The sObject API is an important part of permission sets, allowing you to perform tasks that you cannot perform through the permission set UIs. Some administrators may already be comfortable with the salesforce.com sObject API, but for those who are not, it is possible to make use of the API without writing a bunch of source code by making use of the salesforce Workbench at http://workbench.developerforce.com/. While the Workbench has a great query builder interface, below are some example queries.
Users With A Permission Like Modify All Data
Because a user’s effective permissions are determined by both their profile and all assigned permission sets, it actually requires two queries to determine which users have a particular permission. The first query asks the question what users are assigned to a profile that contains ModifyAllData. The second query asks the same question, but for permission sets.
SELECT Id, Name FROM User WHERE ProfileId IN (SELECT Id FROM Profile WHERE PermissionsModifyAllData = true)
SELECT AssigneeId, Assignee.Name FROM PermissionSetAssignment WHERE PermissionSet.PermissionsModifyAllData = true
In a previous section, it was suggested that adding tokens to your permission set names or descriptions may be useful. Here is a query that looks for a token within a permission set description:
SELECT Id, Name, Description FROM PermissionSet WHERE Description Like '%#salesrep#%'
Mass Assign Permission Sets to Users
It is possible to perform mass assignment of permission sets via the sObject API. This is performed by inserting PermissionSetAssignment records (unassigning is nothing more than deleting the PermissionSetAssignment records). To perform this operation with a spreadsheet and the Workbench, follow these instructions:
Select “Insert” from the “Data” menu at the top of your browser window.
Select PermissionSetAssignment from the ObjectType menu
Select the “From File” radio button and choose your CSV-formatted spreadsheet.
Click “Next”
Map the columns from your spreadsheet as appropriate.
Click “Map Fields”
Choose whether you wish to process the request asynchronously
