Definition
A Permission Set is a collection of settings and permissions that grant users access to specific tools, objects, fields, and features without changing their Profile. Permission Sets are additive, meaning they extend what a user can do on top of their base Profile permissions. They are a best practice for managing access in Salesforce.
Real-World Example
At SkyBridge Consulting, most users have a standard Profile that provides read-only access to the Contract object. When a user is promoted to senior consultant and needs to edit contracts, the admin assigns the "Contract Editor" Permission Set. This grants edit access to Contract records without affecting any other user or requiring a new Profile.
Why Permission Set Matters
A Permission Set is a collection of settings and permissions in Salesforce that grants users access to specific tools, objects, fields, and system capabilities without modifying their Profile. Permission Sets are additive — they can only expand what a user can do, never restrict. This solves a critical administrative challenge: without Permission Sets, every unique combination of access requirements would need its own Profile, leading to dozens or hundreds of Profiles that are impossible to manage. Instead, administrators maintain a handful of baseline Profiles and layer Permission Sets on top to grant specific capabilities like 'Edit Contracts,' 'Run Reports,' 'Access API,' or 'Manage Campaigns.'
Permission Sets are considered the modern best practice for access management in Salesforce, and Salesforce is actively moving away from Profile-based permission management. In Spring '26, many granular permissions are being removed from Profiles and will only be configurable through Permission Sets. Organizations that still rely heavily on Profiles for permission management face growing technical debt — each Profile change affects all assigned users, making surgical access adjustments impossible. The Permission Set model provides atomic, reusable permission units that can be assigned, revoked, and audited independently. The key to success is thoughtful design: create Permission Sets around capabilities (what a user needs to do) rather than job titles (who the user is). A 'Report Builder' Permission Set that grants create/edit access to reports is reusable across any role, while a 'Senior Analyst' Permission Set ties to a specific title and becomes brittle when titles change.
How Organizations Use Permission Set
- SkyBridge Consulting — SkyBridge Consulting maintains a standard read-only Profile for all consultants. When a consultant is promoted to senior level and needs to edit contracts, the admin assigns the 'Contract Editor' Permission Set. This grants edit access to Contract records without creating a new Profile or affecting any other user's permissions.
- NovaTech Industries — NovaTech Industries creates 15 capability-based Permission Sets including API Access, Report Builder, Data Export, Campaign Manager, and Knowledge Author. Instead of managing 30 Profiles for different role combinations, they use 3 base Profiles with these 15 Permission Sets. New role requirements are handled by assigning additional sets rather than creating new Profiles.
- Redstone Legal — Redstone Legal uses Permission Sets to manage temporary elevated access. When a paralegal needs to edit Case records for a specific project, the admin assigns a time-boxed 'Case Editor' Permission Set and sets a calendar reminder to revoke it after 30 days. This avoids permanently expanding the paralegal's Profile permissions for a temporary need.