improveit 360 automates 4 main permission sets on users so that the profile and granted permission sets align with one another. (Minimum Access, Basic User, Power User & Administrator)
Permission Sets that are automatically assigned after insert (creation):
The below automation originates in a User Trigger that must be active and can be kicked off by running First Time Setup. These permissions sets are not reevaluated upon update, First Time Setup must be ran if users expect this automation to take affected when updating permissions.
- Minimum Access
- If the created user's Active checkbox equals True and the User License is 'Salesforce Platform' improveit 360 will assign the Minimum Access permission set to that user.
- Basic User
- If the created user's Active checkbox equals True, the User License is 'Salesforce Platform' and the Profile Name equals 'Basic User' improveit 360 will assign the Basic User permission set to that user.
- Power User
- If the created user's Active checkbox equals True, the User License is 'Salesforce Platform' and the Profile Name equals 'Power User' improveit 360 will assign the Power User permission set to that user.
- Administrator
- Only if the Custom Setting "Automate Permission Set Assignment" is set to True.
- If the created user's Active checkbox equals True, the User License is 'Salesforce' and the custom setting 'Automate Permission Set Assignment' equals True improveit 360 will assign the Administrator permission set to that user.
Note: when a customer's org is upgraded with a new package or patch the post-install script is run, thus restoring the permissions to an expected state. The post-install script is what runs when First Time Setup is clicked so each customer being upgraded we are running a system integrity check.