As a release manager handling Salesforce deployments for the past year, I’ve faced the unique challenge of managing profiles and permission sets. While using Visual Studio Code (VSCode) and GitLab has simplified some aspects of deployment, the manual management of profiles remains a persistent problem. This article explores the challenges of profile management in Salesforce connected to VSCode and introduces the tool I created—the Profile Generator—to help streamline the process.
The Challenge of Managing Profiles in Salesforce
Profiles and permission sets are crucial for managing access and permissions in Salesforce. However, when working in an environment connected to VSCode, retrieving and updating profiles is far from seamless. If any branch or feature requires profile changes, these have to be done manually—leading to unnecessary workload and potential errors.
Let’s consider the following common scenario: you create a new custom field on an object in your development Sandbox, and after setting permissions for the admin profile, you need to push this change to another environment.
How Do You Retrieve a Profile in VSCode?
To retrieve this profile change using VSCode, you would typically use the package.xml
manifest file. This file specifies which components (such as custom fields or profiles) should be retrieved or deployed. Here’s how it works:
- Add the new custom field and admin profile to the
package.xml
. - Run the Salesforce DX (
sfdx
) retrieve command:
- Old command:
sfdx force:source:retrieve --manifest package.xml
- New
sf
command:sf project retrieve start --manifest package.xml
However, you’ll notice that retrieving a profile in this way results in the profile missing 90% of its content. You can either add all metadata types to package.xml
(which forces a massive, unnecessary retrieval) or manually edit the XML file—both of which are time-consuming and error-prone.
For a long time, profile changes were handled as post-deployment actions, which led to frequent issues, such as forgotten field access and incorrect record type assignments.
Introducing the Profile Generator
To address these challenges, I developed the Profile Generator, a lightweight tool designed to fetch only the profile differences when retrieving profiles. Here’s how it works:
How the Profile Generator Works
- Suppose you’ve created a new field called
TestField
on theAccount
object and updated the admin profile with the appropriate field-level permissions. - Instead of manually retrieving the entire profile, the Profile Generator allows you to retrieve only the relevant changes, such as the new field’s read/write permissions.
- Simply edit the
package.xml
to include the custom field and the profile you want to update. Then, launch the Profile Generator via a pre-configured button in VSCode. - The tool retrieves and updates only the specified profiles—preserving other profile components untouched.
For example, if the business later decides to modify the admin profile’s permissions (e.g., switching TestField
to read-only), the Profile Generator would retrieve and update only the relevant line, leaving other profile permissions intact.
Benefits of the Profile Generator
- Selective Profile Updates: The tool retrieves and updates only the necessary modifications, preventing overwrites or loss of other elements in the profile.
- Time Efficiency: By automating profile retrieval and limiting changes to what’s necessary, the tool saves significant time compared to manual updates.
- Simplified Git Integration: The Profile Generator helps maintain clean and accurate profiles in Git, ensuring that only essential updates are committed to the repository.
Managing Permission Sets
As Salesforce increasingly emphasizes permission sets over profiles, the Profile Generator also supports this functionality. You can easily switch from profile management to permission set management by updating the ObjectType
in the configuration file to PermissionSet
.
This allows you to retrieve or deploy permission sets as efficiently as profiles, with all changes specified in the package.xml
file.
Current Limitations
While the Profile Generator simplifies adding and updating profiles, it cannot handle deletions or the suppression of access rights. For example, if you delete a field from the Developer Sandbox, the tool won’t automatically remove this field from the profile—you’ll have to do this manually.
Summary
The Profile Generator is a simple yet powerful tool that addresses the challenges of Salesforce profile management in an SFDX setup. It streamlines the process of retrieving and updating profiles, saving time for developers, admins, and release managers alike. Though it has limitations—such as the inability to manage deletions—it has already proven to be a valuable asset in my deployment process.
By integrating the Profile Generator into your Salesforce environment, you can avoid common pitfalls, improve deployment accuracy, and reduce the manual effort involved in managing profiles and permission sets.