Permission Set Groups

Salesforce says it clearly for quite a while and at the same time doesn’t fully allow us to do it – migrate from Profiles to Permission Sets.

In Spring ’20 they made the Permission Set Groups generally available and we are able to play with new ways how to setup permissions in our instances.

The biggest difference between Profiles and Permission Sets – as you know for sure – is that each user has to have one profile and can have one or more permission sets. The rights get extend with every new privilege, you cannot remove it if some other profile/perm set allows it.

The problem was, that at some instances there were a lot of permission sets and admins weren’t really sure, which they should assign to users and forget some of them – Permission Set Groups to their rescue. And when Salesforce was at it they also created a way we can mute certain permissions to maybe simplify our permission sets model.

The muting part catch my attention, so I did some testing to see, what I need to change when implementing it.

Migrate Profiles to Permission Sets

It is probably obvious but you don’t really believe it at the beginning. We (I) were so used to the coexistence of profiles and permission sets that it really didn’t matter where I set things as long as it fulfilled the request and don’t over extend the rights.

Sadly, the muting permission sets can only mute things set by permission sets in the Permission Set Group. So if you profile says that person has right to delete accounts and edit their web field, there is nothing you can do about it. You need to create a permission set, migrate these permission into it, assign it to all people with that profile and finally remove it from profile.

The same goes for record types – if you want some record types mute for users you need to set them in permission set.

Or if you assign permission set with these rights directly to user (and not via group) you cannot do anything about it. Remove permission sets from users, assign them to permission set group, which is assigned to users.

How to set it

It is super easy at the end. There is a new section in Setup, where you can create a new Permission Set Group.

Permission Set Groups

It is super simple inside, basically just two sections on top and super important part in the bottom.

Permission Set Group detail

At the top you link your existing Permission Sets, which should be included in this group. You can also add (and create) muting permission sets, which are visible only here and you cannot see them between other Permission Sets.

The bottom section is as important as the top one. Here you can see the result, can quickly check any object or anything and see what it will mean for the user, which permission they will really have.

The muting permission set looks about the same as standard permission set, it just have some extra columns everywhere.

Muting Permission Set

For example on object settings you cannot edit the „Enabled“ columns (including Read and Edit access) as they are inherited from the permission sets you included in the group as well. But you can edit the „Muted“ columns and mute things you don’t like.

At the end you assign the group to users the same way you would do with Permission Sets and it is visible on the user in the same way.

Continuous Integration?

You might be one of those who use repository and their source of truth isn’t in the instance. You have all your Profiles and Permission Sets there and you really like that you can download your PermissionSetGroup records as well. Sadly the MutingPermissionSet metadata aren’t supported by Salesforce DX at the moment (version 7.56.1), but it will be available soon (hopefully).

How universal is it?

I started this whole quest because of one client, who had a problem with Enhanced Notes editing. For some unknown reason inside Salesforce, only the author of the note (and those with Modify All Data) can edit it, because „you can only give others viewer access, because Notes does not support simultaneous editing. If multiple people edit a note at the same time, they overwrite each other’s content.“ Yeah, there is an idea for it.

At the time of tests for some reason the Modify All Data assigned through permission sets didn’t work, according to support it works as designed.

But when you grant the same permission on Permission set, as per permission sets functionality it grants extended access to the users who do not has access to specific functionality, this permission is not object specific and is not related to any specific functionality due to which all the basic permissions are taking into consideration for profile. For more details you can check

I didn’t really get the explanation but it doesn’t matter as now it works as expected – you assign Modify All Data in permission set and you can then mute for example Delete right for one object. Magic, but exactly the one I like.

Will I migrate?

Well, it is tempting, but at the same time for most of my clients I’m more than happy with profiles, they are also supported everywhere (page layouts, Lightning Page assignments and such things) so I don’t feel that migration to permission sets would be beneficial.

Napiš komentář, díky!

Marketing Cloud Rocks

Mass marketing is for marketing dinosaurs. Digital marketing is old-school. We have already stepped out of these types of marketing. We live in the era of emerging Intelligent Marketing, which is totally transforming the customer experience.

Marketing department is no more a team of people who just plan campaigns to spam people. Marketing experts are working on deploying intelligent marketing strategies which nurture potential customers and engage with the existing ones through relevant communication channels (email, SMS, push notifications, social media, etc.)

This is all of course backed by customers’ consent and preference in accordance with the GDPR. Intelligent marketing strategy also includes data source connection and data organization, audience segmentation and customer experience optimization, web and email personalization with artificial intelligence, as well as deep data analysis and reporting. All of the above and much more is supported with the help of Salesforce Marketing Cloud (SFMC) – the most powerful and transforming marketing tool ever.

Covering all the simple and complex functionalities that Marketing Cloud can handle would be worth writing a whole book or even a series of them. Here and now I would like to cover some of the most useful SFMC points from my perspective. Let’s dive in.

Keep up your IP reputation as your personal one

Billions of emails are sent out by Marketing Cloud every day. No matter how big your email campaigns are, you need to maintain a good IP reputation.

