Object Reference for Salesforce and Lightning Platform

Object Basics
Reference
Standard Objects
AcceptedEventRelation
Account
AccountBrand
AccountContactRelation
AccountCleanInfo
AccountContactRole
AccountInsight
AccountOwnerSharingRule
AccountPartner
AccountRelationship
AccountRelationshipShareRule
AccountShare
AccountTag
AccountTeamMember
AccountTerritoryAssignmentRule
AccountTerritoryAssignmentRuleItem
AccountTerritorySharingRule
AccountUserTerritory2View
ActionCadence
ActionCadenceRule
ActionCadenceRuleCondition
ActionCadenceStep
ActionCadenceStepTracker
ActionCadenceTracker
ActionLinkGroupTemplate
ActionLinkTemplate
ActionPlan
ActionPlanItem
ActionPlanTemplate
ActionPlanTemplateItem
ActionPlanTemplateItemValue
ActionPlanTemplateVersion
ActiveScratchOrg
ActivityHistory
ActivityMetric
AdditionalNumber
Address
AgentWork
AgentWorkSkill
AIInsightAction
AIInsightFeedback
AIInsightReason
AIInsightValue
AIRecordInsight
AllowedEmailDomain
Announcement
ApexClass
ApexComponent
ApexLog
ApexPage
ApexPageInfo
ApexTestQueueItem
ApexTestResult
ApexTestResultLimits
ApexTestRunResult
ApexTestSuite
ApexTrigger
AppAnalyticsQueryRequest
AppDefinition
AppExtension
AppMenuItem
AppleDomainVerification
AppointmentSchedulingPolicy
Approval
AppTabMember
Article Type__DataCategorySelection
Asset
AssetDowntimePeriod
AssetOwnerSharingRule
AssetRelationship
AssetShare
AssetTag
AssetTokenEvent
AssetWarranty
AssignedResource
AssignmentRule
AssociatedLocation
AsyncApexJob
AttachedContentDocument
AttachedContentNote
Attachment
Audience
AuraDefinition
AuraDefinitionBundle
AuraDefinitionBundleInfo
AuraDefinitionInfo
AuthConfig
AuthConfigProviders
AuthorizationForm
AuthorizationFormConsent
AuthorizationFormDataUse
AuthorizationFormText
AuthProvider
AuthSession
BackgroundOperation
BackgroundOperationResult
BatchApexErrorEvent
Bookmark
BrandTemplate
BusinessHours
BusinessProcess
BusinessProcessDefinition
BusinessProcessFeedback
BusinessProcessGroup
BuyerGroupPricebook
Calendar
CalendarView
CallCenter
CallCoachConfigModifyEvent
CallCoachingMediaProvider
CallDisposition
CallDispositionCategory
CallTemplate
Campaign
CampaignInfluence
CampaignInfluenceModel
CampaignMember
CampaignMemberStatus
CampaignOwnerSharingRule
CampaignShare
CampaignTag
CardPaymentMethod
CartCheckoutSession
CartDeliveryGroup
CartDeliveryGroupMethod
CartItem
CartTax
CartValidationOutput
Case
CaseArticle
CaseComment
CaseContactRole
CaseHistory
CaseMilestone
CaseOwnerSharingRule
CaseShare
CaseSolution
CaseStatus
CaseSubjectParticle
CaseTag
CaseTeamMember
CaseTeamRole
CaseTeamTemplate
CaseTeamTemplateMember
CaseTeamTemplateRecord
CategoryData
CategoryNode
CategoryNodeLocalization
ChannelObjectLinkingRule
ChannelProgram
ChannelProgramLevel
ChannelProgramMember
