to CPQ data and functionality. Unlicensed users in version 226 and earlier are unable to see CPQ objects and unable to access object records. In CPQ 228 and beyond, unlicensed users can see the existence of CPQ objects but are unable to access object records.

NOTES:

  • Do not un-assign Managed Package Licenses (MPL) from users during the transition phase (SF CPQ 224 & 226). No changes are required for MPL assignments as this becomes a Site License following the upgrade to CPQ 228.
    • If you have upgraded to CPQ 228 (Winter '21) and users are unable to see these objects, re-assign MPLs to the affected users. Log a case with support if there are additional concerns.
    • Sandbox Orgs must assign users a PSL in order for them to access CPQ licensed custom objects. Sandbox users previously were not required to have an MPL assigned because the license for Salesforce CPQ in Sandbox Orgs prior to 228 was applied as a Site License.
  • The auto-upgrade to CPQ 228 will fail should admins not take the appropriate actions prior to the push of CPQ 228 (Winter '21). 
  • Starting in CPQ 224 (Spring '20), the Check Upgrade Readiness Tool became available and can help admins understand which users need a PSL assigned.
  • Manage Licenses button will change after upgrading to CPQ package versions 228 or later. Initially, this button was removed after version 228 but was brought back by the Core platform in release 236 for the Enable for Platform Integrations feature. With the Managed Package License transitioning to a site-wide license, you will no longer need to assign MPLs so we've removed this ability from the Manage Licenses page. if you still have the ability to assign MPLs two weeks after upgrading to version 228 or higher, please log a ticket with Salesforce Support to manually complete the update.
Follow the steps below for Production and Sandbox Orgs on CPQ versions 224 (Spring '20) or 226 (Summer '20). 
Resolution

The Check Upgrade Readiness Tool

The Check Upgrade Readiness Tool can be found via:

Setup > Installed Packages > Salesforce CPQ > Configure > Additional Settings


Admins should use the Check Upgrade Readiness Tool in their Production Orgs in preparation for enforcement of PSLs. The purpose of this tool is to help admins identify which users may be required to have PSLs assigned based on their assigned Permission Sets. The tool can be used as often as needed to prepare for the upgrade and should be used every time users are added or deactivated between installation of CPQ 224 and prior to the upgrade to 228.

View this video to see the check upgrade readiness tool in action.
 

1. Click ‘Check Upgrade Readiness’. Three sections will be shown:
 

Errors
Your org has x active users with assigned permission sets who do not have assigned Managed Package Licenses.
Your org has x inactive users with assigned permission sets. Permission Set Licenses cannot be assigned to inactive user.

Download CSV Files
Users with Permission Set but no Package License
Inactive Users with Permission Set
Users Who Need a Permission Set License

Org Readiness Details
CPQ Managed Package Licenses Provisioned: x
CPQ Managed Package Licenses Assigned: x
Users with CPQ Permission Sets Assigned: x
CPQ Permission Set Licenses Provisioned: x
CPQ Permission Set Licenses Assigned: x
 

2. Best practice is to clear the errors first using CSVs 'Users with Permission Set but no Package License' and 'Inactive Users with Permission Set'. When all errors are corrected, two sections will be visible:
 

Download CSV Files
Users Who Need a Permission Set License

Org Readiness Details
CPQ Managed Package Licenses Provisioned: x
CPQ Managed Package Licenses Assigned: x
Users with CPQ Permission Sets Assigned: x
CPQ Permission Set Licenses Provisioned: x
CPQ Permission Set Licenses Assigned: x
 

3. Now assign PSLs by using the CSV ‘Users Who Need a Permission Set License’. When all users have been assigned PSLs, one section will be visible:
 

Org Readiness Details
CPQ Managed Package Licenses Provisioned: x
CPQ Managed Package Licenses Assigned: x
Users with CPQ Permission Sets Assigned: x
CPQ Permission Set Licenses Provisioned: x
CPQ Permission Set Licenses Assigned: x
 

Once all errors from the readiness check are resolved and the only remaining task is to assign PSLs, an Assign Licenses button will appear. The Permission Set License Auto Assignment Tool, released in 226 to simplify PSL assignments, can be used to assign PSLs to the list of users identified as requiring a CPQ user license. After all CPQ users have been assigned a PSL and the CPQ package is ready to upgrade, the assignment tool is not available and the following message appears:
 

Your org's readiness check completed without errors. Any admin action that changes user assignments will require another upgrade readiness check.



4. Assign PSLs in Sandbox Orgs by refreshing the sandbox and license assignments will reflect the settings in Production. If PSLs are not available in Sandbox, the refresh also will provision the sandbox with the same licenses from Production. Alternatively, the Match Production Licenses without a refresh tool can be used to provision the missing PSLs in Sandbox. 

 

NOTE: Integration Users, Non-CPQ, or Advanced Approvals users may be seen on the reports. Review this article if you find the org has these users. Any admin action that updates users may in turn require another upgrade readiness check to confirm there are no new errors. Users assigned to Permission Sets with Modify All / View all Data will not appear on the upgrade readiness report.


Applications included in Permission Set License Readiness

This Check Upgrade Readiness tool supports only Salesforce CPQ and Advanced Approvals. Salesforce Billing currently uses site licenses, and is therefore not impacted by the change to PSLs.
 

Custom Permission Sets included in Check Upgrade Readiness

Custom permission sets may contain access to CPQ objects which will be flagged by the Readiness Tool as requiring a related license. Users whose assigned custom permission sets contain this access need to have a CPQ license. Removing permission set assignments using API, individually from user records, or via data import are ways admins can remove these permission sets from non-CPQ users.


Developer Orgs and PSL Assignment

Developer Edition (DE) Orgs are not associated with Production Orgs, therefore Salesforce will update the underlying definition of the DE Orgs before the Summer '20 release to include the necessary Permission Set Licenses for CPQ and Advanced Approvals (exact quantities to be determined).

All new DE Orgs created after Winter '21 will have the necessary licenses required for installation of CPQ or Advanced Approvals versions 228 and beyond.

Profile 

When utilizing the Enhanced Profile User Interface, profile edits are limited to a single object at a time to decrease page load times. To simplify the permission removal process, administrators can disable this feature to allow edits to multiple object permissions at one time. Here is the path to disable this feature:

Setup > User Management Settings > Disable “Enhanced Profile User Interface”

Refresh the profile page to see the updated layout and remove all Licence Controlled Objects (LCO) and their dependent object permissions to resolve the error.

Knowledge Article Number

000380942

 
Loading
Salesforce Help | Article