Salesforce DictionarySalesforce DictionaryBaseline access vs additive access
A Salesforce configuration that defines a user's permissions, page layout assignments, field-level security, and app visibility, serving as the baseline set of access controls assigned to each user in the org.
A Permission Set is a collection of settings and permissions that grant users access to specific tools, objects, fields, and features without changing their Profile. Permission Sets are additive, meaning they extend what a user can do on top of their base Profile permissions. They are a best practice for managing access in Salesforce.
| Dimension | Profile | Permission Set |
|---|---|---|
| Assignment | One per user (required) | Multiple per user (optional) |
| Access Model | Sets baseline permissions | Adds permissions on top of Profile |
| Object Access | Full control of CRUD on objects | Grants additional CRUD beyond Profile |
| Login Settings | Controls login hours and IP ranges | Cannot control login restrictions |
| Best Practice | Keep minimal — use as a baseline | Layer extra access for specific needs |
Every user needs exactly one Profile for baseline login and default settings.
Grant additional permissions to specific users without changing their Profile.
Other side-by-side breakdowns you might find useful