How to Use Custom Permissions in Apex

Custom Permissions in Salesforce allow you to define specific actions or features that users can access, which are not directly tied to standard object permissions. This feature is particularly useful when you need fine-grained control over access to particular functionalities in your app.

In this blog post, we will explore how you can use Custom Permissions in Apex. We’ll cover how to create custom permissions, assign them to profiles or permission sets, and finally, how to check for these permissions in your Apex code.

1. What are Custom Permissions?

Custom Permissions are a part of Salesforce’s Platform features, allowing admins to define custom permission sets that can be assigned to users, roles, or profiles. They are not tied to standard Salesforce objects but can control access to specific features, modules, or functionality in a custom app.

For example, you might create custom permissions to access a special page, run a custom process, or use advanced functionality in your Salesforce app.

2. Steps to Create a Custom Permission in Salesforce

Create the Custom Permission:

• Go to Setup and enter “Custom Permissions” in the Quick Find box.
• Select Custom Permissions and click New.
• Enter a Name and Description for your custom permission.
• Click Save.

Add Custom Permission to a Permission Set or Profile:

• Go to Setup and enter “Permission Sets” Or “Profile” in the Quick Find box.
• Select a permission set or create a new one.
• On the permission set or Profile overview page, click Custom Permissions.

• Click Edit and choose your custom permission from the Available Custom Permissions list.

• Click Add, then Save.
  

3. Use Apex to Check for the Custom Permission:

Now that you’ve created and assigned your custom permission, let’s see how you can check for it in Apex. Salesforce provides the FeatureManagement class to check if a user has access to a particular feature or custom permission.

Example 1: Checking Custom Permissions in Apex

Here is an example of how to check for custom permission within Apex:

// Apex Code to check if the current user has the custom permission
public class CustomPermissionExample {
public static Boolean hasAccessToSpecialFeature() {
// Check if the current user has the 'AccessSpecialFeature' custom permission
Boolean hasPermission = FeatureManagement.checkPermission('AccessSpecialFeature');
// Return the result
return hasPermission;
}
}

Explanation:

The method FeatureManagement.checkPermission(‘AccessSpecialFeature’) checks if the current user has the custom permission named AccessSpecialFeature.

This will return true if the user has access to the custom permission, and false if they do not.

Example 2: Using Custom Permission to Control Logic

You can use custom permissions to control the flow of your code. For example, let’s say you want to allow users with a specific custom permission to run a certain process.

public class PermissionBasedLogic {
public static void performAction() {
// Only allow the user to perform the action if they have the custom permission
if (FeatureManagement.checkPermission('AccessSpecialFeature')) {
// Your special process here
System.debug('Action performed for users with the special permission.');
} else {
// Action not allowed
System.debug('You do not have permission to perform this action.');
}
}
}

In this example:

• If the user has the custom permission AccessSpecialFeature, they can proceed with the performAction()
• If they don’t have permission, a message will be logged indicating they do not have the necessary access.

Real-Time Example of Using Custom Permissions in Apex and LWC

You want to allow users with custom permission (e.g., CanCreateAccount) to create new accounts. If they don’t have permission, they should not be able to perform the action.

Step 1: Create the Custom Permission

We have already created the custom permission and assigned it to one of the permission sets.

Step 2: Apex Controller to Check Custom Permission and Create Account

You will need an Apex controller that checks whether the user has the custom permission, and if they do, allows the creation of an Account record.

Apex Controller: AccountController.cls

public with sharing class AccountController {
@AuraEnabled
public static Boolean checkPermissionToCreateAccount() {
// Check if the current user has the custom permission 'AccessSpecialFeature'
return FeatureManagement.checkPermission('AccessSpecialFeature');
}
@AuraEnabled
public static Account createAccount(String accountName) {
// Create a new Account record
Account newAccount = new Account(Name = accountName);
insert newAccount;
return newAccount;
}
}

Explanation:

1. checkPermissionToCreateAccount(): This method checks if the current user has the custom permission CanCreateAccount.
2. createAccount(accountName): This method creates a new Account with the given name and returns the created account.

Step 3: Lightning Web Component (LWC)

Now, you need the LWC to display a button that allows the user to create an Account, but only if they have the custom permission.

