Session-Based Permission Sets and Security

Get Started with Session-Based Permission Sets

Describe what a session-based permission set is. Explain why you’d want to use a session-based permission set. Create a session-based permission set.

The What and Why of Session-Based Permission Sets

  • Permission Sets allow you to create a set of permissions for assignment to users
    • Ex: giving Edit Case Comments, Manage Cases, and Edit Activated Orders permissions for all Support managers in the org
  • Session-Based Permission Sets are similar,but have an added session-activation option
    • Computer session begins when you authenticate into your computer network at work and continues until you log off or the session ends for another reason
      • Ex: if a security policy requires that inactive sessions time out after a certain number of minutes
    • Session-based permission sets let you limit functional access for select permissions in a permission set to an activated session
  • Example: assume hiring managers need access to employment contracts, but the info in them can be sensitive
    • Once a manager finishes reviewing a contract, one of the recruiters has the option of ending the session, deactivating the permission set and ending access
    • To gain access to the contracts again, the hiring manager needs to reactivate the permission set

Create a Session-Based Permission Set

  1. Create a Session-Based Permission Set via: Setup > Quick Find > Permission Set
  2. Create a new Permission Set, and check the Session Activation Required checkbox
  3. Assign permissions to the permission set as required

Activate Session-Based Permission Sets Without Code

Name the ways in which you can activate a session-based permission set. Explain why you might want to use declarative tools to activate a session-based permission set. Activate a session-based permission without code.

Activation Options for Session-Based Permission Sets

  • Once a session-based permission set is created, you have to make it usable, which means “activating” the session for the permission set
    • Can use APIs:
      • PermissionSet object in the SOAP API has a field called HasActivationRequired, a boolean that indicates whether the permission set requires an active session
      • Insert a record into the SessionPermSetActivation object with the combination of session ID and permission set to achieve the activation
    • Can also use Flows:
      • A flow Action called Activate Session-Based Permission Set is available. Use a Screen Flow.

Create Easy Access to the Activation Flow

Explain why you might want to use a Lightning app page to activate a permission set. Create a Lightning app page that references a flow. Run a flow from a Lightning app page to activate a session-based permission set.

Why Use a Lightning App Page?

  • Previous unit involved activating a session-based permission set using a flow. Users could activate the session-based permission set by running the flow, but this may not be ideal
  • Instead, can set up a Lightning app page via Setup > Quick Find > “Builder” > Lightning App Builder
    • Add the new screen flow to a new Single Region App Page, then activate that App Page and add it to one of the Apps, such as Sales
    • Then, managers can activate the session-based permission set by clicking that tab