Permission Sets vs Profile

Brian Chan

Navigating the Shift from Profiles to Permission Sets: A Couple of Gems from Gearset

As Salesforce continues to evolve its security model, one of the most impactful shifts has been the move from profile-based access control to a more modular, scalable model centered around permission sets and permission set groups. This transition isn’t just a feature change—it’s a mindset change for Salesforce teams, especially for those managing enterprise-scale orgs or working in regulated industries.

While evaluating Gearset’s capabilities recently, I came across two standout resources that offer tremendous clarity and practical insight into this shift:

  1. 🎥 Gearset Webinar: Navigating the Shift from Profiles to Permission Sets
    This webinar is a goldmine for understanding why the move to permission sets is not only necessary but advantageous in terms of maintainability, auditability, and scalability. The presenters do a great job breaking down the transition strategy—whether you’re starting from scratch or retrofitting a legacy profile-heavy org.
  2. 🎬 YouTube Video: Profiles vs Permission Sets – Best Practices
    A concise and highly informative video that dives into common pitfalls when managing profiles, and how permission sets help you implement least privilege access and flexible role-based security models. It’s a great starting point for admins, architects, and security champions alike.

Key Takeaways from These Resources

  • Modular Security is the Future: Assigning access based on job function (via permission sets) is far more sustainable than bloated profiles.
  • Permission Set Groups FTW: Grouping sets allows for dynamic combinations that align better with real-world roles—especially when orgs change quickly.
  • Auditability Matters: Profiles often obscure who has access to what. Permission sets make access more transparent and traceable.
  • Start Now, Not Later: Even if you’re mid-project or still reliant on profiles, it’s worth incrementally moving to permission sets to simplify your future state.

If you’re in the process of modernizing your org’s security model or planning a Salesforce cleanup initiative, I highly recommend giving these a watch. They’re not just educational—they’re actionable.

Have you started your own shift from profiles to permission sets? What strategies or tools have helped you the most? Let’s continue the conversation in the comments 👇

Unknown's avatar

Published by Brian Chan

Leave a comment