Loading

Remove permission set assignments with API

Date de publication: Oct 28, 2022
Description

List of editions that support API feature include - Enterprise, Unlimited, Developer, and Performance


If you need to bulk remove a permission set from assigned users, or are unable to remove them through the user interface for any reason, one way to do this is with an API program such as Data Loader. 

For example, let's say a system administrator unintentionally assigns themselves the API Only permission in a Permission Set. The next time they tried to login to their org via the UI, they would find themselves unable to successfully login. They can no longer login to the UI to remove the permission or the Permission Set, so they can use Data Loader to remove it instead. 
Résolution

Note: The below article link may help the user to understand how to ensure 'API Only User' permission is not enabled to avoid getting into the similar scenario in the future. Error 'Insufficient Privileges' when administrators login from the user interface

Using an API enabled product such as Data Loader, query the PermissionSetAssignment object. Identify the ID of the record matching the User and Permission Set that is affecting the access.

Steps to export PermissionSetAssignment with Data Loader

1. Log into the Data Loader.
2. Click Export.
3. Click "Show all Salesforce objects."
4. Choose PermissionSetAssignment.
5. Next.
6 .Select all the fields.
7. Finish.

With this file, you can identify the permission set assignment that you want to delete by searching for the ID of the impacted user(s). Remove all other non-impacted users from the CSV file, copy the "Id" column into a new .csv file, and save that new file. We recommend keeping a copy of the original file in a safe location for backup purposes. 

Steps to delete the PermissionSetAssignment via Data Loader

1. Log into the Data Loader.
2. Click Delete.
3. Click "Show all Salesforce objects."
4. Choose PermissionSetAssignment.
5. Select the file that contains the PermissionSetAssignment Id.
6. Map the PermissionSetAssignment Id with the Id on your file.
7. Finish.

Delete the PermissionSetAssignment viaWorkbench

1. In Workbench, the process a little easier.
2. Identify the PermissionSetAssignment ID that is affecting the user.
3. Mouse over the ID and a window will appear giving the option to delete.
4. Click on the delete link and a confirmation page  will appear. Once the record is deleted, the Permission Set should no longer be assigned to the user. 

Based on this solution, you can also mass add permission set via Dataloader

1. Select “Insert” from the DataLoader menu.
2. Select "PermissionSetAssignment" from the ObjectType menu.
3. Select the “From File” radio button and choose your CSV-formatted spreadsheet.
4. Click “Next.”
5. Map the columns from your spreadsheet as appropriate.
6. Map User ID with Assignee Id and permission Set Id with PermissionSet Id.
7. Click “Confirm Insert."
Numéro d’article de la base de connaissances

000385772

 
Chargement
Salesforce Help | Article