ChatterActivity
ChatterAnswersActivity
ChatterAnswersReputationLevel
ChatterConversation
ChatterConversationMember
chatterExtension
chatterExtensionConfig
ChatterMessage
ClientBrowser
CollaborationGroup
CollaborationGroupMember
CollaborationGroupMemberRequest
CollaborationGroupRecord
CollaborationInvitation
CollabUserEngagementMetric
CollabUserEngmtRecordLink
ColorDefinition
CombinedAttachment
CommerceEntitlementBuyerGroup
CommerceEntitlementPolicy
CommerceEntitlementPolicyShare
CommerceEntitlementProduct
CommSubscription
CommSubscriptionChannelType
CommSubscriptionConsent
CommSubscriptionTiming
Community (Zone)
ConnectedApplication
Consumption Rate
Consumption Schedule
Contact
ContactCleanInfo
ContactPointAddress
ContactPointConsent
ContactPointEmail
ContactPointPhone
ContactPointTypeConsent
ContactOwnerSharingRule
ContactRequest
ContactRequestShare
ContactShare
ContactSuggestionInsight
ContactTag
ContentAsset
ContentBody
ContentDistribution
ContentDistributionView
ContentDocument
ContentDocumentHistory
ContentDocumentLink
ContentDocumentListViewMapping
ContentDocumentSubscription
ContentFolder
ContentFolderItem
ContentFolderLink
ContentFolderMember
ContentHubItem
ContentHubRepository
ContentNote
ContentNotification
ContentTagSubscription
ContentUserSubscription
ContentVersion
ContentVersionComment
ContentVersionHistory
ContentVersionRating
ContentWorkspace
ContentWorkspaceDoc
ContentWorkspaceMember
ContentWorkspacePermission
ContentWorkspaceSubscription
Contract
ContractContactRole
ContractLineItem
ContractStatus
ContractTag
Conversation
ConversationContextEntry
ConversationEntry
ConversationParticipant
CorsWhitelistEntry
CreditMemo
CreditMemoLine
Crisis
CronJobDetail
CronTrigger
CspTrustedSite
CurrencyType
CustomBrand
CustomBrandAsset
CustomHelpMenuItem
CustomHelpMenuSection
CustomHttpHeader
CustomNotificationType
CustomPermission
CustomPermissionDependency
DandBCompany
Dashboard
DashboardComponent
DashboardTag
DataAssessmentFieldMetric
DataAssessmentMetric
DataAssessmentValueMetric
DatacloudCompany
DatacloudContact
DatacloudDandBCompany
DatacloudOwnedEntity
DatacloudPurchaseUsage
DatacloudSocialHandle
DataIntegrationRecordPurchasePermission
DatasetExport
DatasetExportPart
DataUseLegalBasis
DataUsePurpose
DatedConversionRate
DcSocialProfile
DcSocialProfileHandle
DeclinedEventRelation
DelegatedAccount
DeleteEvent
DigitalSignature
DigitalWallet
DirectMessage
Division
DivisionLocalization
Document
DocumentAttachmentMap
DocumentTag
Domain
DomainSite
DsarPolicy
DsarPolicyLog
DuplicateJob
DuplicateJobDefinition
DuplicateJobMatchingRule
DuplicateJobMatchingRuleDefinition
DuplicateRecordItem
DuplicateRecordSet
DuplicateRule
ElectronicMediaGroup
ElectronicMediaUse
EmailContent
