SECTIONS
We have redesigned PSA permissions and the Certinia security model. This provides a robust and focused approach to manage user security. From Fall 2021, we have started to introduce a series of functional permissions.
Salesforce introduced permission set groups in their Spring 2020 release. Permission set groups add an additional level of control to permission sets. All the benefits of using profiles are now also available for permission sets, without the administrative overhead. For more information, see the Salesforce release notes for Spring ‘20, "Permission Set Groups: Greater Flexibility in Granting Permissions (Generally Available)".
Permission set groups provide a method of grouping individual permission sets. A permission set group can be assigned once to a user rather than assigning multiple permission sets, simplifying the administrative process. You can group permission sets based on user roles using Permission Set Groups for easier user permission management.
Permission set groups are a more modular approach and involve less maintenance than profiles. For example, if maintenance is carried out on a single permission set this is reflected in all the permission set groups that contain it. This eliminates the need to manually update multiple profiles.
If a user performs more than one role, you can assign them the two permission set groups that correspond to those roles. If two job profiles have overlapping responsibilities, a permission set can be added to more than one permission set group. If two job profiles have overlapping responsibilities, a permission set can be added to more than one permission set group.
For more information on permission set groups, see the Salesforce Help.
Using Muting Permission Sets
A key advantage of permission set groups over profiles is the introduction of muting permission sets. Each permission set group can contain a muting permission set that reduces access to the objects and features that the permission set group grants access to.
The access provided by a permission set group is equal to the sum of all the permissions in the permission sets it contains, minus the permissions contained in the muting permission set assigned to the permission set group.
Muting permission sets allow you to tailor the standard permission set groups to your specific requirements.