Permission Sets

Administrators can provide application-level access to features using permission sets. Some feature access is controlled through a user's profile or at the instance-level (General Settings). Permission sets give Administrators more granular application-level control. Permissions can be granted to user groups or individual users.

Example

The DCR Cleanup in the Inbox feature enables you to process DCRs in bulk. Using permission sets, Administrators can give you access to cancel DCRs in bulk, but restrict your access to reject DCRs in bulk.

Permission sets are currently supported only for the DCR Cleanup feature.

Define a permission set

Create a permission set to give users application-level access to features; for example, the DCR Cleanup feature. Users who are not defined in this permission set will not see the DCR Cleanup feature in the Inbox.

To create the permission:

  1. In the Admin console, click Users & Permissions > Permission Sets.

  2. Click Add Permission Set.

  3. Type a Name and Description.

  4. The Status is Enabled by default. When the permission set is saved, the defined users will have immediate access to the DCR Cleanup feature.

  5. In the Permissions section, choose the operations the users can access.

    • Reject tasks - Bulk reject tasks.

    • Cancel tasks - Bulk cancel tasks.

    • Approve tasks - Bulk approve tasks.

    • Users that have access to these operations can select the tasks from the Inbox or upload a file containing task IDs. These permissions also give users access to the DCR Cleanup page (View Previous Operations option) to monitor their task cleanup operations.

      If a user does not have access to one of the actions, it does not display in the feature.

      Example

      If you give users access to Reject tasks, but not Cancel tasks or Approve tasks, they will only see the option to reject tasks in the DCR Cleanup list.

  6. In the User Groups section, click Add User Groups.

    Select the groups that should have access to the feature and permissions that you have defined.

    Click Add User Group.

  7. In the Users section, add individual users to the permission set. Click Add Users and select the specific users.

  8. Save your changes.

    Users assigned to this permission set will now have access to the DCR Cleanup feature.

Audit

Administrators can track the changes to permission sets in the System Audit Log.

Tip: To filter the logs, use the PermissionSet object type.

The following activities are tracked:

  • Enabling and disabling a permission set.

  • Changing a permission set: permissions, user groups, and users.