Improving your deliverability is a continuous process and not just one-time action. My suggested approach is to proactively remove hard-bounced email addresses by placing them in a suppression list, unsubscribing them or even removing them completely, otherwise it could drastically harm your reputation among ESPs.

Tip: track those hard-bounced addresses from each sent email by going in Email Studio, then Tracking, and then Sends.

Remember hygiene. Data hygiene

Marketing Cloud can help you identify inactive subscribers and you can decide whether to dive deeper to find the reason of their inactivity and try to nurture them further or consider deleting those contacts.

My suggested action: place inactive subscribers separately in a suppression list, or delete them completely to reduce the cost of All Contacts and to maintain capacity for those engaged with your brand and communication.

Tip: create a Report of Unengaged Subscribers for a List in Analytics Builder.

In case you want to see the flip side of the coin and get those most active customers whom you want to reward and target with a special marketing campaign, there is another type of report to discover. Customer Engagement is measured in Marketing Cloud by clicks and opens of the emails delivered. To get this information, simply run Subscriber Engagement Report from Analytics Builder.

Butterfly Effect in Solution Design

When managing several Business Units in Marketing Cloud, there is one important architecture consideration for Enterprise 2.0 accounts: think about unique identifiers for your subscribers in advance. Each of your subscribers, no matter in which Business Unit they are held, should have their unique specified subscriber key in the data relationship.

Imagine this situation: you have the same subscriber key (12345) for two different subscribers with different email addresses who are held in two different BUs. One time you send an email to the subscriber held in BU 1, so there is a new subscriber created in All Subscribers list with their own subscriber key. After a while, another email campaign is built in BU 2 and you send an email to another subscriber in BU 2, but with the same key as the previously mentioned subscriber. Marketing Cloud will search for the key, find the already existing one and send your email to this subscriber’s email address from BU 1. That is not the desired action, right?

My suggested action: to prevent this situation from happening, consider a unique identifier for subscribers held across all SFMC Business Units.

SFMC Buttefly effect

Add a personal touch to the emails

In Marketing Cloud, we build targeted, engaging and personalized emails. Each email is unique for every single customer: the very opposite of spamming. Here are the tools supporting smart email building (ranked from the easiest on the top to the advanced options at the bottom):

Being a reporting hero

Despite the lack of advanced custom reporting in Marketing Cloud (for now), you can still use the available reporting toolset across the platform.

If you want some standardized reporting data, check the 65 options available in Standard Reports. If you want to explore the performance of each and every email sent out, go to Email Studio, then Tracking, and then Sends. All information regarding mass, single, triggered sends, journey emails as well as the results of A/B testing are held here. Journey performance can be found in Journey Analytics Dashboard (when integrated with Google Analytics 360, you can see even more insightful integrated data!)

Do you want to dive into something more advanced? Go for it and query raw data from Data Views in the backend of Marketing Cloud. The full list of available attributes is available here.

Go above and beyond

Out of the box functionalities are great but might not meet all your business requirements. And this is where Marketing Cloud is extremely flexible again! There are many options for customization, from creating custom content blocks for Content Builder to building custom activities for Journey Builder or creating your own Marketing Cloud App that can be „iframed“ into the platform.

Tip: explore or contact Isobar experts.


Marketing Cloud is a powerful tool that can help you understand the behavior of your customers, use artificial intelligence for personalization and engage your customers across the entire journey. The sheer quantity and broad potential of Marketing Cloud requires good knowledge of the business and a creative approach. If you are not sure that your approach can bring the desired results, feel free to engage the support of an experienced Salesforce partner. Their assistance and guidance will drive better results and help you avoid many pitfalls along the way.

Ekaterina Obolenskaya

Ekaterina Obolenskaya is a certified Senior Salesforce Marketing Cloud Solution Architect and Developer working and delivering in Isobar Switzerland. She has also been named as Salesforce Marketing Champion. She has acquired extensive work experience as SFDC Specialist and her current role of SFMC professional enables her to support smart digital transformation and improvements of marketing processes for a large number of international companies. She is also a long-time Trailblazer and Salesforce enthusiast who participates in and supports various Ohana events.

Napiš komentář, díky!

Heroku Architecture Designer

I had this certification on my list the moment I found about it. Which was a long time ago and I’ve been postponing and postponing and had more important things to do.

Salesforce Certified Heroku Architecture Designer

But as I finished reading of the Mastering Salesforce DevOps book (which has nothing to do with Heroku) I found the time and energy, because the DevOps process still fascinates me.

Actually the best driver to pass this exam was the article from John Tucker, which – surprise, surprise – isn’t really that much relevant for the exam (from my experience), but nicely shows what is possible. All the buildpacks, slugs, dynos, releases, continues integration, review apps. Looks AWESOME, I have no usecase for half of that, but I watched every single video on that page, even though I hate videos as much as possible.

Susannah article brought the important things to my attention and then it was matter of going through Heroku documentation, read every single article there and play a bit with what I could.

Done, certification ready, certification booked and it will start in next 10 minutes, quickly update Kryterion software, click through the test return back to a few questions and fail by one answer. Nice, great to know that I have 100 % knowledge of Heroku, but I didn’t excel in Security.