LWC JavaScript: AccountCreationWithCPS.js

import { LightningElement, wire } from 'lwc';
import checkPermissionToCreateAccount from '@salesforce/apex/AccountController.checkPermissionToCreateAccount';
import createAccount from '@salesforce/apex/AccountController.createAccount';
export default class AccountCreationWithCPS extends LightningElement {
hasPermission = false;
accountName = '';
successMessage = '';
errorMessage = '';
// Wire the permission check to the Apex method
@wire(checkPermissionToCreateAccount)
wiredPermission({ error, data }) {
console.log('Data from apex is ' + JSON.stringify(data));
if (data) {
this.hasPermission = data;
} else if (error) {
this.hasPermission = false;
console.error('Error checking permission:', error);
}
}
// Handler for creating the account
handleCreateAccount() {
if (this.hasPermission) {
// Call the Apex method to create the Account
createAccount({ accountName: this.accountName })
.then(result => {
this.successMessage = `Account created: ${result.Name}`;
this.errorMessage = '';
})
.catch(error => {
this.errorMessage = `Error creating account: ${error.body.message}`;
this.successMessage = '';
});
} else {
this.errorMessage = 'You do not have permission to create an account.';
this.successMessage = '';
}
}
// Handle input change for account name
handleAccountNameChange(event) {
this.accountName = event.target.value;
}
}

LWC HTML: accountCreationWithCPS.html

<template>
<lightning-card title="Account Creation">
<template if:true={hasPermission}>
<div class="slds-p-around_medium">
<lightning-input
label="Account Name"
value={accountName}
onchange={handleAccountNameChange}
required>
</lightning-input>
<lightning-button
label="Create Account"
onclick={handleCreateAccount}
class="slds-m-top_medium">
</lightning-button>
 
<template if:true={successMessage}>
<div class="slds-text-color_success">{successMessage}</div>
</template>
<template if:true={errorMessage}>
<div class="slds-text-color_error">{errorMessage}</div>
</template>
</div>
</template>
<template if:false={hasPermission}>
<div class="slds-text-color_error slds-p-around_medium">
You do not have permission to create an account.
</div>
</template>
</lightning-card>
</template>

Explanation:

1. Permission Check:
   The checkPermissionToCreateAccount Apex method is called to check if the user has the ‘AccessSpecialFeature’ custom permission. The result is stored in the hasPermission variable.
2. Account Name Input:
   The user enters the Account name into a lightning-input field.
3. Create Account Button:
   When the user clicks the “Create Account” button, it triggers the handleCreateAccount method. If the user has the permission (hasPermission is true), the createAccount Apex method is called to create a new account.
   
4. Error Handling:
   If the user doesn’t have the permission, an error message is displayed. If the account creation is successful, a success message is shown. Otherwise, any error during account creation will be displayed.

Also Read – LWC Interview Questions and Answers

Test the functionality:

The user is unable to create the account because the custom permission has not been assigned, and as a result, they lack the necessary permission set to access the component.

The logged-in user now has the permission set with the custom permission assigned, allowing them to view the account creation option and successfully create the account.

Are you preparing for the Salesforce AI Certifications? Check out the Salesforce certification practice set here

FAQs

1. What are custom permissions in Salesforce?

Custom Permissions in Salesforce let you define specific actions or features that users can access, beyond the standard object permissions. They’re handy when you need precise control over who can access certain functionalities within your app.

2. How do I add custom permissions to my profile in Salesforce?

To add custom permissions to a profile in Salesforce, you first need to create the custom permission and then assign it to the desired profile. Finally, it’s a good idea to verify the assignment.

Here is how you can do it –

1. Click on the ‘setup’ gear icon and navigate to create the Custom Permission
2. Assign it to the Profile
3. Verify the Assignment

3. How to check if the user has custom permission in Salesforce?

Conclusion

In a real-world environment, you might use custom permissions for many different scenarios whether it’s controlling access to reporting features, advanced workflows, or restricted APIs. The ability to enforce security using Custom Permissions directly in Apex ensures that your application remains secure and your business logic is only executed by the appropriate users.

Get a complete Roadmap To Learn Salesforce Admin And Development

Name *

First

Last

Email *

Comment or Message

Submit