Generating Permission Set
Generate deployable Salesforce PermissionSet XML with object permissions, field-level security, tabs, and app access without hand-editing fragile metadata.
Install
npx skills add https://github.com/forcedotcom/sf-skills --skill generating-permission-setWhat is this skill?
- Scaffolds PermissionSet XML with fullName, label, and description following Salesforce naming conventions
- Configures objectPermissions CRUD, modifyAllRecords, viewAllRecords, and viewAllFields blocks
- Covers field-level security and related permission-set sections from the sf-skills workflow
- Aligned with Salesforce Metadata API v60.0+ compatibility stated in SKILL.md
- Use when creating, editing, or deploying permission sets and tab visibility
Adoption & trust: 742 installs on skills.sh; 513 GitHub stars; 3/3 security scanners passed (skills.sh audits).
Recommended Skills
Azure Deploymicrosoft/azure-skills
Azure Preparemicrosoft/azure-skills
Azure Storagemicrosoft/azure-skills
Azure Validatemicrosoft/azure-skills
Appinsights Instrumentationmicrosoft/azure-skills
Azure Resource Lookupmicrosoft/azure-skills
Journey fit
Primary fit
Permission sets are core Salesforce integration artifacts produced while wiring org access during product build. Fits integrations because the skill targets Metadata API permission-set XML that connects apps, objects, and fields in a live org.
Common Questions / FAQ
Is Generating Permission Set safe to install?
skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Generating Permission Set
## When to Use This Skill Use when generating or editing permission set metadata, or when granting object, field, user, and app permissions. ## Step 1: Define Core Properties Start by defining the required permission set properties: ```xml <PermissionSet xmlns="http://soap.sforce.com/2006/04/metadata"> <fullName>YourPermissionSetName</fullName> <label>Display Name for Administrators</label> <description>Clear description of purpose and intended audience</description> </PermissionSet> ``` **Naming conventions:** - Use descriptive API names (e.g., `Sales_Manager_Access`) ## Step 2: Configure Object Permissions Add CRUD permissions for standard and custom objects: ```xml <objectPermissions> <allowCreate>true</allowCreate> <allowRead>true</allowRead> <allowEdit>true</allowEdit> <allowDelete>false</allowDelete> <modifyAllRecords>false</modifyAllRecords> <viewAllRecords>false</viewAllRecords> <viewAllFields>false</viewAllFields> <object>Account</object> </objectPermissions> ``` ## Step 3: Set Field-Level Security Define field permissions for sensitive or custom fields: ```xml <fieldPermissions> <editable>true</editable> <readable>true</readable> <field>Account.SSN__c</field> </fieldPermissions> ``` **Important:** - Required fields must NEVER appear in list of field permissions. Granting field-level security on required fields is not allowed by the platform and will cause deployment failure. - Before adding any field, confirm from the object metadata that the field exists and is not required - A field is required when its metadata contains `<required>true</required>`: - Formula fields cannot be editable - Master-detail fields are required fields on the child (detail) object ```xml <fields> <fullName>FieldName__c</fullName> <required>true</required> </fields> ``` - Use format `ObjectName.FieldName` for field references - Set both readable and editable to true when the user needs edit access; editable implies readable - If all fields should be visible, can alternatively enable the "viewAllFields" object permission ## Step 4: Grant User Permissions Add system-level permissions for features and capabilities: ```xml <userPermissions> <enabled>true</enabled> <name>ApiEnabled</name> </userPermissions> <userPermissions> <enabled>true</enabled> <name>RunReports</name> </userPermissions> ``` **Common permissions:** - `ApiEnabled`: API access - `ViewSetup`: View Setup menu - `ManageUsers`: User management - `RunReports`: Report execution **Security review required for:** - `ViewAllData`: Read all records - `ModifyAllData`: Edit all records - `ManageUsers`: User administration ## Step 5: Configure App and Tab Visibility Make applications and tabs visible to users: ```xml <applicationVisibilities> <application>Sales_Console</application> <visible>true</visible> </applicationVisibilities> <tabSettings> <tab>CustomTab__c</tab> <visibility>Visible</visibility> </tabSettings> ``` **Application visibility options:** - <visible> can be true or false **Tab visibility options:** - `Visible`: The tab is available on the All Tabs page and appears in the visible tabs for its associated app. Can be customized. - `Available`: The tab is available on the All Tabs page. Individual users can customize their display to make the tab visible in any app - `None`: Not visible **CRITICAL - Tab Naming:** - Custom object tabs: MUST include the __c suffix (e.g., MyCustomObject__c) - Standard object tabs: Use the object n