EmailDomainFilter
EmailDomainKey
EmailMessage
EmailMessageRelation
EmailRelay
EmailServicesAddress
EmailServicesFunction
EmailStatus
EmailTemplate
EmbeddedServiceDetail
Employee
EmployeeCrisisAssessment
EngagementChannelType
EmbeddedServiceLabel
EnhancedLetterhead
Entitlement
EntitlementContact
EntitlementTemplate
EntityHistory
EntityMilestone
EntitySubscription
EnvironmentHubMember
Event
EventLogFile
EventRelation
EventBusSubscriber
EventTag
EventWhoRelation
Expense
ExpenseReport
ExpenseReportEntry
ExpressionFilter
ExpressionFilterCriteria
ExternalAccountHierarchy
ExternalAccountHierarchyHistory
ExternalDataSource
ExternalDataUserAuth
ExternalSocialAccount
FeedAttachment
FeedComment
FeedItem
FeedLike
FeedPollChoice
FeedPollVote
FeedPost
FeedRevision
feedSignal
FeedTrackedChange
FieldHistoryArchive
FieldPermissions
FieldSecurityClassification
FieldServiceMobileSettings
FiscalYearSettings
FlexQueueItem
FlowDefinitionView
FlowInterview
FlowInterviewOwnerSharingRule
FlowInterviewShare
FlowRecordRelation
FlowStageRelation
FlowVariableView
FlowVersionView
Folder
FolderedContentDocument
ForecastingAdjustment
ForecastingDisplayedFamily
ForecastingFact
ForecastingItem
ForecastingOwnerAdjustment
ForecastingQuota
ForecastingShare
ForecastingType
ForecastingUserPreference
FormulaFunction
FormulaFunctionAllowedType
FormulaFunctionCategory
FulfillmentOrder
FulfillmentOrderItemAdjustment
FulfillmentOrderItemTax
FulfillmentOrderLineItem
GtwyProvPaymentMethodType
Goal
GoalLink
GoogleDoc
Group
GroupMember
HashtagDefinition
HealthCareDiagnosis
HealthCareProcedure
Holiday
IconDefinition
Idea
IdeaComment
IdeaReputation
IdeaReputationLevel
IdeaTheme
IdpEventLog
IframeWhiteListUrl
Image
Individual
IndividualHistory
IndividualShare
InternalOrganizationUnit
Invoice
InvoiceLine
JobProfile
Knowledge__Feed
Knowledge__ka
Knowledge__kav
Knowledge__DataCategorySelection
KnowledgeableUser
KnowledgeArticle
KnowledgeArticleVersion
KnowledgeArticleVersionHistory
KnowledgeArticleViewStat
KnowledgeArticleVoteStat
LandingPage
Lead
LeadCleanInfo
LeadOwnerSharingRule
LeadShare
LeadStatus
LeadTag
LegalEntity
LightningExperienceTheme
LightningOnboardingConfig
LightningToggleMetrics
LightningUsageByAppTypeMetrics
LightningUsageByBrowserMetrics
LightningUsageByPageMetrics
LightningUsageByFlexiPageMetrics
LightningExitByPageMetrics
LinkedArticle
LinkedArticleFeed
LinkedArticleHistory
ListEmail
ListEmailIndividualRecipient
ListEmailRecipientSource
ListView
ListViewChart
ListViewChartInstance
LiveAgentSession
LiveAgentSessionHistory
LiveAgentSessionShare
LiveChatBlockingRule
LiveChatButton
LiveChatButtonDeployment
LiveChatButtonSkill
LiveChatDeployment
LiveChatSensitiveDataRule
LiveChatTranscript
LiveChatTranscriptEvent
