Permission Set Assignment Rules Automation with Custom Metadata Type and Flow Builder

Many times, we, the Salesforce Admins, are required to assign one or more Permission Set to newly or reactivated users. As you are probably aware, we don't always remember which Permission Set should be assigned to which User.

If you're looking for a dynamic process for this purpose - You're in luck!

Join Chuck Morris, a Salesforce Admin who works at KarateKit.COM, who has just created this process without coding and with no need to download any app.

In June 2019, Chuck implemented the Group Assignment Rules process in his ORG. This was a major success. Since that day, he never needed to assign new or reactivated users to Groups (Public Groups or Queues).

Chuck now realized he can use the Assignment Rules criteria in order to assign Permission Sets. His solution is based on Custom Metadata Type (AKA: CMT), Process Builder and Flow Builder. The CMT will hold the Assignment Rules which the process is based upon.

1. Creating a Custom Metadata Type

In Lightning, go to Setup | Custom Code | Custom Metadata Types

A. Click on the 'New Custom Metadata Type' button.

B. Provide a meaningful and useful Label, Plural Label, and a Description and click on the 'Save' button.

This is what the page will look like:

C. Creating custom fields:

• Active - a Checkbox field to allow the admin to disable rules. Set 'Checked' for 'Default Value'
• Assignment Rule Type - a required Picklist field to hold the type of the Assignment Rule (Groups, Permission Set, License, etc). Define '--None--' as the default value
• Country - a Picklist field that will contain a list of all of the relevant countries. Define '--None--' as the default value
• Permission Set ID - a Text (18) field to hold the Permission Set record Id
• Permission Set Name - a required Text (255) field to hold the Permission Set name
• Profile Name - a required Text (255) field to hold the Profile name
• Role (API) Name - a Text (255) field to hold the Role name
• User Type - a required Picklist field to hold the type of user (Standard, PowerPartner, etc). Define '--None--' as the default value

The resulting CMT page will look as follows:

D. Now, let's update the CMT layout:

2. Creating a Flow Builder

In Lightning, go to Setup | Process Automation | Flows

A. Creating the Flow

In the 'Flows' screen, click on the 'New Flow' button.

In the 'New Flow' screen, choose the 'Autolaunched Flow' option and click on 'Create'.

B. Create the following variables:

Record (Single) Variables:

• SO_EachPermissionSetAssignment - a Record variable for each Permission Set assignment record

• SO_EachPermissionSetCMT - a Record variable for each of the Permission Set CMT

Record Collection Variables:

• SOC_PermissionSetCMT - a Collection of the Permission Set CMT

• SOC_PermissionSetAssignment_toCreate - a Collection of the Permission Set assignment record(s) to create

Variables:

• VarT_Country - a variable of the user's country.

• VarT_ProfileName - a variable of the user's profile.

• VarT_PermissionSetName - a variable of the Permission Set name

• VarT_PermissionSetId - a variable of the Permission Set record Id

• VarT_RoleName - a variable of the user's role.

• VarT_Userid - the user's id.

• VarT_Usertype - the user's license type.

C. Before we continue, in order to save the Flow, click on the 'Save' button located at the top-right of the screen

Now, provide the Flow with meaningful and clear information and click on 'Save':

D. Creating a Get element

Add the 'Get Records' element to the canvas in order to look for CMT rules that match the user's information

Set the 'Condition Requirements' as follows:

> The reason for writing each of the CMT fields' criteria twice is to add the OR logic. The filter logic here goes as follows: Active__c | Equals | {!$GlobalConstant.True} AND (Country__c | Equals | {!VarT_Country} OR Country__c | Equals | {!$GlobalConstant.EmptyString}). You get the idea...

At the bottom of our 'Get Records' element, define the information as follows, and then click on 'Done':

> Note that I chose to 'Manually assign variables'. It's important to know that since Winter '20 Release, we are no longer have to create and assign variables in a screen component or a Get Records element - Flow Builder automatically creates variables to store the output values.

