I'm trying to cut down on the number of profiles in one of my Orgs. One way we're using profiles is to enforce business rules, like "Only a ZZZ user may close opportunities as won," which we do by checking the Profile ID:
<validationRules>
<fullName>Changing_an_Opp_to_Closed_Won</fullName>
<active>true</active>
<description>Only the system admin and ZZZ users
can update the stage to closed won</description>
<errorConditionFormula>AND(
AND(ISCHANGED(StageName), IsClosed=True, IsWon=True),
NOT(OR($User.ProfileId == '00eA0000000RhUw',
$User.ProfileId == '00eA00000013Vro'))
)
</errorConditionFormula>
<errorMessage>You do not have the necessary access to mark an opportunity
"Closed Won" Please ask a ZZZ to do it for you.
</errorMessage>
</validationRules>
For almost all other purposes, ZZZ users are identical to other users in their department, and I'd like to combine the profiles while making a permission set for ZZZ users. But I can't figure out what I'd do with validation rules like these. Is there a way to reference permissions/permission sets from formulas? If not, are there other approaches you've seen for this?
Best Answer
I believe such a problem can be solved at the profile level using the new custom Permissions feature and $Permission global variable that is available in Validation Rules/ VF Pages.
For more information on Custom Permissions.
https://www.salesforce.com/us/developer/docs/pages/Content/pages_variables_global_permission.htm