Selectively Show Components to Users Using Custom Permissions : Jennifer W. Lee

November 02, 2021 November 02, 2021

Selectively Show Components to Users Using Custom Permissions
by: Jennifer W. Lee
blow post content copied from Salesforce Admins
click here to view original post

In a previously published blog post, Why You Should Add Custom Permissions to Your #AwesomeAdmin Tool Belt, I introduced you to custom permissions. While this feature has been around since Winter ’15, it still remains fairly unknown and underutilized by the admin community. Now’s the time, #AwesomeAdmins — use this superpower to lock or unlock user access to apps or processes!

In this blog post, we’ll focus on how admins can use custom permissions to selectively show components — such as an action, field, or flow — to a group of users with component visibility on a Lightning record page. However, this technique can be extended to any component in Lightning App Builder using component visibility.

In case you’re wondering what component visibility is, when you select a component on a record, app, or Home page in the Lightning App Builder, the component visibility properties appear. This allows you to apply filter logic and conditions to standard components, custom components, and components from the AppExchange. If you don’t define a filter, the component displays on the Lightning page as usual. When you define one or more filters and set the filter logic for a component, the component is hidden until the filter logic criteria are met. BTW, component visibility properties are also available in components used in screen flows, which is pretty cool.

Lightning App Builder with the Component Visibility properties shown.

Business problem

Devohne Mays, Operations Manager at Sunshine Cupcakes, meets with Salesforce Admin Addison Dogster. Devohne tells Addison that he would like certain fields, actions, and components to only show to a select group of employees — sales associates (those who can actually process cupcake orders) and managers — when they view a cupcake order. Currently, these elements are visible to all users. Devohne has discovered that there are some users making changes or taking actions on the record when they shouldn’t. All other employees (such as cashiers or drivers) should not see these fields, actions, and components when they view the same Cupcake Order record.

In addition, Devohne needs coaching comments, which a shift manager provides to the sales associate handling the cupcake order, to only be shown to sales associates as a teaching moment.

The actions to Log a Call, Process Order, Complete Order, and Edit should only appear to sales associates and managers. No one else should be able to take these actions.

Lastly, the Actions & Recommendations component, similar to the actions, should only be actionable by sales associates and managers.

As Addison listens to Devohne talk about his business problem, her security mindset takes over. These components were not configured with least privilege access in mind and need to be corrected ASAP!

The solution

In the Sunshine Cupcakes org, sales associates and managers are represented by two profiles.

Addison thinks this is the perfect use case for custom permissions and component visibility filters in the Cupcake Order Lightning record page. While she could easily apply the component visibility filter condition on both profiles, Addison thinks about the maintenance ramifications of specifying the two profiles everywhere this requirement needs to be applied. What if another profile or a select group of users is needed in the future? It can easily get out of control. Here, it makes sense to filter on whether the user has the custom permission to determine whether the component is displayed.

Since access at the moment is needed for everyone in both the Sales Associate and Manager profiles, Addison can add the custom permission directly to the profiles instead of creating a new permission set to associate the custom permission to.

In summary, Addison’s solution comprises of:

A custom permission
A profile(s)
Page components: actions, field, and a component

Addison first creates the custom permission. In Setup, search for ‘Custom Permissions’ in the Quick Find box. Create a new custom permission. Provide the label, name (API name), and description. The description should further describe the purpose of the custom permission and, possibly, where it’s used.

Addison creates the custom permission with these attributes:

Label: Access Exclusive Cupcake Order Components
Name: Access_Exclusive_Cupcake_Order_Components
Description: Access components only viewable by certain users

Configured custom permission.

Then, Addison enables the custom permission by adding it to the profile. She adds it to the Sales Associate profile first.

Custom permission enabled in the profile.

Now, any user she assigns to the Sales Associate profile will automatically get the custom permission. Addison repeats the steps to enable the custom permission in the Manager profile.

Associating the custom permission to the Sales Associate and Manager profiles.

Currently, all users in the Sunshine Cupcakes org have access to all actions, the Actions & Recommendations component, and the Coaching Comments field on the Cupcake Order record page.

The user associated to the Cashier profile can access everything on the Cupcake Order record.

Using Dynamic Actions, Addison adds flexibility and control to actions on her Lightning record pages. She assigns Dynamic Actions in the Lightning App Builder instead of the page layout editor, and can apply filters to control when and where actions are visible to users.

Setting component visibility for an action.

Note: You can create Dynamic Actions for custom objects on mobile and desktop and for some standard objects (Account, Contact, Lead, Opportunity, and Case) on desktop. All other standard objects are Beta for desktop.

Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Once she configures Dynamic Actions for the Cupcake Order page, Addison sets component visibility for the Log a Call, Process Order, Complete Order, and Edit actions:

Click the Log a Call action to view the action attributes.
Click + Add Filter under the Set Field Visibility section.
Select Advanced as the Filter Type.
Select Permissions > Custom Permission > Access_Exclusive_Cupcake_Order_Components as the Field [Note: This is the API name of the custom permission.]
Leave the Operator as ‘Equal’ and ‘True’ as the Value.
Click Done to save the changes.
Complete the steps above for the Process Order, Complete Order, and Edit actions.
Save the changes to the Lightning record page.

Component visibility configuration for the Log a Call action.

And voila! Addison set actions to only show if the user has the custom permission Access Exclusive Cupcake Order Components.

Using Dynamic Forms, Addison can migrate the fields and sections from the page layout as individual components into the Lightning App Builder. Then, she can configure them just like the rest of the components on the page, and give the users of that page only the fields and sections that they need using component visibility.

Setting component visibility for the Coaching Comments Dynamic Forms field.

Note: At the time of writing, Dynamic Forms is currently only available on custom objects. For more information on Dynamic Forms, including tips and considerations, limitations, and known issues, please visit the Salesforce Help article, Break Up Your Record Details with Dynamic Forms.

Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Once she configures Dynamic Forms for the Cupcake Order page, Addison sets component visibility for the Coaching Comments field:

Click the Coaching Comments field to view the field attributes.
Click + Add Filter under the Set Field Visibility section.
Select Advanced as the Filter Type.
Select Permissions > Custom Permission > Access_Exclusive_Cupcake_Order_Components as the Field [Note: This is the API name of the custom permission.]
Leave the Operator as ‘Equal’ and ‘True’ as the Value.
Click Done to save the changes.
Save the changes to the Lightning record page.

Setting the Coaching Comments field to only show if the user has the custom permission Access Exclusive Cupcake Order Components.

Just like that, Addison set the Coaching Comments field to only show if the user has the custom permission Access Exclusive Cupcake Order Components.

Lastly, Addison can set component visibility on any standard or custom component on the Lightning page. Devohne only wants specific users to see the Actions & Recommendations component.

Setting component visibility for the Actions & Recommendations component.

Addison accesses the Cupcake Order page in Lightning App Builder by clicking the wrench icon and selecting Edit Page. Addison chooses the Actions & Recommendations component and sets the component visibility:

Click the Actions & Recommendations component to view the component attributes.
Click + Add Filter under the Set Field Visibility section.
Select Advanced as the Filter Type.
Select Permissions > Custom Permission > Access_Exclusive_Cupcake_Order_Components as the Field [Note: This is the API name of the custom permission.]
Leave the Operator as ‘Equal’ and ‘True’ as the Value.
Click Done to save the changes.
Save the changes to the Lightning record page.

Configured component visibility on the Actions & Recommendations component.

In just a few clicks, Addison set the Actions & Recommendations component to only show if the user has the custom permission Access Exclusive Cupcake Order Components.

Business results

Sometimes, there are actions, data, or other things you don’t want to show all users in your org. Be security-minded and apply least privilege access to all the things in your org.

When you need to selectively show actions, fields, or components to some users and want to hide them for others, consider whether it makes sense to use custom permissions as a way to control that access. Custom permissions is the way to go if you want to apply access across multiple profiles or users and don’t want to manually maintain the access or denial list. It will allow you to design a better user experience for your users. So, rather than showing them actions they shouldn’t have access to (and then they click on the action and get a nasty error message), just don’t show them the action. They won’t know what they’re missing.

Now, it’s YOUR TURN!

Now that you know how to configure a custom permission and use it in conjunction with component visibility to show an action, field, or component on a Lightning record page, I want you to try this solution yourself.

You can also dynamically show components on a flow screen using custom permissions and component visibility.

Take custom permissions for a spin! Share how you use this new admin superpower in your org with us on Twitter using #AwesomeAdmin.

Resources

Salesforce Admins Video: Did You Know? Use Custom Permissions to Display a Screen Flow
Salesforce Security Guide: Custom Permissions
Salesforce Admins Blog: Why You Should Avoid Hard Coding and Three Alternative Solutions
Salesforce Admins Blog: Why You Should Add Custom Permissions to Your #AwesomeAdmin Tool Belt
Salesforce Help: Break Up Your Record Details with Dynamic Forms
Salesforce Help: Create Dynamic Actions in Lightning App Builder
Salesforce Help: Dynamic Lightning Pages

The post Selectively Show Components to Users Using Custom Permissions appeared first on Salesforce Admins.

November 02, 2021 at 09:00PM
Click here for more details...

=============================
The original post is available in Salesforce Admins by Jennifer W. Lee
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================

Jennifer W. Lee Salesforce

Salesforce Reader