Definition
Custom Permissions is a Setup page where administrators create named permissions that can be assigned to users via Permission Sets or Profiles. Custom Permissions act as feature flags that developers and administrators can check in Apex code, validation rules, and Flows to control access to custom functionality without modifying profiles.
Real-World Example
The developer at CloudBridge Solutions creates a Custom Permission called "Can_Override_Discount." She adds a check in the Apex trigger: if the current user has this permission, they can apply discounts above 30%. The admin then assigns this permission to a "Sales Directors" Permission Set, giving only directors the ability to override the discount limit.
Why Custom Permissions Matters
Custom Permissions in Salesforce are administrator-created named permissions that act as feature flags, controlling access to custom functionality. Unlike standard object and field permissions that govern CRUD access to data, Custom Permissions are boolean switches that developers check in Apex code, validation rules, Flows, and Lightning components to determine whether a user should have access to a specific feature or capability. They are assigned to users via Permission Sets or Permission Set Groups, not directly through Profiles. This approach is powerful because it decouples feature access from data access — you can give two users identical data permissions but different feature permissions using Custom Permissions.
As organizations build more custom functionality and need granular control over who can use what, Custom Permissions provide a cleaner alternative to the common workaround of creating dummy profiles or checking user role hierarchies in code. They are especially valuable for phased feature rollouts, where you want to enable new functionality for a pilot group before a broader release. Custom Permissions also enable ISVs to create licenseable features within managed packages. Organizations that don't use Custom Permissions often end up with hard-coded user ID checks or role-based IF statements scattered throughout their codebase — both of which are brittle, hard to audit, and impossible for admins to manage without developer involvement. Custom Permissions put feature access control where it belongs: in the hands of administrators.
How Organizations Use Custom Permissions
- CloudBridge Solutions — CloudBridge Solutions created a Custom Permission called 'Can_Override_Discount' that is checked in their Apex trigger before allowing discounts above 30%. The admin assigns this permission to a 'Sales Directors' Permission Set, so only directors can override the discount limit. When a new director is hired, the admin simply assigns the permission set — no code changes needed. This replaced a hard-coded list of user IDs that had to be updated by a developer every time the team changed.
- NovaTech Platform — NovaTech uses Custom Permissions as feature flags for their phased rollout process. They created 'Beta_AIRecommendations' and assigned it to 50 pilot users via a Permission Set Group. Their Lightning component checks for this permission and only renders the AI recommendations panel for users who have it. After validating with the pilot group, they expanded the Permission Set Group to all users, rolling out the feature without any code deployment.
- Pinnacle Insurance — Pinnacle Insurance created a Custom Permission called 'Can_Approve_HighRisk_Policy' that is checked in their underwriting Flow. Only senior underwriters with this permission can approve policies with risk scores above 85. The compliance team audits who has this permission quarterly by reviewing the Permission Set assignment report, maintaining a clear audit trail of who can approve high-risk business.