A permission set can be described as a collection of extra permissions and settings that extends users’ existing permissions. Permission sets can be used to give extra permissions to users without modifying their profiles. User can have only one profile but they can have multiple permission sets assigned to them. This way, you can have minimum profiles in the system but give various permissions to specific people.
Permission sets can be assigned only to users. It is not possible to assign a them to a public group, role, or profile. Read this article to learn more about permission sets.
There are two different way to assign a permission set. First one is directly from the user record.
Second way is opening the permission set and clicking on the Manage Assignments button.
You have to go to the setup to perform both of these actions, which means that you need admin permissions.
However, using a flow, it is possible to build a screen that lets the current user select a user and a permission set to assign to him/her. This would be a great admin tool for manual assignments. It is also possible to build a record-triggered flow to automatically assign permission set(s) when a user becomes active. This is a great way to reduce manual work. You can read this post to learn about flow types and their differences.
Building a Screen Flow to Assign Permission Sets
1- Create a new screen flow and add screen element as the first element of the flow. Add the lookup element that will let the you select a user. Then add a picklist element, which will display the permission sets in the system. In order to do so, create a record choice set that will display only the permission sets. If you want the flow to display only a few permission sets and not all of them, add your criteria.
Picklist field should display the label of the permission set but store the Id of the selected record. Optionally, store the label of the selected record, it will be useful when displaying a message to the user.
Optionally, rename the Next/Finish button as “Assign”. This will make the user think that he/she doesn’t need anything else to do. And yes, actually the user doesn’t need to do anything else, flow will do everything.
Your screen should look like this.
2- Add a Get Record element and get the PermissionSetAssignment record to check if the selected user already has this permission set.
3- Add a Decision element to check if the selected permission set is already assigned to the selected user.
4- If it is already assigned, you cannot assign again. So, you will need to display a message to the user. Add a new Screen element to display a message. Optionally, rename the Previous button as “Assign Another”. Since you stored the label of the selected permission set in the first step, use it in the error message. This will make the error more clear.
5- If it is not assigned before, then create a new PermissionSetAssignment record to assign the it to the selected user.
6- At the end of the flow, display a success message to let the user know that it was assigned successfully. Like you did in the 4th step, rename the Previous button as “Assign Another” and use variables in the message.
At the end, your flow should look like this. Optionally, make the flow run in the system context.
Record-Triggered Flow to Automatically Assign a Permission Set
Let’s create a record-triggered flow that will automatically assign a permission set called “SSO” when a user becomes active.
1- Create a Record-Triggered flow and choose to run it after create/update. Select User as the object and enter the criteria. So that the flow will run only when a user becomes active.
2- Add a Get Records element to get the permission set record that is called “SSO”. To assign it, you need the Id of the permission set. You can use a hardcoded value but if you do so, don’t forget to change it after you deploy to other environments.
3- Add another Get Records to check if it is already assigned. In order to do so, you have to get the PermissionSetAssignment record according to the user Id and permission set Id that you got in the previous step.
4- Add a Decision element to check if the permission set is already assigned to the selected user.
5- If it is not assigned, then add a Create Record element to create a PermissionSetAssignment record. This action will assign the permission set to the user.
At the end, your flow should look like this.
These are some simple flows to assign permission sets. You can improve them and add more logic according to your needs. Don’t forget, the idea is to help the users. Try to automate the process to reduce time or give the users more capabilities that they cannot perform using the standard permission set assignment screen.