You are here:
User Access Policy Considerations
Be aware of these considerations and special behaviors for user access policies.
Required Editions
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Available in: Enterprise and Unlimited editions |
General
- An action performed by a user access policy can’t trigger another user access policy.
- If you revoke access to permission set licenses or managed package licenses, the number of used licenses displayed on the Company Information or Installed Packages Setup pages doesn’t always reflect these updates.
- The Recent User Access Changes section shows only changes applied by the policy that are still in effect. If access changes applied by a policy are later overridden, either by another user access policy or a manual operation, those changes are no longer displayed under Recent User Access Changes.
- We recommend that you use the enhanced interface, which is enabled by default when you enable user access policies. If you create user access policies using the enhanced interface then switch back to the original interface, you can overwrite the data in your policies. This behavior occurs because there are additional policy fields in the enhanced interface.
- You can edit the default user access policies list view to add or remove fields. To make managing active policies easier, we recommend that you add the Order field.
- If the policy's user criteria targets a public group or queue, the policy is only applied to individual users directly added to the public group or queue. The policy isn't applied to users added to the public group or queue via roles, territories, or nested public groups.
- In general, public group membership updates that affect many users can lead to long sharing recalculations, timeouts, or group membership locks. You can experience issues if several policies make updates of this kind simultaneously, or if you manually update public group membership at the same time. In these situations, we recommend that you defer sharing calculations before applying policies or making updates. After the policy is applied and related updates are made, you resume sharing calculations and complete a full sharing rule recalculation so that your changes are reflected. For more information, see Defer Sharing Calculations in Salesforce Help.
Active Policies
- You can have up to 200 active user access policies at a time. To optimize performance, we recommend that you create only the user access policies necessary for your business requirements.
- If your active user access policies have complex or numerous filters, it can take more time for them to be applied.
- If a user record creation or update triggers more than one user access policy, the policy with the lowest Order value is applied.
- An active policy is applied to existing users only when their records are updated to match the policy’s criteria. For example, if your policy has a filter on the user’s department, the policy is only applied to users whose department changes to match the criteria. The policy isn’t applied to users whose department already matches the criteria.
- If your active user access policy assigns licenses, but you don’t have enough licenses to assign to users, this assignment failure is noted in the Recent User Access Changes.
Did this article solve your issue?
Let us know so we can improve!
