Book Free Consultation
Feature-Level Access in Salesforce Using Custom Permissions
Custom Permissions are your secret switch in Salesforce - a simple way to control who gets access to special features with just one click
By Jothish Bahuleyan
Assistant Software Developer
Feature-Level Access in Salesforce Using Custom Permissions
Consider a Sales Manager, Nick who got a new feature in Salesforce which is used to make special pricing adjustments for strategic customers. Since this affects the revenue calculations, the organization needs this to be accessible by only a limited number of people. The pain point here is that the people who need access are tagged under different profiles and roles, making it difficult to control access using profile-based or role-based configurations.
This is where Custom Permissions in Salesforce comes into play. Custom Permissions help administrators or developers to control feature-level access. Instead of relying on Profile or Roles, we can configure permissions and assign them using permission sets, and this can be checked in Apex, Flows, LWC, Validation Rules, and Lightning Pages. In this blog, we are going to explore deep about Custom Permissions and how we can implement them.
What is a Custom Permission ?
In a simple term, Custom Permissions are global variables that you can assign for the users and check them in validation rules, formulas, flows, apex and LWC. If the user had the Custom Permissions assigned, then the global variable returns true and if not, false. Let's dig deeper to know how to create Custom Permissions and assign them to the users.
Create Custom Permission
- To create a Custom Permission, go to Setup and search Custom Permissions quickly to find and select that.
- Click the New button, then type the values for the Custom Permissions label, name, and description. Then click the Save button to create the new Custom Permissions.
- That’s all your new global variable, i.e., Custom Permission is created with the name you provided.
Assign the Custom Permission
Custom Permissions can be assigned to the users either through profiles or permission sets. If the Custom Permissions are added to the profiles, then this will be applicable for all the users in that profile. In a real-world scenario, only a specific set of users from different profiles needs access to a feature. On those cases, adding Custom Permissions to the permission sets and assign to them becomes the better approach.
- To create a Permission Set, go to Setup and search Permission Sets in quick to find and select that.
- Click New, provide the details, and create the Permission Set.
- Open the new Permission Set that you created, click Custom Permissions in the permission set screen, then click Edit. Add your Custom Permissions from Available Custom Permissions to Enabled Custom Permissions, and click Save.
- Assign the Custom Permissions to the selective users, click Manage Assignments in the Permission Set page, select the users and assign the permission set to them.
Where can we use Custom Permissions?
Validation Rules
One of the most common use cases for the Custom Permissions is bypassing the validation rules for the specific set of users. Consider a business scenario where only certain users from various profiles should be allowed to move an opportunity to Closed Won. Since the users are from different profiles and all the users of those profiles should not consider, we can’t use profile names in the Validation rule. Instead of that, assigning Custom Permissions to the specific users and checking that will be the best.
Create a new Custom Permission with the label of Allow_Opportunity_Closure and create the validation rule with the below formula,
AND(
ISPICKVAL(StageName , "Closed Won"),
NOT($Permission.Allow_Opportunity_Closure)
)Flows
Custom Permissions can be used in flows to control the automation based on user access. This will help Administrators to control whether certain actions/blocks should run based on the current user’s permission. Below is the formula expression to check whether the running user has the Custom Permission assigned or not.
$Permission.Your_Custom_Permission Apex
Custom Permissions can also be checked in Apex logic to control execution based on user access. This is useful when you want to restrict certain business logic to specific users.
if (FeatureManagement.checkPermission('Allow_Opportunity_Closure')) {
// Logic for users who have permission
System.debug('User has access');
} else {
// Restrict logic
System.debug('User does not have access');
} Lightning Web Components (LWC)
Custom Permissions can be imported into LWC to dynamically control UI visibility and component behavior. This avoids hardcoding user profiles and makes the component reusable.
Import Custom Permission
import hasAccess from '@salesforce/customPermission/Allow_Opportunity_Closure'; Use in Component
get isAccessible() { return hasAccess; } Use in HTML
<template if:true={isAccessible}>
<lightning-button label="Special Action"></lightning-button>
</template> Lightning Pages
Custom Permissions can also be used in Lightning App Builder to control component visibility without writing code. This helps to show or hide components dynamically based on user access.
- Go to Setup and search for Lightning App Builder quickly to find and select that.
- Open the Record Page and select the component (Standard or Custom)
- In the right panel, go to Set Component Visibility and click Add Filter
- Then choose,
- Filter type: Advanced
- Field: Permission → Custom Permissions → select your Custom Permissions name
- Operator: Equals
- Value: True
- Save and activate the page
Real-time Implementation Using Custom Permission
Requirement
A Quick Action button needs to be added in the Opportunity record page and when users clicks that button,
- A LWC popup should open.
- That popup contains two tabs,
- Opportunity Details (Include the Opportunity fields and Opportunity Line Item details in this tab)
Create Case (Provision to create a Case for that client)
The Challenge
The bottleneck of the above requirement is, not all the users should able to view the same UI.
- Some users should,
- View Opportunity Details
- Create Cases
- Others should,
- Only view Opportunity Details
- Not Create Cases
By looking in a high level, it looks like might be achieved using profile or permission set use case. But there is a catch. We needed UI-level access control which is inside LWC and not just the backend access control.
Solution
Here we have a special feature named Custom Permission, which allows us to control access beyond profiles and permission sets and validate user permissions directly in Apex, LWC and Lightning Pages. So, create a Custom Permission named OpptyCreateCaseAccess and assign that to the specific users who all are needs Create Case access using Permission Sets. Then import the Custom permission in LWC and verify that the logged in user has the Create Case permission and then display the repective tab to the end users as below,
import hasCreateCase from '@salesforce/customPermission/OpptyCreateCaseAccess'; // Boolean indicating if the current user has the Custom Permissions assigned
get displayCreateCase() {
return hasCreateCase;
}Benefits
Instead of hard coding profile names in Apex or LWC, Custom Permissions enable a clean separation of logic and access control.
It helps to restrict user actions precisely to authorized features.
Once created, Custom Permissions can be reused across multiple configurations and it is scalable.
Custom Permissions are allows developers and admins to control access at a feature level rather than just object or field level.
Conclusion
Custom Permission in Salesforce is a powerful option to achieve the flexible and scalable access control instead of relying in profiles and permission sets. As Salesforce applications grow in complexity, adopting options like this will help developers and admins in building robust, secure, and scalable solutions. Smart access. Clean design. Scalable future.
