Scott Covert

New Permissions!

The Summer ‘24 release is right around the corner and with it will come a few new user permissions:

  • Freeze Users
  • Monitor Login History
  • Manage Dev Sandboxes
  • Custom Domain Management

These new permissions attest to Salesforce’s mission (spearheaded by Cheryl Feldman) to provide more granular control to admins over their org. Previously, allowing users to engage in any one of these tasks required granting them elevated permissions that provided more access than they really needed.

Let’s review what is granted by each of these new permissions.

Freeze Users

Sometimes you need to quickly revoke a user’s acess to Salesforce, such as with staff departures, but you’re unsure of the consequences. Their user record could be tied to different business processes and flows that will take some time to investigate and untangle. It’s safer to freeze their user rather than flat out deactivate it.

Freezing will prevent the user(s) from being able to log in while you update your org accordingly. Previously, the “Manage Users” permission was required in order to freeze users, but this comes with lots of other controls granted. Thus the ability to freeze users has now been spun off into its own independent user permission.

Monitor Login History

This permission is pretty self-explanatory. Monitoring login history previously also required the “Manage Users” permission, but often times this information is requested by managers wanting to ensure their team is leveraging the platform. Now these managers can be given the ability to view login history without also granting them the power to create and deactivate other users in the org.

Manage Dev Sandboxes

With this new permission, developers can spin up their own Developer and Developer Pro sandboxes without needed Sys Admin permissions themselves. Given their limited availability, the permission does not grant the ability to create full copy or partial copy sandboxes. However, you likely don’t need to spin those up nearly as frequently as Developer and Developer Pro sandboxes.

Custom Domain Management

Previously requiring the “Customize Application” permission, users can now add, edit, and delete custom domains/URLs after being assigned this new permission. Serving Experience Cloud and Salesforce sites on a custom domain you own requires the ability to manage custom domains on the platform. Since “Customize Application” is a very powerful permission that should not be handed out lightly, making this its own user permission is a welcome change.

Also coming in Summer ‘24 is the general availability of User Access Policies, which will greatly improve user onboarding. We’re very excited about this as well as all the new permissions mentioned above!

Granted, we’re likely a little biased given how heavily we’ve been invested in Salesforce permissions while building out our Permissions Assistant application for admins :smile:.

What are you most excited about with the Summer ‘24 release? Let us know!