LiveChatTranscriptShare
LiveChatTranscriptSkill
LiveChatUserConfig
LiveChatUserConfigProfile
LiveChatUserConfigUser
LiveChatVisitor
Location
LocWaitlistMsgTemplate
LocationWaitlist
LocationWaitlistedParty
LoginEvent
LoginGeo
LoginHistory
LoginIp
LogoutEventStream
LookedUpFromActivity
Macro
MacroInstruction
MacroUsage
MailmergeTemplate
MaintenanceAsset
MaintenancePlan
MaintenanceWorkRule
ManagedContentInfo
MarketingForm
MarketingLink
MatchingRule
MatchingRuleItem
MessagingChannel
MessagingChannelSkill
MessagingConfiguration
MessagingDeliveryError
MessagingEndUser
MessagingLink
MessagingSession
MessagingTemplate
MetadataPackage
MetadataPackageVersion
Metric
MetricDataLink
MetricsDataFile
MilestoneType
MobileSettingsAssignment
MsgChannelLanguageKeyword
MyDomainDiscoverableLogin
MutingPermissionSet
Name
NamedCredential
NamespaceRegistry
NavigationLinkSet
NavigationMenuItem
NavigationMenuItemLocalization
Network
NetworkActivityAudit
NetworkAffinity
NetworkDiscoverableLogin
NetworkMember
NetworkMemberGroup
NetworkModeration
NetworkPageOverride
NetworkSelfRegistration
NetworkUserHistoryRecent
Note
NoteAndAttachment
NoteTag
OauthCustomScope
OauthCustomScopeApp
OauthToken
ObjectPermissions
ObjectTerritory2AssignmentRule
ObjectTerritory2AssignmentRuleItem
ObjectTerritory2Association
OpenActivity
OperatingHours
OperatingHoursHistory
Opportunity
OpportunityCompetitor
OpportunityContactRole
OpportunityContactRoleSuggestionInsight
OpportunityFieldHistory
OpportunityHistory
OpportunityInsight
OpportunityLineItem
OpportunityLineItemSchedule
OpportunityOwnerSharingRule
OpportunityPartner
OpportunityShare
OpportunitySplit
OpportunitySplitType
OpportunityStage
OpportunityTag
OpportunityTeamMember
Order
OrderAdjustmentGroup
OrderAdjustmentGroupSummary
OrderDeliveryGroup
OrderDeliveryGroupSummary
OrderDeliveryMethod
OrderHistory
OrderItem
OrderItemAdjustmentLineItem
OrderItemAdjustmentLineSummary
OrderItemSummary
OrderItemSummaryChange
OrderItemTaxLineItem
OrderItemTaxLineItemSummary
OrderItemType
OrderOwnerSharingRule
OrderPaymentSummary
OrderShare
OrderStatus
OrderSummary
Organization
OrgDeleteRequest
OrgWideEmailAddress
OutOfOffice
OutgoingEmail
OutgoingEmailRelation
OwnedContentDocument
OwnerChangeOptionInfo
PackageLicense
PackagePushError
PackagePushJob
PackagePushRequest
PackageSubscriber
Partner
PartnerFundAllocation
PartnerFundClaim
PartnerFundRequest
PartnerMarketingBudget
PartnerNetworkConnection
PartnerNetworkRecordConnection
PartnerNetworkSyncLog
PartnerRole
PartyConsent
Payment
PaymentAuthorization
PaymentGateway
PaymentGatewayLog
PaymentGatewayProvider
PaymentGroup
PaymentLineInvoice
PaymentMethod
PendingServiceRouting
Period
PermissionSet
PermissionSetAssignment
PermissionSetGroup
PermissionSetGroupComponent
