Site Users – Session Based Permission Sets


Business Need: Skeletonforce Corporation has been using a sites page to allow both Salesforce and non-Salesforce employees to submit REFERRALS to employees across various lines of business. All referrals have come from the site page. The business wants to reduce manual data entry and allow referrals to be generated from an Account Page.

Identified Issue: Unlike the Site Guest User, the line of business users are not assigned the various record types needed to generate referrals across the corporation. The businesses have also decided they do not want allow the risk of assigning their users access to the record types.

Solution: A session based permission sets can be assigned with the Referral flow to allow their permissions to be extended within the context of the flow session.

Create a permission set to give permission to the various objects, fields and record types need in the referral process. Make sure to indicate the permission set requires Session Activation.

SessionBasedPS

Remember – In order for the permission set to be assigned to a user in a flow session, the user must already be assigned to the permission set.

Flow Element: A flow elements is added to the flow to activate the permissions. Use the Developer Name in the Permission Set Name field. A similar Deactivate Permission set is need to turn off the permission set.

ActivateSessionBasedPS

Testing reveals the admin needs to account for the fact Site Guest Users Do Not Generate a Session Id. Instead, it will return NULL_SESSION_ID.

To account for this, a formula needs to used to determine if a session id is present or NULL_SESSION_ID. The session id is assigned to a variable. If a session id exists, then the flow was triggered by a user within the Salesforce instance.

A decision is used to either assign the new permission set to the user. If the variable equals NULL_SESSION_ID then this means the flow was triggered by the guest user. SessionPSFlow