SessionPermSetActivation

The SessionPermSetActivation object represents a permission set assignment activated during an individual user session. When a SessionPermSetActivation object is inserted into a permission set, an activation event fires, allowing the permission settings to apply to the user’s specific session. This object is available in API versions 37.0 and later.

Supported Calls

create(), delete(), describeLayout(), describeSObjects(), query(), retrieve()

If you include session-based permission sets in a permission set group, the permissions in them don’t require session-based activation for users assigned to the group.

Note

Special Access Rules

As of Summer ’20 and later, only users who have one of these permissions can access this object:

View Setup and Configuration
Manage Session Permission Set Activations

Fields

Field Name	Details
AuthSessionId	Type reference Properties Create, Filter, Group, Sort Description The session ID related to this permission set assignment for its duration. This is a relationship field. Relationship Name AuthSession Relationship Type Lookup Refers To AuthSession
Description	Type string Properties Create, Filter, Group, Nillable, Sort Description The session details, such as device used and browser.
PermissionSetGroupId	Type reference Properties Create, Filter, Group, Nillable, Sort Description The permission set group ID related to this permission set group assignment and user for its duration. This field is available in API version 53.0 and later. This is a relationship field. Relationship Name PermissionSetGroup Relationship Type Lookup Refers To PermissionSetGroup
PermissionSetId	Type reference Properties Create, Filter, Group, Sort Description The permission set ID related to this permission set assignment and user for its duration. This is a relationship field. Relationship Name PermissionSet Relationship Type Lookup Refers To PermissionSet
UserId	Type reference Properties Filter, Group, Sort Description The user ID of the user to whom this permission set assignment applies for its duration. This is a relationship field. Relationship Name User Relationship Type Lookup Refers To User

Usage

Use SessionPermSetActivation to create a permission set available only for a specified session’s duration. For example, create permission sets that provide access to specific applications only during authenticated sessions.

In the following Apex example, an identified session is activated after session information is submitted via a button. Successful activation results in a confirmation message displayed to the user.

1public class SessionPermSetActivationController {
2    // id of the session permission set to be activated
3    private final String sessionPermSetId = '0PSxx00000004rJ';
4    private final String sessionId; 
5    
6    public SessionPermSetActivationController() {
7        Map<String, String> sessionManagement = Auth.SessionManagement.getCurrentSession();
8        String parentSessionId = sessionManagement.get('ParentId');
9        String currentSessionId = sessionManagement.get('SessionId');
10        
11        sessionId = parentSessionId != null ? parentSessionId : currentSessionId;
12    }
13    
14    public PageReference activate() {
15        // activate the permission set
16        SessionPermSetActivation activation = new SessionPermSetActivation();
17        activation.AuthSessionId = sessionId;
18        activation.PermissionSetId = sessionPermSetId;
19        activation.Description = 'created by SessionPermSetActivationController';
20    
21        insert activation;
22        return null;
23    }
24    
25    public boolean getActivated() {
26        Integer alreadyActivated =  [SELECT count()  
27            FROM SessionPermSetActivation  
28            WHERE AuthSessionId = :sessionId
29            And PermissionSetId = :sessionPermSetId  LIMIT 1];
30        return alreadyActivated > 0;
31    }
32}
33
34
35<apex:page controller="SessionPermSetActivationController">
36      <apex:outputPanel rendered="{!!Activated}">
37          <h3>Activate Session Permission Set</h3>
38          <br />
39          <apex:form >
40                <apex:commandButton action="{!activate}" value="Activate" id="activateButton"/>
41          </apex:form>
42      </apex:outputPanel>
43      <apex:outputPanel rendered="{!Activated}">
44          <h3>Session Permission Set is already active.</h3>
45      </apex:outputPanel>
46</apex:page>

To deactivate a session-based permission set for the current session, delete the matching SessionPermSetActivation record. Removing that record ends the activation for that permission set in that session. In this example, a deactivate() method is added to the class from the previous example.

1public PageReference deactivate() {
2    List<SessionPermSetActivation> activations = [
3        SELECT Id
4        FROM SessionPermSetActivation
5        WHERE AuthSessionId = :sessionId
6            AND PermissionSetId = :sessionPermSetId
7    ];
8    if (!activations.isEmpty()) {
9        delete activations;
10    }
11    return null;
12}

Object Reference for the Salesforce Platform

SessionPermSetActivation

Supported Calls

Special Access Rules

Fields

Usage