Managing Future Updates to Permission Sets and Permission Set Groups

Note:

We have redesigned PSA permissions and the Certinia security model. This provides a robust and focused approach to manage user security. From Fall 2021, we have started to introduce a series of functional permissions. Permission set groups add an additional level of control to permission sets. All the benefits of using profiles are now also available for permission sets, without the administrative overhead.

In future releases, Certinia will make changes to permission sets and permission set groups for PSA.

If you deploy unamended Certinia permission set groups and unamended Certinia permission sets, these will be automatically upgraded in future releases. This approach requires the least manual intervention at each release.

If you have customized permission set groups that contain unamended Certinia permission sets, the permission sets will be automatically upgraded in future releases. This approach reduces the need to manually update permission set groups following each release.

Note: If you have cloned a Certinia permission set, the permission set will not be upgraded. An administrator must make the changes manually. We recommend you do not clone or amend the Certinia permission sets. You can use permission set groups to amend the access as needed.

Best Practice

We recommend the following:

  • Use the permission sets provided by Certinia rather than cloning. By doing this, you are not required to make changes to your cloned permission sets when permission sets are upgraded in future Certinia releases.
  • Use the permission set groups provided by Certinia. You can extend or modify the permissions using custom permission sets or muting functionality.
  • Avoid combining permissions for multiple Salesforce packages into the same permission set or permission set group.