PermissionSetLicense
PermissionSetLicenseAssign
PermissionSetTabSetting
PersonalizationTargetInfo
PlatformAction
PlatformEventUsageMetric
PlatformStatusAlertEvent
PortalDelegablePermissionSet
PresenceConfigDeclineReason
PresenceDeclineReason
PresenceUserConfig
PresenceUserConfigProfile
PresenceUserConfigUser
Pricebook2
Pricebook2History
PricebookEntry
ProcessDefinition
ProcessException
ProcessInstance
ProcessInstanceHistory
ProcessInstanceStep
ProcessInstanceNode
ProcessInstanceWorkitem
ProcessNode
Product2
Product2DataTranslation
ProductCategory
ProductCategoryDataTranslation
ProductConsumed
ProductEntitlementTemplate
ProductItem
ProductItemTransaction
ProductMedia
ProductRequest
ProductRequestLineItem
ProductRequired
ProductTransfer
ProductWarrantyTerm
Profile
ProfileSkill
ProfileSkillEndorsement
ProfileSkillShare
ProfileSkillUser
Prompt
PromptAction
PromptActionOwnerSharingRule
PromptActionShare
PromptLocalization
PromptVersion
PromptVersionLocalization
PushTopic
QueueRoutingConfig
Question
QuestionDataCategorySelection
QuestionReportAbuse
QuestionSubscription
QueueSobject
QuickText
QuickTextUsage
Quote
QuoteDocument
QuoteLineItem
RecentlyViewed
Recommendation
RecordAction
RecordActionHistory
RecordType
RecordTypeLocalization
RecordVisibility (Pilot)
RedirectWhitelistUrl
Refund
RefundLinePayment
RegisteredExternalService
RemoteKeyCalloutEvent
Reply
ReplyReportAbuse
ReplyText
Report
ReportTag
ReputationLevel
ReputationLevelLocalization
ReputationPointsRule
ResourceAbsence
ResourcePreference
ReturnOrder
ReturnOrderItemAdjustment
ReturnOrderItemTax
ReturnOrderLineItem
ReturnOrderOwnerSharingRule
RuleTerritory2Association
SalesAIScoreCycle
SalesAIScoreModelFactor
SalesChannel
SalesWorkQueueSettings
SamlSsoConfig
Scontrol
ScontrolLocalization
ScratchOrgInfo
SearchPromotionRule
SecureAgent
SecureAgentsCluster
SecurityCustomBaseline
SelfServiceUser
ServiceAppointment
ServiceAppointmentStatus
ServiceChannel
ServiceChannelFieldPriority
ServiceChannelStatus
ServiceChannelStatusField
ServiceContract
ServiceContractOwnerSharingRule
ServiceCrew
ServiceCrewMember
ServiceCrewOwnerSharingRule
ServicePresenceStatus
ServiceReport
ServiceReportLayout
ServiceResource
ServiceResourceCapacity
ServiceResourceCapacityHistory
ServiceResourceOwnerSharingRule
ServiceResourceSkill
ServiceTerritory
ServiceTerritoryLocation
ServiceTerritoryMember
ServiceTerritoryWorkType
SessionPermSetActivation
SetupAuditTrail
SetupEntityAccess
ShapeRepresentation
Shift
ShiftHistory
ShiftOwnerSharingRule
ShiftShare
ShiftStatus
Shipment
SignupRequest
Site
SiteDetail
SiteDomain
SiteHistory
SiteIframeWhitelistUrl
Skill
SkillProfile
SkillRequirement
SkillUser
SlaProcess
Snippet
SnippetAssignment
SocialPersona
