Skip to main content

User Access Policies

Work In Progress
This page is a work in progress, accuracy of the content is not guaranteed and is subject to change at any time.

User access policies are a way of controlling user access to Salesforce based on a set of criteria. They can be used to easily assign, or revoke, groups of user permissions based on a set of criteria, making managing user access easier and more efficient.

info

These access policies should reflect access policies defined by the organisation and be fully documented outside of Salesforce.

Enabling User access policies

It is possible that user access policies are not enabled within the org. This can be checked by searching for User Access Policies in the Quick Find box in Setup. If it is not enabled, it can be enabled by following the instructions:

  1. Go to Setup.
  2. In Quick Find search for User Management Settings.
  3. Enable User Access Policies.
  4. If Enhanced Interface for User Access Policies is not enabled at the same time, enable it.
  5. Refresh the page.

User access policies should now be searchable within the Quick Find box.

Defining policies

When defining a User Access Policy, the following information is required:

  • Policy Name: A unique name for the policy
  • Description: A description of the policy. Treat this field as mandatory and provide a description of what permissions the policy grants
  • Order: The order in which the policy takes precedence. Lower numbers indicate a higher precedence. Always include an order number for automated policies

Once a policy is created, the next step is to define its criteria, which consists of the following:

  • User Criteria: The criteria that a user must meet to be assigned the policy. This criteria includes, but is not limited to, profile, permission set assignment, or even package licenses.
    • Additional user criteria fields: Additional criteria can be defined based on fields on the user record.
  • Actions: Granting or revoking specific things to matched users. This can include, but is not limited to, permission sets, package licenses, and groups.
tip

User access policies can be a very quick way of assigning new Seven20 users their package licenses and permissions to perform their job functions.

Automated assignment

By default, User Access Policies are provisioned in a bulk one-time operation to provide a group of users with the access defined within the policy; however, it is possible to set these up to be run automatically, to either grant or revoke access based on a triggered event, such as a new user, or an update to an existing one.

caution

Automated User Access Policies cannot trigger other User Access Policies and only one can be triggered per user update or creation.