Loading

Permissions starting with 'X' character in SOQL query results

Дата публикации: May 21, 2026
Описание

When querying the PermissionSetAssignment object in Salesforce using SOQL (Structured Query Language) — for example, via Data Loader — some results in the PermissionSet.Name column appear as IDs beginning with the letter 'X' (such as X00f26000006FrycBBC or X00e20000007Fk9JAAS). These entries are not real, user-created permission sets. This article explains what these 'X'-prefixed entries represent and how to write SOQL queries that exclude them.


Example Query That Produces 'X'-Prefixed Results
Running the following SOQL query returns both permission set assignments and profile-based assignments:

SELECT Id, PermissionSetId, AssigneeId, SystemModstamp, Assignee.Name, PermissionSet.Name, Assignee.IsActive FROM PermissionSetAssignment

The PermissionSet.Name column in the results includes entries like:

  • OCMS_Events_Tab (a real permission set)
  • X00f26000006FrycBBC (a profile-based assignment)
  • X00e20000007Fk9JAAS (a profile-based assignment)
Решение

Why 'X'-Prefixed Entries Appear in SOQL Query Results

In Salesforce, as of API version 25.0 and later, every user profile is internally represented by a corresponding permission set. This is because Salesforce uses permission sets as the underlying data structure for storing profile-level object permissions, field permissions, and setup entity access settings. When you query PermissionSetAssignment, the results include both user-created permission sets and these automatically generated profile-based permission sets.
Permission sets that represent profiles are identified by IDs starting with the letter 'X'. These are system-managed records and cannot be modified.
By default, every Salesforce user has at least one PermissionSetAssignment record that links them to their profile (represented as a permission set). This is expected behavior and is working as designed.

How to Query All Permission Sets (Including Profile-Based Ones)

The following SOQL query returns all permission sets, including those owned by profiles:
SELECT Id, Label, ProfileId, Profile.Name FROM PermissionSet

How to Query Only User-Created Permission Sets (Excluding Profile-Based Ones)

To retrieve only permission sets that are not owned by profiles, filter by the IsOwnedByProfile field:
SELECT Id, Label, ProfileId, Profile.Name, IsOwnedByProfile FROM PermissionSet WHERE IsOwnedByProfile = FALSE

How to Query Only Permission Set Assignments (Excluding Profile Assignments)

To retrieve only permission set assignments for user-created permission sets (excluding profile-based assignments), add a WHERE clause filtering on permissionSet.IsOwnedByProfile:
SELECT Id, PermissionSetId, AssigneeId, SystemModstamp, Assignee.Name, PermissionSet.Name, Assignee.IsActive FROM PermissionSetAssignment WHERE permissionSet.IsOwnedByProfile = FALSE
This query returns only the permission set assignments that correspond to explicitly assigned permission sets, without including the automatically generated profile-based assignments.

Номер статьи базы знаний

000387815

 
Загрузка
Salesforce Help | Article