SocialPost
Solution
SolutionStatus
SolutionTag
SOSDeployment
SOSSession
SOSSessionActivity
Stamp
StampAssignment
StaticResource
StoreIntegratedService
StreamingChannel
Salesforce Surveys Object Model
Survey
SurveyEmailBranding
SurveyEngagementContext
SurveyInvitation
SurveyPage
SurveyQuestion
SurveyQuestionChoice
SurveyQuestionResponse
SurveyQuestionScore
SurveyResponse
SurveySubject
SurveyVersion
SurveyVersionAddlInfo
TabDefinition
TagDefinition
Task
TaskPriority
TaskRelation
TaskStatus
TaskTag
TaskWhoRelation
TenantSecret
Territory
Territory2
Territory2Model
Territory2ModelHistory
Territory2Type
TestSuiteMembership
ThirdPartyAccountLink
ThreatDetectionFeedback
TimeSheet
TimeSheetEntry
TimeSlot
TimeSlotHistory
Topic
TopicAssignment
TopicLocalization—Beta
TopicUserEvent
TransactionSecurityPolicy
Translation
TwoFactorInfo
TwoFactorMethodsInfo
TwoFactorTempCode
UiFormulaCriterion
UiFormulaRule
UndecidedEventRelation
User
UserAccountTeamMember
UserAppInfo
UserAppMenuCustomization
UserAppMenuItem
UserAuthCertificate
UserConfigTransferButton
UserConfigTransferSkill
UserCustomBadge
UserCustomBadgeLocalization
UserDevice
UserDeviceApplication
UserDeviceHistory
UserEmailCalendarSync
UserEmailPreferredPerson
UserEmailPreferredPersonShare
UserLicense
UserListView
UserListViewCriterion
UserLogin
UserMembershipSharingRule
UserPackageLicense
UserPermissionAccess
UserPreference
UserProfile
UserProvAccount
UserProvAccountStaging
UserProvMockTarget
UserProvisioningConfig
UserProvisioningLog
UserProvisioningRequest
UserRecordAccess
UserRole
UserServicePresence
UserShare
UserTeamMember
UserTerritory
UserTerritory2Association
UserWorkList
UserWorkListItem
VerificationHistory
VisualforceAccessMetrics
VoiceCall
VoiceCallFeed
VoiceCallList
VoiceCallListItem
VoiceCallQualityFeedback
VoiceCallRecording
VoiceCoaching
VoiceLocalPresenceNumber
VoiceMailContent
VoiceMailGreeting
VoiceMailMessage
VoiceUserLine
VoiceUserPreferences
VoiceVendorInfo
VoiceVendorLine
Vote
WarrantyTerm
WaveAutoInstallRequest
WebCart
WebCartHistory
WebLink
WebLinkLocalization
WebStore
WebStoreCatalog
WebStorePricebook
Wishlist (Beta)
WishlistItem (Beta)
WorkAccess
WorkAccessShare
WorkBadge
WorkBadgeDefinition
WorkCoaching
WorkFeedback
WorkFeedbackQuestion
WorkFeedbackQuestionSet
WorkFeedbackRequest
WorkGoal
WorkGoalCollaborator
WorkGoalCollaboratorHistory
WorkGoalHistory
WorkGoalLink
WorkGoalShare
WorkOrder
WorkOrderHistory
WorkOrderLineItem
WorkOrderLineItemHistory
WorkOrderLineItemStatus
WorkOrderShare
WorkOrderStatus
WorkPerformanceCycle
WorkReward
WorkRewardFund
WorkRewardFundType
WorkThanks
WorkType
WorkTypeGroup
WorkTypeGroupMember
Custom Objects
Associated Objects (Feed, History, OwnerSharingRule, and Share Objects)
Data Model
PDF

