Q: “How can I see all Permission Sets assigned to a user, regardless whether they’re assigned directly to the Permission Set or via a Permission Set Group?”

A: It’s weird how tough this is.

• I recommend voting for this IdeaExchange Idea, which asks for this:

. . . there’s some ability to do this with Salesforce’s newish “View Summary” button, but it’s not the same (here’s my rant, if you’re interested).

• I’ve been noodling with SOQL, and come up with this:

SELECT Label, Type,
      (SELECT PermissionSet.Label, Assignee.Name
       FROM PermissionSet.Assignments 
       WHERE Assignee.Name = 'USERNAME'),
      (SELECT PermissionSetGroup.MasterLabel, PermissionSet.Label
       FROM PermissionSet.PermissionSetGroupComponents
       WHERE PermissionSetGroupId IN 
            (SELECT PermissionSetGroupId 
             FROM PermissionSetAssignment
             WHERE Assignee.Name = 'USERNAME'))
FROM PermissionSet
WHERE Type = 'Regular'

. . . which returns goodish output in Workbench (albeit with empty rows), but looks ugly in Salesforce Inspector Reloaded or Developer Console:

• Reporting doesn’t cut it, either. I think the proper answer is gonna be Flow or Apex code. Reply to this post if you know a solution that 100% solves this need!

Do you see a difference between the two words below?

If not, I’m kind of jealous.

If so, then you might be a kerning nerd, and I’ve got two things to lighten your burden:

1. Canva has an option for activating and deactivating kerning in slides.
   • Choose your text, click “Advanced Settings” (that’s the button with the letter T and a double-headed arrow on it), then click the button labelled “More Settings”:
     
2. This XKCD cartoon feels your pain!

ps ooh, the example in the Wikipedia article’s mighty sharp. yikes

Q: I’ve got a group of people who need to settle up individual expenses to be shared equally. How can I easily determine who owes what?

A: Save a copy of the “Settle Up!” spreadsheet and give it a try.

1. Give it the list of names of people in a group,
   
2. the expenses they incurred, and
   
3. BOOM! Bob’s your uncle, the spreadsheet will tell you who owes what to whom.
   

Q: “How can I go straight to a URL for a new Jira ticket?”

A: I go straight to a “Create issue” page, without having to click a “Create” button, by navigating to this URL:

https://[JiraDomain]/secure/CreateIssueDetails!init.jspa?pid=[ProjectID]&issuetype=[IssueTypeID]

. . . where

• your [JiraDomain] is probably like xyzcompany.atlassian.net
• [ProjectID] is a numeric code (in my case, 5 digits), and
• [IssueTypeID] is another numeric code (another 5 digits in my case, YMMV).

Q: “Okay, how do I get ProjectID and IssueTypeID?“

A: To determine the five-digit codes for my [ProjectID] and [IssueTypeID], I navigated to

https://[JiraDomain]/rest/api/latest/project/[ProjectKey]

. . . where your [JiraDomain] is probably like xyzcompany.atlassian.net and [ProjectKey] is the letter prefix for your project (my current one is SSJ).

I then sorted through its JSON output to find the bits that looked like this:

"id": "12345",
"key": "SSJ", 

and this:

"id": "98765",
"description": "Stories track...",
"iconUrl": "https://xyzcompany.atlassian.net/...?size=medium",
"name": "Story",

which would make for a URL like

https://xyzcompany.atlassian.net/secure/CreateIssueDetails!init.jspa?pid=12345&issuetype=98765

Q: “What’s wrong with Date fields?”

A: Imprecision! If I set a Date field to January 1st, I’m assigning my coworkers unintended homework: start of day? end of day? and is that January 1st for me, or them?

Without a timestamp, a single date can span a 5-day (or 120-hour) stretch of time (!):

• “Jan 1st” can go as far back as “Dec 30th”: 2025-01-01 at 00:00 in Kiribati corresponds to 2024-12-30 at 23:00 on Midway
• “Jan 1st” can go as far forward as “Jan 3rd”: 2025-01-01 at 23:59 on Midway corresponds to 2025-01-03 at 00:59 in Kiribati

( . . . ok, I don’t know how many folks have coworkers in Midway or Kiribati. But I definitely have coworkers across the globe.)

