Are there any books, tutorials or whitepapers out there that recommend a strategy how to cope with the complexity of profiles and permissions in big Salesforce orgs?
You find fragments of that in blogs and help articles but I am looking for a complete view of this topic including:
- How to migrate from profiles to permission (sets)
- How to govern the quality of single perm sets, so they don't overlap too much.
- Which tools support managing permissions
Best Answer
This is a pretty broad question. Keep in mind that sharing and visibility now has an architect level certification all to itself. I don't think any single post here can encapsulate all that you need to know to manage it effectively. But to start off with what salesforce recommends, check out Trailhead's official "Architect Journey: Sharing and Visibility" cert guides here. You can check out the "Sharing and Visibility" section." These were resources hand picked by current Technical Architects.
I'd also check out Dreamforce Video - so many profiles so little time
Some other discussions on Best Practices
Configuring Salesforce Profiles: Tips I Wish Someone Told Me from the Start
Salesforce Blog Where Permission Sets shine
Permission Set Best Practice: Reuse, Reduce, Recycle
Permission Sets: The Elegant Solution to Preventing Permissions Chaos
How to build a rocks solid role heirarchy
Getting into actual tools to help you out, for comparing you have several good options, including:
For managing permissions, the main tool I know of is The Permissioner, or list views of profiles.