Salesforce recently announced that the Spring ’26 release will mark the end of life for permissions on profiles, while permission sets will become the sole way to manage user permissions. This update will affect both admins and developers.
Shifting towards Permission Sets for Managing Users
Salesforce has been promoting permission sets as the future of user management for the past three years. Soon, permissions on profiles will no longer be available and permission sets will be the only way to manage user permissions. An official announcement is expected in the coming weeks.
Profile Elements That Will Remain After EOL of Permissions
Profiles will still be available but without permissions. Login hours/IP ranges, record types, and apps will remain available on profiles, while page layout assignments will no longer be available.
Permission Set Exclusive Elements After EOL of Profile Permissions
After the EOL of permissions on profiles, the following will only be available on permission sets:
- User permissions
- Object permissions (Create, Read, Update, Delete [CRUD])
- Field-level security (FLS)
- Record types (not defaults)
- Apps (not defaults)
- Connected app access
- Apex classes
- Visualforce pages, and
- Custom permissions
Migrating User Profiles to Permission Sets and Groups
Salesforce has introduced a new feature called User Access Policies to help users migrate their profiles to permission sets and groups. This feature is currently in closed beta and will be released in Spring ’23.
New Features for User Access Management in Spring ’23
Salesforce is set to introduce a new feature in Summer ’23 that will allow users to set field-level security (FLS) on permission sets instead of profiles. This update will replace the current Field Creation Wizard that currently shows profiles instead of permissionsets.
Changes to Package/AppExchange Installs
Salesforce is working on a solution for this, which will likely include user access policies and some new features.
Spring ’23 Features to Manage User Access
Salesforce has made many enhancements to make it easier to manage user access with permission sets in Spring ’23. User Access Policies will remain in closed beta, with many improvements, including the ability to have 20 active user access policies. In addition, user access policies will be available via the Tooling API and the Metadata API and can be deployed with both first-generation and second-generation packaging.
The Delegated Admin feature is now available in the Tooling API, not just for querying but also for inserting and updating through tools like Developer Console and the Data Loader.