I bet you good money the folks at Salesforce wish they’d implemented “Close Date” as “Close Date/Time” 😝

props to the Time Zone Map

Q: Where can I find resources from the “Diving Deep into Profiles and Permissions” presentation at the 2025 Texas Dreamin’ user conference?

A: Here are resources from my May 30, 2025 Texas Dreamin’ presentation, “Diving Deep into Profiles and Permissions”:

• Canva slide presentation
• MP4 video recording
• Plaintext transcript

First, I recommend the following (free!) Salesforce tools:

• Salesforce Inspector Reloaded – the Swiss Army Knife of admin utilities
• Visual Studio Code – terrifically powerful and extensible text editor
• ChatGPT – your tireless, infinitely powerful (but literal) junior administrator
• Workbench – your no-code deployment buddy

Use these to migrate your org from a Profile-led model to a Permission-Set-led model.

Salesforce MVP Louise Lockie created terrific resources explaining why and how to migrate.

In my presentation, I walked through the practical steps of migrating a clean Developer Edition org’s three Custom Profiles to Permission Sets:

1. download your Profile XMLs
   • using Salesforce Inspector Reloaded’s “Download Metadata” command,
   • remembering to retrieve Profiles AND Objects;
2. create upload-ready zip files¹ for the Salesforce Metadata API; and finally
3. deploy those zip files
   • in Workbench,
   • using its Migration | Deploy command.

In the “Bonus Round!” section of the preso, I showed how Permission Sets’ field settings can be queried using SOQL, like this:

  SELECT Parent.Name, Field, 
         PermissionsEdit, 
         PermissionsRead 
    FROM FieldPermissions
ORDER BY Parent.Name, Field

and how a Permission Set can be created by adding rows to the PermissionSet and FieldPermissions tables.²

Rights to all code in this post are subject to The MIT License.³

1. Expanding on step 2: I created ChatGPT scripts to
   
   create a “Common Permissions” Permission Set for privileges that all three Profiles have in common. (You’ll need to attach the Profiles’ XMLs to your request.)
   
   Create a Salesforce Metadata API-deployable zip file that contains a Permission Set named "Common Permissions".
• The Permission Set should be pretty-formatted and have the Field Permissions, Object Permissions, and User Permissions that are common to all Profiles attached to this request. The Profiles' filenames contain special characters that might cause a file access issue. The XML parser should account for the fact that all entries are found within the namespace "http://soap.sforce.com/2006/04/metadata".
• It should have a tag named "license" with the value "Salesforce".
• It should have a tag named "label" with the value "Common Permissions".
• It should exclude any tags that cannot be specified in a Permission Set.
• The "Common Permissions" Permission Set should be in a folder named "permissionsets" inside the zip file.
• The zip file should also include a package.xml file.
   
   create Permission Sets for privileges that are distinct to some (ie, one or more) of the Profiles, but not all. (You’ll need to attach the Profiles’ XMLs to your request.)
   
   Compare the attached Salesforce Profile XMLs.
• Note that the filenames contain special characters that might cause a file access issue.
• The XML parser should account for the fact that all entries are found within the namespace "http://soap.sforce.com/2006/04/metadata".

For each Salesforce object, compare (1) the Object Permissions, and (2) the associated Field Permissions for that object, across all Profiles.

For each Salesforce object where there are differences, create pretty-formatted Permission Sets that contain each permutation of Object Permissions and Field Permissions that differ. Each Permission Set should be named "[Object] Permissions [Create], [Delete], [Edit], [Read], [Modify All], [View All] V[X], E[Y]", where 1) "[Object]" is the name of the Salesforce object; 2) each of the values "[Create]", "[Delete]", "[Edit]", "[Read]", "[Modify All]", and "[View All]" is shown if that particular value is set to True for that particular Permission Set; and 3) "[X]" is the number of fields that are readable in that Permission Set, and "[Y]" is the number of fields that are editable in that Permission Set.

