function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Chirag MehtaChirag Mehta 

Save error: DML not allowed on PermissionSetAssignment

Salesforce announced PermissionSet feature in its recent release, and I'm loving it. 

 

The Winter ‘12 Salesforce release has introduced Permission Sets as a new way to manage security within the application. Each user continues to have a Profile, but Permission Sets can now be given to individual users to extend their permissions beyond what is described in their Profile. One of the current limitations is that there is no way to manage assignments of Permission Sets for more than one user at a time, which makes administration tedious.

 

So I'm trying to build visualforce page for a System Administrator to manage (assign and remove) Permission Sets for more than one user at a time i.e., Develop a tool  to assign or remove one or more permission sets to or from one or more users.

 

However, I'm caught with error "Save error: DML not allowed on PermissionSetAssignment" when trying to make INSERT DML call on PermissionSetAssignment object. API version of my apex class is 23.0 and Docs too says that this object is Createable. 

 

What is that I'm missing or is it something not released yet?

Chirag MehtaChirag Mehta

Below code is resulting in error:

list <PermissionSetAssignment> PSAssignments = new list <PermissionSetAssignment>();

for( record r : records )
    for( User u : users )
        PSAssignments.add( new PermissionSetAssignment(AssigneeId = u.id,PermissionSetId = r.recID ) );
                        
try {
    insert PSAssignments;
} catch( Exception e ) {
    errMsg = e.getMessage();
}

 

Stuart_KimbleStuart_Kimble

Hi Chirag

 

I was also experiencing this issue and asked my SF partner contact about it and he says DML on PermissionSetAssignment is not supported. 

 

They understand they need to add support for APEX DML in the future but for the time being, any DML operations should be performed by an alternative language that can use the API such as AJAX or JAVA.

 

Regards

 

Stuart

atormanatorman

Stuart is right on. I'm the product manager for Permission Sets. I know how important it is to add support for developers to create killer administrative apps and integrations.

 

We are actively working on adding enhancements to the API and APEX. With the Winter '12 release, we support APEX SOQL only (not DML) across the assignment and permission set object which includes User Permisions.

 

Over the course of the next several releases, we will be adding support for more access controls including Object Permissions, Field Permissions, and Apex Page and Class access as well as support for APEX DML.

 

In the meantime, I recommend taking advantage of the AJAX toolkit for DML or using Java on Heroku to handle any DML including permission set assignments.  We'll get there; stay tuned.

SFDCMattSFDCMatt
Chirag MehtaChirag Mehta

That's a set back for my application (permission set mgmt tool). -:(((

 

Now I need to make use of ajax toolkit to do the insert.

 

Thanks Adam & Matt for prompt response.

jwhartfieldjwhartfield

Just wanted to post an update, that it looks like this is now functional.  I was able to run the following code and successfuly apply a permission set to all the users in my ORG.

 

// Assigns permission sets to the appropriate users
		// This is run as part of the setup wizard and after installations.
		public static void AssignPermissionSets(){
			PermissionSet ps = [SELECT ID From PermissionSet WHERE Name = 'Minimum_Access'];
			list <PermissionSetAssignment> PSAssignments = new list <PermissionSetAssignment>();
			List<User> users = [SELECT ID,(Select ID FROM PermissionSetAssignments WHERE PermissionSetID = :ps.id) FROM User WHERE Profile.UserLicense.Name= 'Salesforce Platform' and IsActive = true];
			
			    for( User u : users ){
					if(u.PermissionSetAssignments.size() == 0) 
			       		PSAssignments.add( new PermissionSetAssignment(AssigneeId = u.id,PermissionSetId = ps.ID ) );
			}
			insert PSAssignments;
		}

 

Seba Melgin2323Seba Melgin2323
Hi guys,
I'm trying to DELETE a PermissionSetAssignment on an Uninstall class (which implements UninstallHandler). Here is the code:
 
global void onUninstall(UninstallContext ctx) { unassignPermissionSet(ctx.uninstallerId()); }

/**
* @description
* deletes the assignment between current User and the permissionSet.
*/
 public static void unassignPermissionSet(Id currentUserId) {
     PermissionSet[] ps = [SELECT Id FROM PermissionSet WHERE Name = :VOIQConstants.PERMISSION_SET_NAME];
     PermissionSet psVOIQPermSet;
     if (ps.size() > 0) {
         psVOIQPermSet = ps.get(0);

         // Assign the current User to Permission Set.
         if (PermissionSetAssignment.sObjectType.getDescribe().isDeletable()) {
             delete [SELECT Id FROM PermissionSetAssignment WHERE PermissionSetId = :psVOIQPermSet.Id];
         }
     }
 }

When I try to uninstall the package (which is a managed package) it throws an error:

Developer script exception (...). : Uninstall : DML operation DELETE not allowed on PermissionSetAssignment

Anyone can help us on it ? The PermissionSet is in the same package we trying to uninstall. Any suggestion to delete the permissionSetAssignment on another event than Uninstall ? (with the same purpose). Thanks !