Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
You can create an unmanaged permission set via Apex from a Post Install class. And grant CRUD on Standard Objects (and presumably FLS on fields too)
public class UnmanagedPermissionSet
private static void ensureUnmanagedPermissionSet(){
PermissionSet ps = null;
ps = [SELECT Id, Label, (SELECT SObjectType FROM ObjectPerms) FROM PermissionSet WHERE Name = 'EnableEdit'];
catch(QueryException qe){
ps = new PermissionSet(Name = 'EnableEdit', Label = 'Enable edit on Standard Objects');
upsert ps;
Map<String,ObjectPermissions> oPerms = new Map<String,ObjectPermissions>();
if(ps.ObjectPerms != null && !ps.ObjectPerms.isEmpty()){
for(ObjectPermissions oPerm : ps.ObjectPerms){
ObjectPermissions campaignPerm = oPerms.get('Campaign');
if(campaignPerm == null){
campaignPerm = new ObjectPermissions(SObjectType='Campaign', ParentId=ps.Id);
campaignPerm.PermissionsRead = true;
campaignPerm.PermissionsCreate = true;
campaignPerm.PermissionsEdit = true;
campaignPerm.PermissionsDelete = true;
ObjectPermissions contactPerm = oPerms.get('Contact');
if(contactPerm == null){
contactPerm = new ObjectPermissions(SObjectType='Contact', ParentId=ps.Id);
contactPerm.PermissionsRead = true;
contactPerm.PermissionsCreate = true;
contactPerm.PermissionsEdit = true;
contactPerm.PermissionsDelete = true;
upsert oPerms.values();

This comment has been minimized.

Copy link

@TedHusted TedHusted commented Nov 4, 2014

David, we finally got a chance to try this gist, but we ran into a snag -- "Insufficient Privileges. You do not have the level of access necessary to perform the operation you requested." -- Is this approach still working for you?


This comment has been minimized.

Copy link
Owner Author

@daveespo daveespo commented Nov 4, 2014

Hi Ted, just replied on the Success Community -- in short, yes, it still works today. For those not on the Success Community, I'll paste my reply:

Against my better judgement, I'll risk getting myself thrown in Salesforce jail and ask: are you trying to create the PermissionSet via PostInstall? If so, do you have the PostInstall class marked 'without sharing' and the implementation class for the permission set creation set to default sharing?

Also, there will be snags if you try to assign the permission set to a user with a License that doesn't permit access to some of those objects. For instance, full CRUD on Contact to one of the flavors of Customer Portal license


This comment has been minimized.

Copy link

@nvuillam nvuillam commented Jan 10, 2020

If you prefer to generate PS as a SFDX file, from a package.xml file, you can use sfdx-essentials plugin :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment