Skip to content
Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Object-Level Security entry
How-to guide

How to grant object permissions on a permission set

Object permissions are granted on a profile or, preferably, a permission set. Here is the modern point-and-click flow for granting object access on a permission set and assigning it to a user, so you add access without editing the user's profile.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated Jun 16, 2026

Object permissions are granted on a profile or, preferably, a permission set. Here is the modern point-and-click flow for granting object access on a permission set and assigning it to a user, so you add access without editing the user's profile.

  1. Open or create the permission set

    In Setup, go to Permission Sets, then open an existing set or click New to create one. Give it a clear, role-based label such as Case Worker so its purpose is obvious to the next admin.

  2. Go to Object Settings

    Inside the permission set, click Object Settings (or Assigned Apps then Object Settings). This page lists every object the permission set can grant access to, with the current permission level beside each one.

  3. Select the object and edit permissions

    Click the object you want to grant, for example Case, then click Edit. Tick the object permissions the role needs, such as Read, Create, and Edit, and only add View All or Modify All when org-wide reach is truly required.

  4. Save the permission set changes

    Click Save. Salesforce stores the object permissions on the permission set immediately, but no user has them yet until the set is assigned.

  5. Assign the permission set to users

    From the permission set, click Manage Assignments then Add Assignments, pick the users, and save. Their effective object access now includes these grants on top of whatever their profile already allowed.

Readremember

Lets the user view records of the object. The minimum required for the object to appear in the UI and API.

Create / Edit / Deleteremember

Layered write permissions; each includes the ones below it, so Delete implies Edit and Read.

View All Recordsremember

Grants visibility of every record of the object regardless of sharing. Use for reporting or admin-style roles only.

Modify All Recordsremember

Grants read, edit, delete, transfer, and approve on every record regardless of sharing. Treat as a near-admin privilege.

Gotchas
  • Permission sets are additive only. To take access away you must edit the profile or the org-wide model, not the permission set.
  • View All and Modify All ignore sharing rules. Granting them by accident can expose every record of the object at once.
  • A new custom object grants no access until you add object permissions; a blank app for users is usually this, not a sharing problem.
  • Object Read alone is not enough to see records. The org-wide default and sharing rules still decide which specific records appear.

See the full Object-Level Security entry

Object-Level Security includes the definition, worked example, deep dive, related terms, and a quiz.