Now you can connect the Start element to the Get Records element you just created:

E. Our next step is to create a Decision element.

Drag the Decision element to the canvas and define the following information:

When you're finished, click on 'Done'.

> The Decision element criteria check whether the process found matching criteria. If not, the process will stop.

Now, connect the Get Records element to the Decision element you just created:

F. Creating a Loop element

Drag the Loop element to the canvas and provide it with the following information:

When you're finished, click on 'Done'.

Connect the Decision element to the Loop element you just created and click on the 'Done' button in the new screen that will appear:

The flow will look as follows:

> Make sure you save your flow occasionally. Just in case...

G. Creating an Assignment element

Drag the Assignment element to the canvas and provide it with the following information:

When you're finished, click 'Done'.

Connect the Loop element to the Assignment element you just created and click on the 'Done' button in the new screen that will appear:

The flow will look as follows:

H. Creating the second Assignment Element

Drag another Assignment element to the canvas and provide it with the following information:

When you're finished, click on the 'Done' button.

Connect the first Assignment element to the Assignment element you just created, and then connect the second Assignment element back to the Loop element:

I. Creating Create Records Element

Drag the Create Records element to the canvas and provide it with the following information:

When you're finished, click on 'Done'.

Connect the Loop element to the Create Records element you just created - The Flow is ready:

> Make sure you click on the 'Save' button BEFORE you exit the flow

J. Activating the Flow

After saving the flow, click on the 'Activate' button located at the top-right side of the screen:

3. Creating a process using Process Builder

In Lightning, go to Setup | Process Automation | Process Builder

A. In order to create a new Process Builder process, click on the 'New' button located at the top-right of the screen:

B. Provide the process with a meaningful name and a description, and select 'A record changes' under the 'The process starts when':

When you're done, click on the 'Save' button.

C. Adding an Object

Click on the 'Add Object'. Then, fill in 'User' under the 'Object' option and choose the option 'when a record is created or edited'. We chose this option in order to apply the process to new and reactivated users:

Click on the 'Save' button when you're done.

D. Adding Criteria

Click on 'Add Criteria' and add the following details in the new window on the right:

When you're done, click on 'Save'.

E. Adding a Scheduled Action

> We are about to add a time-based action. This will help us to avoid a mixed DML error (for more information, see Rakesh Gupta's post on this matter)

1. Click on the 'Set Schedule' located under the 'Scheduled Actions'
2. Under the 'Set Time for Actions to Execute' section, define as follows and click on the 'Save' button:

3. Click on the 'Add Action' option located under the 'Scheduled Actions'

4. Under the 'Action Type', choose 'Flows'

5. Under the 'Action Name' provide a meaningful name

6. Under the 'Flow' section, find the Flow we just created.

This is what the page will look like at this point:

7. Under the 'Set Flow Variables' section, click on the 'Add Row' for each variable and fill in as follows:

• VarT_RoleName > Field Reference > [User].UserRole.DeveloperName
• VarT_Country > Field Reference > [User].Country
• VarT_Userid > Field Reference > [User].Id
• VarT_Usertype > Field Reference > [User].UserType
• VarT_ProfileName > Field Reference > [User].Profile.Name

This is what the page will look like:

8. Click on 'Save'.

9. Click on the 'Activate' button located at the top-right of the screen and then hit the 'Confirm' button in the new window

The full process will look as follows:

> You are more than welcomed to share your thoughts or ideas in the comments below.

A few important notes:

1. Many thanks to Daniela Shibi who worked hard to reduce my grammar mistakes.
2. The process will only work if the Custom Metadata Type has records with data (metadata).
3. Make sure you test the process in your sandbox environment before deploying it to your production environment.
4. You can always add more user fields to the process as criteria.
5. It is possible to make the process more useful and unassign the Permission Sets from the users once they are deactivated - For more information, read Jennifer W. Lee's post.
6. Additional actions can be added, E.g. - adding users to Groups and/or Chatter Groups, and even assigning Licenses to users.
7. For your convenience, I've created a package of the full process (Production, Sandbox).