How to: User Access Policies : sf9to5
by: sf9to5
blow post content copied from sf9to5
click here to view original post
**Summary of Salesforce User Access Policies: Winter '24 Release** Salesforce has launched a new feature called User Access Policies, now available to all customers with the Winter ’24 release. These policies simplify the process of managing user access controls without needing complicated workflows. **Key Points:** - **What Are User Access Policies?** They enable administrators to automate the assignment of permissions, groups, and licenses based on a user's role or profile. - **Why Is It Important?** This feature streamlines access management, ensuring users get appropriate permissions efficiently and minimizing human error. - **Setting Up** involves enabling the policies, creating new access policies with specific criteria, and defining actions (grant or revoke permissions). - **Considerations:** It’s essential that permission sets are linked to the same license type. Existing permission sets cannot be cloned to change the license type; they must be created anew. - **Automatic Rules:** Admins can set rules to run automatically during user creation or updates and apply them immediately to existing users. Overall, User Access Policies represent a significant enhancement for administrators, especially in companies with dynamic teams, freeing up time and reducing errors in permission management. ### Relevant Additional Information: The introduction of these policies is designed to respond to the complexities organizations face in managing user permissions, making it particularly useful for those utilizing Salesforce CPQ (Configure, Price, Quote). Admins should keep in mind the limitations regarding permission sets and license types and watch for future updates from Salesforce that may address these concerns. ### Hashtags for SEO: #Salesforce #UserAccessPolicies #Winter24 #CRM #UserManagement #SalesforceUpdates #Automation #AccessControl #CPQ #AdminTools #TechUpdates
With the Winter ’24 release, Salesforce has officially rolled out its new User Access Policies, which are now generally available (GA) for all customers. But what exactly are these User Access Policies, and why should you care?
User Access Policies are a powerful new feature designed to automate user access controls without the need for complex flows. These policies allow administrators to streamline the assignment of specific permission sets, permission set groups, Public Groups, and even package licenses to users, all based on their role or profile.
Imagine you’re managing Salesforce CPQ. You need to ensure that every user who needs access to CPQ has the appropriate package licenses, permission sets, and possibly group memberships. Unfortunately, after testing and confirming with Salesforce, this process for CPQ will only work if your permission sets are tied to the same license type. I will make clarifying edits below.
Let’s follow the steps to set this up using a basic test example.
- Ensure User Access Policies are enabled—go to User Management Settings and enable the two User Access Policies toggles.

2. After enabling, search for User Access Policies in the Search bar

3. Click New User Access Policy to create a new policy. The prompt will ask for a name and a priority order. This is not a priority order in the sense that it will run through multiple rules in the order specified; rather, the order is the process through which it will test the criteria; the first criteria to make a match will be the Policy to run. Only one policy will ever run.

4. Select Edit Critieria. This is where you will set up the logic for when it should run and what actions it should take.

- This is for setting a filter based on profile/role/group, etc. While it does have a red asterisk, it does not need to be populated. Note: If you populate this and want to delete it, you must start the rule again. I am unsure why they do not have a None or a delete option.
- This is for adding additional filter criteria based on a field in the user record. For example, if you have a custom field that you want to use specifically to trigger the rule, you can use that here.
- This is where you will set the action the rule is supposed to take. It can either Grant or Revoke as the action and works across permission sets, license assignments, groups, and queues.
- If you want to assign a permission set and a valid license simultaneously, do not include the permit; instead, only include the permission set with the correct license type assigned to it. For many of you who have CPQ permission sets already created, unfortunately, you cannot clone these permissions to change the license type; they must be created manually. I believe that, currently, this will block the use of this update for many. I have reached out to Salesforce to express my concern over this, and hopefully, one day, it will be fixed.
5. Once the rule criteria and action are defined, there are two more steps to take. The first is setting up when the rule should automatically run. This is through the Automate Policy button. On the user record, you can select Create, Update, or both. Remember that once you have activated the rule, if you need to make further changes, you must first deactivate it.

The last thing to do is decide whether you want to apply this immediately for users who may not have the current policy you want applied. If you click the Apply Policy button, you will be taken to a screen with a list of users who meet the criteria, and then you can select the users you want to apply it to.

That’s all there is to it! Not only does this save time, but it also reduces the risk of human error—no more missing permissions or overlooked group memberships. And if you’re ever unsure whether all users have the correct access, the Policy system lets you run a one-time application to ensure everything is in place.
This feature is a game-changer for admins who manage complex user access scenarios, especially in organizations with dynamic teams or frequently changing roles. With User Access Policies, Salesforce has once again made it easier to manage permissions, giving you more control and peace of mind.
February 04, 2025 at 07:30PM
Click here for more details...
=============================
The original post is available in sf9to5 by sf9to5
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================

Post a Comment