Custom Permissions

In Salesforce, many features require access checks that specify which users can access certain functions. Permission set and profile settings include built-in access settings for many entities, like objects, fields, tabs, and Visualforce pages. However, permission sets and profiles don’t include access for some custom processes and apps. For example, in a time-off manager app, users might need to submit time-off requests, but only a small set of users approves time-off requests. You can use custom permissions for these types of controls.

Custom permissions let you define access checks that can be assigned to users via permission sets or profiles, similar to how you assign user permissions and other access settings. For example, you can define access checks in Apex that make a button on a Visualforce page available only if a user has the appropriate custom permission.

You can query custom permissions in these ways.

• To determine which users have access to a specific custom permission, use Apex and do something like the following.

  Boolean hasCustomPermission = FeatureManagement.checkPermission('your_custom_permission_api_name');

• To determine what custom permissions users have when they authenticate in a connected app, reference the user's Identity URL, which Salesforce provides along with the access token for the connected app.

• Create Custom Permissions
  Create custom permissions to give users access to custom processes or apps.
• Add or Remove Required Custom Permissions
  A required custom permission is a custom permission that must be enabled when the parent custom permission is enabled. For example, you could have a custom permission “Approve Time-Off Requests” and specify that it requires the custom permission “Submit Time-Off Requests.”