Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
/
Create the Administrators Permission Set Group (Code)
Create the Administrators Permission Set Group (Code)
This documentation provides a walkthrough demonstrating how to execute our permission-set group creation Apex Script via the Developer Console in your Salesforce org.
Admin access with Apex permissions is required to execute Apex Scripts from the Developer Console. Only users with administrative access should perform this activity. Please verify your access with your Salesforce Admin before executing this script.
APPLIES TO | CUNEIFORM FOR CRMFIELD AND DATA MANAGEMENT
Create the Admin Permission Set Group
Create the Cuneiform for CRM: Administrators Permission Set Group
ONE MINUTE
To simplify access management to Cuneiform for CRM, we’ll create a permission set group named Cuneiform for CRM: Administrators to manage profiling access for Salesforce org users. This group will manage all permission-set and end-user assignments representing Cuneiform for CRM: Administrators.
About this Apex Script
We’ve created an Anonymous Apex script to create our Cuneiform for CRM: Administrators permission set group. This permission set group manages access administrative / profiling access to Cuneiform for CRM within your Salesforce org. The script will:
Check if the Cuneiform for CRM: Administrators permission set group exists
If it exists – it does nothing and confirms to the user that the group was found
Otherwise – it attempts to create the permission-set group
The script will provide output to the user explaining the script outcome. You can use this script to create this permission-set group programmatically. Alternatively, you can follow these steps to create the group declaratively via Salesforce Setup.
Execute the Anonymous Apex Script
Please copy this script to your clipboard. You can execute it against your Salesforce org via SFDX, your Salesforce IDE (ex. VSCode), or the Developer Console.
We provide guidance on executing this script via the Developer Console below. Open this expand-element to see the Anonymous Apex script – and copy it to your clipboard.
Open this expand-element to see the Anonymous Apex script – and copy it to your clipboard.
/**
* ─────────────────────────────────────────────────────────────────────────────────────────────────┐
* Anonymous Apex to create our Administrative Permission-Set Group
* Actions performed by this script:
*
* * [1:] Verify that our Administrative Permission-Set Group exists
* * [2:] If it does not -- then create the Administrative Permission-Set Group
* * [3:] Associate the Connected App Permission-Set with the Administrative Permission-Set Group
*
* This script was created to run before exercising the Control Panel to validate the installation.
* It automates the configuration steps described in the Cuneiform for Salesforce product documentation
* via https://jira-peernova.atlassian.net/wiki/spaces/CFCPD/pages/2596798483/
*
* See https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_permissionsetgroup.htm
* and https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_permissionsetgroupcomponent.htm
* for details on the necessary object and security permissions required to create a permission-set group,
* associate a permission-set, and and execute this script successfully.
* ─────────────────────────────────────────────────────────────────────────────────────────────────┘
*/
// Initialize local variables
String permSetGroupLabel;
String permSetGroupApiName;
String permSetGroupDesc;
Boolean permSetGroupSessionActivationRequired;
List<PermissionSet> adminPermSet;
String adminPermSetApiName;
List<PermissionSetGroup> adminPermSetGroup;
PermissionSetGroup permSetGroup;
Boolean exceptionOccurred;
DmlException caughtException;
// Default constants we use in our script for layout and testing / debugging purposes
Boolean testException = false;
String spacer = ' ';
String border = '---------------------------------------------------------------------------------------------------------------------------------';
String testExceptionMessage = 'This is a test exception to verify that the script can handle exceptions.';
// Initialize success messages (so we don't have to repeat them)
String successLine1 = spacer + 'Nice work! Please visit';
String successLine2 = spacer + 'https://peernova.link/cuneiform/fdm/setup/step-004';
String successLine3 = spacer + 'to complete the next permission-set group configuration step: Assign Permission-Sets and Users.';
// Initialize local variables (do not change these values)
adminPermSetApiName = 'Cuneiform_for_CRM_Administrative_User';
permSetGroupLabel = 'Cuneiform for CRM: Administrators';
permSetGroupApiName = 'Cuneiform_for_CRM_Administrators';
permSetGroupDesc = 'This permission set group manages the collection of permission sets required to support administrative access to Cuneiform for CRM. Org Admins can assign this group to users that should have profiling capabilities within their Salesforce Org.';
permSetGroupSessionActivationRequired = false;
System.debug(border);
System.debug(spacer + 'Cuneiform for CRM: Field and Data Management: Configuration Apex Script');
System.debug(spacer + '2. Verify that the Administrative Permission-Set Group exists.');
// First, let's verify that our Administrative Permission-Set exists (verifying we're installed)
adminPermSet = [SELECT Id FROM PermissionSet WHERE Name = :adminPermSetApiName];
// Was a valid Permission Set found?
if (adminPermSet.size() == 0) {
// Output that the permission-set was not found -- and needs to be verified
System.debug(border);
System.debug(spacer + 'The Administrative Permission-Set "' + adminPermSetApiName + '" was not found.');
System.debug(spacer + 'Please ensure that Cuneiform for CRM is installed and that you have system administrator');
System.debug(spacer + 'level access to complete the installation.');
System.debug(spacer);
System.debug(spacer + 'You can install Cuneiform for CRM by opening our appexchange listing at');
System.debug(spacer + 'https://peernova.link/cuneiform/install/fdm/appexchange');
System.debug(spacer + 'Click on the "Get It Now" button to install Cuneiform for CRM: Field and Data Management.');
System.debug(border);
} else {
// Next, let's see if our Permission-Set Group exists
adminPermSetGroup = [SELECT Id FROM PermissionSetGroup WHERE DeveloperName = :permSetGroupApiName];
// Was the administrative permission-set group found?
if (adminPermSetGroup.size() > 0) {
// If so, output that the permission-set group and its configuration was verified
System.debug(border);
System.debug(spacer + 'The Permission-Set Group [' + permSetGroupApiName + '] was successfully verified.');
System.debug(spacer);
System.debug(successLine1);
System.debug(successLine2);
System.debug(successLine3);
System.debug(border);
} else {
// If not -- then let's create one
permSetGroup = new PermissionSetGroup();
// Default the permission-set with the values we've defined
permSetGroup.DeveloperName = permSetGroupApiName;
permSetGroup.MasterLabel = permSetGroupLabel;
permSetGroup.Description = permSetGroupDesc;
permSetGroup.HasActivationRequired = permSetGroupSessionActivationRequired;
// Create the permission-set
try {
// Test to see if we should throw an exception
if (testException) {
throw new DmlException(testExceptionMessage);
// Otherwise, insert the permission-set
} else {
// Insert the permission-set
insert permSetGroup;
// Audit that no exceptions took place
exceptionOccurred = false;
}
} catch (DmlException e) {
caughtException = e;
exceptionOccurred = true;
}
// Output that the permission-set was verified and already exists
System.debug(border);
System.debug(' The Permission-Set Group [' + permSetGroupApiName + '] was not found; attempting to create it.');
if (exceptionOccurred) {
System.debug(spacer + 'An error occurred while attempting to create the Permission-Set Group [' + permSetGroupApiName + '].');
System.debug(spacer + 'Error Message: ' + caughtException.getMessage());
System.debug(border);
System.debug(spacer + caughtException.getStackTraceString());
System.debug(border);
System.debug(spacer + 'DML exceptions often occur because of rights or access permissions. Please verify that');
System.debug(spacer + 'the user executing this script has the necessary rights to create a permission-set.');
System.debug(spacer + 'Try executing this script again once you have addressed the root cause of this exception.');
} else {
System.debug(spacer + 'The Permission-Set Group [' + permSetGroupApiName + '] was successfully created.');
System.debug(spacer);
System.debug(successLine1);
System.debug(successLine2);
System.debug(successLine3);
}
System.debug(border);
}
}
Execute Our Permission-Set Group Creation Apex Script
Follow these steps to open the Developer Console and execute our Cuneiform for CRM: Administrators permission set group creation script. This script will create the Administrators permission set group in your Salesforce org.
Copy the Anonymous Apex Script to your clipboard.
Log into your Salesforce org – and launch the Developer Console.
Launch the Developer Console via the Gear Icon used to Open Salesforce Setup.
Launch the Execute Anonymous window from within the Developer Console. The Execute Anonymous Window modal is available on the Debug menu.
Open the Execute Anonymous window via the Debug menu in the Developer Console.
Paste the Anonymous Apex script in the Anonymous Apex Window.
Execute the Anonymous Apex Script by clicking on the Execute button.
Paste the Anonymous Apex Script into the Anonymous Apex Window – and click Execute.
Open the log file generated by the script – and filter on the debug results to view the output.
Open the generated log file – and enable the Debug filter to view the script output.
View the debug output and verify that the script created the permission-set group.
Verify from the script output that the permission set group was successfully created.
Once the Cuneiform for CRM: Administrators permission-set group is created, we'll associate the Cuneiform for CRM: Administrative User and Cuneiform for CRM: Connected App Assignment permission sets.