Create a Salesforce Metadata API-deployable zip file that contains all the Permission Sets.
• Each Permission Set in the zip file should be pretty-formatted and have the Field Permissions and Object Permissions for a single object.
• Each Permission Set should have a tag named "license" with the value "Salesforce".
• Each Permission Set should have a tag named "label" with the value equal to the Permission Set's name.
• Each Permission Set file should have a Salesforce Metadata API-friendly version of the name (where characters have been replaced by escape values where needed).
• The Permission Sets should be in a folder named "permissionsets" inside the zip file.
• The zip file should also include a package.xml file.
   
   reassign Users to the Minimal Profile, and assign them to the correct Permission Sets. (You’ll need to edit the text to reflect the UI labels of your Profiles and Permission Sets. Once updated, this script should be run from Developer Console’s Execute Anonymous window.)
   
   write Apex code that can run from Salesforce's Execute Anonymous window.

it should
1) assign all active users to the Profile named "Minimum Access - Salesforce",
2) assign them to the Permission Set "Common Permissions", and
3) also assign them to the appropriate Permission Sets created above (their labels are "Case Permissions Create, Delete, Edit, Read V20, E13", "Case Permissions Create, Edit, Read V19, E12", "Lead Permissions Create, Delete, Edit, Read V18, E15", "Lead Permissions Create, Delete, Edit, Read V20, E17", "Lead Permissions Create, Delete, Edit, Read V22, E19", "Opportunity Permissions Create, Delete, Edit, Read V13, E13", "Opportunity Permissions Create, Delete, Edit, Read V16, E16", "Solution Permissions Create, Delete, Edit, Read V3, E3", and "Solution Permissions Create, Read V3, E3") that replicate the Permissions they had when they were assigned to the Profiles "Custom: Marketing Profile", "Custom: Sales Profile", or "Custom: Support Profile". ↩︎
2. Here’s the ChatGPT prompt which generates the Apex code to create the “Opportunity – Read/Write All Fields” Permission Set. (Before you run the Apex code, you need to create a Remote Site Setting in Salesforce for your base URL, something like https://[name]-dev-ed.develop.my.salesforce.com for a Developer Edition, or https://[name].my.salesforce.com/ for a Production org.)
   write Apex code that I can run from the "Execute Anonymous" window in Salesforce's Developer Console that queries the EntityParticle table via Tooling API v63.0 to determine all Opportunity fields whose "IsPermissionable" attribute is True. Use getOrgDomainUrl() instead of getSalesforceBaseUrl() to get my org's base URL. I've already created a Remote Site Setting that references the base URL of my Salesforce org.

create a Permission Set named "Opportunity - Read/Write All Fields" (by inserting a new record in the PermissionSet table) that grants
1) Read and Edit access to Opportunity (by inserting a record in the ObjectPermissions table),
2) read/write access to the subset of those "IsPermissionable = True" fields where the "IsUpdatable" attribute is True (by inserting records in the FieldPermissions table), and
3) read access to the subset of the "IsPermissionable = True" fields where only the "IsUpdatable" attribute is False (by inserting records in the FieldPermissions table). ↩︎
3. Copyright © 2025 Ezra Kenigsberg
   
   Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
   The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
   
   THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ↩︎

Q: “How can I get information about me off the internet?”

A: Leverage Google’s Results About You tool.

Alas, ya gotta sign in to Google to use it. But WSJ’s Nicole Nguyen recommends it as a good way to request data removal.

1. Go to myactivity.google.com,
2. click the “Other activity” link in the leftnav, and then
3. click the “Manage results about you” link and follow the prompts.

All chapters of “Divorce Google”:

• Part 1 (stop using Chrome)
• Part 2 (hide from YouTube’s algorithm)
• Part 3 (remove yourself from Google search results)

Q: “When did Salesforce release [Feature X]?”

A: Gosh, if only the Release Notes were all collected in one place.

or, if you’d like them individually:

. . . now to run these suckers through ChatGPT and create something nerdily interesting!

I’m thinking

• a timeline of major features (eg, Permission Sets went GA in Winter ’12) or
• analyzing features by area
• studying trends in word choice