Ok, I knew which answers were wrong, refresh the knowledge and book another exam, this time the first slot was in a month period 🙁

You really should know about the difference between Common Runtime and Private Spaces, VPN connections and routing and what can communicate with what, I didn’t have probably a single question about Redis, quite a few about Postgres and one or two about Kafka. Been surprised that some things are always served from US (Data Clips, PGBackup and Logplex). Enterprise teams, SSO, logging, Heroku Connect and a few extra things.

Yeah, I really will be DevOps in my next life, all the integrations with AWS or Google, the technology looks awesome. I might create some nice data center in my backyard.

Ready, steady, go and pass, another crossed on my list. What’s next – Marketing Administrator or something from MuleSoft? Recommendations?

Napiš komentář, díky!

Post to Chatter when new user is created

Two motivations for writing this post. The first one was customer of mine, who wanted to add a new community user to a few Chatter groups, based on some variables. The second one was Matt Brown, who wanted to post to a user Chatter feed upon joining.

Both solutions are super simple, till the moment they will become complex. And both face the same challenge.

First of all, create a process builder, which will start it. Nothing fancy here except the delay – you cannot run the flow (or update anything on user) in the same operation as you would get an mixed DML error. The easiest way out of this problem is to set it as scheduled action which runs 0 days after created date and problem is solved.

Process builder to start flow

Second part is the flow, which is super simple, it has just one design element – Create new record. A few fields are needed, I found important the Network Scope, which is the id of the community (I know, I know, hardcoded).

Flow definition

If you want to add them to some groups you need to create Group Member records with Group id, member id, network id and collaboration role.

Done, that was easy.

Not that quickly!

It was easy and it works great. As long as you create your users as an admin. The moment you will allow them to self register it will fail., most likely with the following error:


The problem is, that the records are created by guest user and you cannot really extend its rights. And from what I found it looks that writing some APEX will not help.

I tried Platform Events, because they looks awesome, but no success. The problem is that you have no running user under which identity you can run the action. One other solution was to send email to Email Service and write the code to handle it. But that means code.

The third way I tried was the Mass Action Scheduler written by famous Douglas C. Ayers. It is a managed package which you install, add Named Credentials and do some simple configuration. And it is so powerful!

Mass Action Scheduler

First of all you install the package via one of the link at Release Notes (the latest, right).

It will tell you how to proceed with the configuration and automatically create all the need things. All you have to do is to wait (we are quite good at such things in these times) and then edit Named Credentials, save and enter your login details. Now the real fun starts.

Create a new configuration, choose some nice name and Named Credentials it should use.

Mass Action Configuration 1

Second step – choose source of your data. This one is a bit tricky, as you cannot relate to something like „no processed yet“, so I selected all created today and do the checking in my flow. But you can also update the flow above with some updating of user record and here select only those relevant one.

Mass Action Configuration 2

Third one is choosing the right flow.

Mass Action Configuration 3

Fourth one is about mapping fields – your flow has one input variable and this one is available here.

Mass Action Configuration 4

Last one – when it should run. I chose every hour every day, Salesforce will handle it.

Mass Action Configuration 5

Done. Cross your finger, let first user self-register and on the hour you will know, whether you succeeded. I hope that you will, as did I. Good luck!

Napiš komentář, díky!

Quickly edit records in Salesforce

There are features in Salesforce most users don’t know about, which can make their life easier and work quicker. Also reason why I hate to use record types as much as possible. And things I usually forget to tell new users.

Edit multiple records at once

It was here forever, in Classic you had to enable it and it was one of the first thing I enabled – enable multiple records at once from list view.

When you slowly move your mouse over records at list view and take a good look you might spot it – the cursor sometimes changes to pencil. That is the place!

Edit in list views

And it is also reason why Salesforce in Lightning allows you to wrap lines. The idea is simple – you might be able to edit records in a similar way as in Excel, directly in list views and then save it all at once!

When it doesn’t work?

There are a few reasons why you might not see pencil but rather a lock.

  • you have multiple record types in a view, in such case you need to filter for specific record type;
  • the field isn’t on a page layout;
  • the field is on a page layout but read only;
  • the field is DateTime or standard fields of specific types – read the whole list of exceptions at Salesforce site.

Quickly edit a specific field on a record

Ok, what if it isn’t possible to edit a field in list view but you still want to make it easy for users and minimise number of clicks?

Some users found out, that they don’t have to open a record, click on the pencil next to a field and edit the value, but they can click on the arrow of right side in a list view and edit right from there, in a dialog. Not bad, about one click less, it might be also quicker to load. But what if they want/need to open the detail, to check something and then update the value?

Quick Actions to win!

That’s exactly the moment for Update quick action. I love them from the moment Jodie showed them to me at London’s Calling and this is perfect example.

You create Update quick action and put the fields you need to be able to quickly edit on its layout. Plus you can predefine some values. And then just add it on a page layout and when user click on the button they can see and immediately edit the fields they need, plus the values can be preset for them. Click Save and they saved some time as it is usually way quicker than to edit the whole form.

Update Quick Action

Napiš komentář, díky!