Newer Version Available

This content describes an older version of this product. View Latest

PermissionSet

Represents a set of permissions that’s used to grant more access to one or more users without changing their profile or reassigning profiles. This object is available in API version 22.0 and later.

You can use permission sets to grant access, but not to deny access.

Supported Calls

create(), delete(), describeSObjects(), query(), retrieve(), search(), update(), upsert()

Child Relationships

PermissionSet has a read-only child relationship with PermissionSetGroup. PermissionSet contains the aggregated permissions for the group.

Special Access Rules

As of Summer ’20 and later, only users who have one of these permissions can access this object:
  • View Setup and Configuration
  • Manage Session Permission Set Activations
  • Assign Permission Sets
  • Manage Profiles and Permission Sets
To view the following settings, assignments, and permissions for standard and custom objects in a specified permission set, the View Setup and Configuration permission is required.
  • Client settings
  • Field permissions
  • Layout assignments
  • Object permissions
  • Permission dependencies
  • Permission set tab settings
  • Permission set group components
  • Record types

Fields

Field Name Details
Description
Type
string
Properties
Create, Filter, Nillable, Group, Sort, Update
Description
A description of the permission set. Limit: 255 characters.
HasActivationRequired
Type
boolean
Properties
Create, Defaulted on create, Filter, Group, Sort, Update
Description
Indicates whether the permission set requires an associated active session (true) or not (false).
IsCustom
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the permission set is custom (created by an admin); if false, the permission set is standard and related to a specific permission set license.
IsOwnedByProfile
Type
boolean
Properties
Defaulted on create, Filter, Group, Sort
Description
If true, the permission set is owned by a profile. Available in API version 25.0 and later.
Label
Type
string
Properties
Create, Filter, Group, Sort, Update
Description
The permission set label, which corresponds to Label in the user interface. Limit: 80 characters.
LicenseId
Type
reference
Properties
Create, Filter, Group, Nillable, Sort
Description
The ID of either the related PermissionSetLicense or UserLicense associated with this permission set. Available in API version 38.0 and later. Use this field instead of UserLicenseId, which is deprecated and only available up to API Version 37.0.
Name
Type
string
Properties
Create, Filter, Group, Sort, Update
Description
The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your organization. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Corresponds to API Name in the user interface. Limit: 80 characters.
NamespacePrefix
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The namespace prefix for a permission set that's been installed as part of a managed package. If the permission set isn't packaged or is part of an unmanaged package, this value is empty. Available in API version 23.0 and later.
PermissionsPermissionName
Type
boolean
Properties
Create, Filter, Update
Description
One field for each permission. If true, users assigned to this permission set have the named permission. The number of fields varies depending on the permissions for the organization and license type.

To get a list of available permissions in the SOAP API, use describeSObjects().

Tip
PermissionSetGroupId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
If the permission set is owned by a permission set group, this field returns the ID of the permission set group. If the permission set isn’t owned by a permission set group, this field returns a null value. Available in API version 45.0 and later.
ProfileId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description
If the permission set is owned by a profile, this field returns the ID of the Profile. If the permission set isn’t owned by a profile, this field returns a null value. Available in API version 25.0 and later.
Type
Type
picklist
Properties
Defaulted on create, Filter, Group, Nillable, Restricted picklist, Sort
Description
Available in API version 46.0 and later.
UserLicenseId
Type
reference
Properties
Create, Filter, Group, Nillable, Sort
Description
ID of the UserLicense associated with this permission set. This field is nillable in API version 26.0 and later and available up to API version 37.0 In API version 38.0 and later, use LicenseId.

Usage

Use the PermissionSet object to query existing permission sets.

For example, to search for all permission sets that contain the “Modify All Data” permission:

1SELECT Name, PermissionsModifyAllData
2FROM PermissionSet
3WHERE PermissionsModifyAllData=true

When combined with the PermissionSetAssignment object, you can create a nested query that returns all users assigned to a particular permission like “Modify All Data”:

1SELECT Name, (SELECT AssigneeId FROM Assignments)
2FROM PermissionSet
3WHERE PermissionsModifyAllData=true

If the permission set isn’t assigned to a user, you can also create or delete a permission set.

User Licenses

The user license controls the permissions that are available in a permission set.

Every permission set can be associated with a user license or permission set license. If you plan to assign a permission set to multiple users with different user and permission set licenses, leave LicenseId empty. If only users with one type of license use this permission set, set the LicenseId to that single user or permission set license. If you want a permission set associated with a permission set license, then set LicenseId to the permission set license. To get the LicenseId, run this query:

1SELECT Id, Name
2FROM UserLicense

Alternatively, to query a user or profile for the LicenseId.

1SELECT Id, Profile.UserLicenseId
2FROM User

Child Objects

When using the API, think of each permission set or related set of access controls as an empty container that you fill with permission records.

In the API, a permission set can contain user, object, and field permissions, and setup entity access settings for other settings, such as Apex classes.
  • ObjectPermissions and FieldPermissions objects are available in API version 24.0 and later.
  • The SetupEntityAccess object is available in API version 25.0 and later.
  • The PermissionSetGroupComponent object is available in API version 45 and later.
Only user permissions are managed in the PermissionSet API object; all other permission types are managed in child API objects.

In these child objects, access is stored in a record, while the absence of a record indicates no access. To return a record in a SOQL query, a minimum permission or setting is required for each child object.

