Apex Code Development You need to sign in to do that
Don't have an account?
Trigger for Permission Set Assignment
Hi Experts,
I have requirement to write a trigger on user object. Whenever a user is created or updated based on the profile, I need to assign the permission set. I have created 2 custom object for this: Profile__c (master) and Permission_Set__c(detail). In Profile I have Saved a record name__c: "Standard Employee" and Id__c="15 digit Id " of real profile & same way I have created 3 records in Permission Set with name__c with original name of Permission Set and Id__c for its child record. I have to do this using custom object because we have around 124 permission Set which will continued to be added.
Trigger :
trigger permissionSetAssignment on User(after insert, after update){
if(trigger.IsAfter && trigger.IsInsert){
PermissionSetAssignment_Handler.afterInsert(Trigger.new);
}
if(trigger.IsAfter && trigger.IsUpdate){
PermissionSetAssignment_Handler.afterUpdate(Trigger.oldMap,Trigger.new);
}
}
Handler Class for Update:
public class PermissionSetAssignment_Handler {
public static void afterInsert(List<User> users){
/* Logic Yet to be written*/
}
public static void afterUpdate(Map<Id,User> oldUsers, List<User> newUsers){
Set<Id> userIds = new Set<Id>();
Map<Id,User> userPerm = new Map<Id,User>();
List<PermissionSetAssignment> insertList = new List<PermissionSetAssignment>();
for(User u:newUsers){
User checkUser = oldUsers.get(u.ID);
if(u.ProfileId != checkUser.ProfileId){
userIds.add(u.Id);
}
}
List<PermissionSetAssignment> psa = [Select Id from PermissionSetAssignment where assigneeId in:userIds and permissionSetId in (Select Id from PermissionSet where IsOwnedByProfile=False)];
delete psa;
List<Profile__c> profiles = [SELECT Id,Id__c,name,(Select Id,Id__c,name from Permission_Sets__r) FROM Profile__c];
List<Permission_Set__c> permissionSets = [Select Id,Id__c from Permission_Set__c];
for(User u:newUsers){
for(Profile__c pc:profiles){
/* Here I am stucked I want to fetch only those permissionSets which are under under profile but with below code I'll end up adding all permission Sets */
if(u.ProfileId == pc.Id__c){
for(permission_Set__c ps:permissionSets){
PermissionSetAssignment sep = new PermissionSetAssignment();
sep.AssigneeId=u.id;
sep.PermissionSetId=ps.Id__c;
insertList.add(sep);
}
}
}
}
insert insertList;
}
}
I have requirement to write a trigger on user object. Whenever a user is created or updated based on the profile, I need to assign the permission set. I have created 2 custom object for this: Profile__c (master) and Permission_Set__c(detail). In Profile I have Saved a record name__c: "Standard Employee" and Id__c="15 digit Id " of real profile & same way I have created 3 records in Permission Set with name__c with original name of Permission Set and Id__c for its child record. I have to do this using custom object because we have around 124 permission Set which will continued to be added.
Trigger :
trigger permissionSetAssignment on User(after insert, after update){
if(trigger.IsAfter && trigger.IsInsert){
PermissionSetAssignment_Handler.afterInsert(Trigger.new);
}
if(trigger.IsAfter && trigger.IsUpdate){
PermissionSetAssignment_Handler.afterUpdate(Trigger.oldMap,Trigger.new);
}
}
Handler Class for Update:
public class PermissionSetAssignment_Handler {
public static void afterInsert(List<User> users){
/* Logic Yet to be written*/
}
public static void afterUpdate(Map<Id,User> oldUsers, List<User> newUsers){
Set<Id> userIds = new Set<Id>();
Map<Id,User> userPerm = new Map<Id,User>();
List<PermissionSetAssignment> insertList = new List<PermissionSetAssignment>();
for(User u:newUsers){
User checkUser = oldUsers.get(u.ID);
if(u.ProfileId != checkUser.ProfileId){
userIds.add(u.Id);
}
}
List<PermissionSetAssignment> psa = [Select Id from PermissionSetAssignment where assigneeId in:userIds and permissionSetId in (Select Id from PermissionSet where IsOwnedByProfile=False)];
delete psa;
List<Profile__c> profiles = [SELECT Id,Id__c,name,(Select Id,Id__c,name from Permission_Sets__r) FROM Profile__c];
List<Permission_Set__c> permissionSets = [Select Id,Id__c from Permission_Set__c];
for(User u:newUsers){
for(Profile__c pc:profiles){
/* Here I am stucked I want to fetch only those permissionSets which are under under profile but with below code I'll end up adding all permission Sets */
if(u.ProfileId == pc.Id__c){
for(permission_Set__c ps:permissionSets){
PermissionSetAssignment sep = new PermissionSetAssignment();
sep.AssigneeId=u.id;
sep.PermissionSetId=ps.Id__c;
insertList.add(sep);
}
}
}
}
insert insertList;
}
}
Greetings to you!
You can use Flows and Workflow instead of trigger. Please refer to the below links which might help you further with the above requirement.
https://automationchampion.com/2014/07/18/automatically-add-permission-sets-to-new-user/
https://automationchampion.com/tag/auto-add-permission-sets-in-salesforce-to-user/
I hope it helps you.
Kindly let me know if it helps you and close your query by marking it as solved so that it can help others in the future. It will help to keep this community clean.
Thanks and Regards,
Khan Anas
Thanks for your response. I had previously checked that link but unfortunately my requirement couldn't be handled using standard salesforce functionality. We had 27 countries using our salesforce org and every country has its own permission set defined. It has to be dealt with trigger.
Thanks again for your response. I'm still working on it and will post my code soon.
Best Regards,
Ashish Singh