Because permissions are stored in related objects, it’s important to understand what questions to ask when using SOQL. For example, let’s say you want to know which permission sets have “Delete” on an object. You also want to know which ones include permissions that allow approval of a return merchandise authorization (where the approval checkbox is controlled with field permissions). Asking the right questions when using SOQL with permission sets ensures that you get the information you need, such as whether to migrate permissions or assign a permission set to a user.

For example, the following returns all permission sets where the “Read” permission is enabled for the Merchandise__c object.

1SELECT SobjectType, ParentId, PermissionsRead
2FROM ObjectPermissions
3WHERE PermissionsRead = True AND SobjectType = 'Merchandise__c'

You can query for all permission sets that have “Read” on an object. However, you can’t query for permission sets that have no access on an object, because no records exist for that object. For example, the following returns no records because the object must have at least “Read” to return any records.

1SELECT SobjectType, ParentId, PermissionsRead
2FROM ObjectPermissions
3WHERE PermissionsRead = False AND SobjectType = 'Merchandise__c'

If you have at least the “Read” permission on an object, you can create a conditional query on other permissions in the same object. For example, the following returns any records where the object has at least the “Read” permission but not the “Edit” permission.

1SELECT ParentId, PermissionsRead, PermissionsEdit
2FROM ObjectPermissions
3WHERE PermissionsEdit = False AND SobjectType = 'Merchandise__c'

To set an object or field permission to no access, delete the record that contains the permission. For example, to disable all object permissions in the Merchandise__c object for a particular permission set, first query to retrieve the ID of the object permission record.

1SELECT Id
2FROM ObjectPermissions
3WHERE SobjectType = 'Merchandise__c'

Then delete the IDs returned from the query.

If you try to update the object or field permissions by setting all permissions to false, the permission record is automatically deleted. Any subsequent queries for the record ID won’t return results and you must add a new permission record to grant access.

Note

View a Permission Set with Nested Queries

You can build on the PermissionSet object using child relationships that show all of the permissions in a single permission set. For example, the following returns all permission sets and displays the “Transfer Leads” permission, as well as any “Read” permissions on any objects and fields.

1SELECT Label, PermissionsTransferAnyLead,
2(SELECT SobjectType, PermissionsRead FROM ObjectPerms),
3(SELECT SobjectType, Field, PermissionsRead FROM FieldPerms)
4FROM PermissionSet

Associated Profiles

In API version 25.0 and later, every profile is associated with a permission set that stores the profile’s user, object, and field permissions, as well as setup entity access settings. You can query permission sets that are owned by profiles but not modify them.

The following example returns all permission sets, including those owned by a profile.

1SELECT Id, Label, ProfileId, Profile.Name
2FROM PermissionSet
The following returns all permission sets except those permissions owned by profiles.
1SELECT Id, Label, ProfileId, Profile.Name, IsOwnedByProfile
2FROM PermissionSet
3WHERE IsOwnedByProfile = FALSE
Because permission sets have child objects in the API, you can query their values on permission sets owned by a profile. For example, the following returns all enabled object permission records for profiles only.
1SELECT Id,ParentId, PermissionsRead, SobjectType, Parent.ProfileId
2FROM ObjectPermissions
3WHERE Parent.IsOwnedByProfile = TRUE
Once you have the IDs for permission sets that are owned and not owned by profiles, use the PermissionSetAssignment object to see if users can access objects or fields via their profile permissions or their permission sets. For example, the following SOQL query returns all users who have the “Read” permission on the Merchandise__c object. It also specifies whether the permission is granted through a profile or permission set.
1SELECT Assignee.Name, PermissionSet.Id, PermissionSet.isOwnedByProfile
2FROM PermissionSetAssignment
3WHERE PermissionSetId
4IN (SELECT ParentId
5FROM ObjectPermissions
6WHERE SObjectType = 'Merchandise__c' AND PermissionsRead = true)

For permission sets that are owned by profiles, don’t use Name and Label values that are returned in a query. Name and Label values from queries can change.

Note