You know that moment when everyone joins the Salesforce kickoff—half the team’s unclear on what...
Salesforce Permission Sets vs. Profiles: Why It’s Time to Make the Shift
Let’s talk about the great identity crisis in Salesforce: Salesforce profiles versus permission sets.
Not too long ago, Salesforce sent admins into a mild panic: profiles (your Salesforce user profile, also known as the starter pack of access rights) and their trusty sidekick, Salesforce permission sets, were set to lose most of their power by Spring ’26. Coffee was spilled. Slack channels lit up.
But plot twist—Salesforce pressed pause. Profiles aren’t being gutted in the Winter ’26 Release after all.
Before you sigh in relief and go back to ignoring those dusty old Salesforce roles and profiles, here’s the thing: Salesforce’s long-term vision is crystal clear. The cool new stuff—automation, smarter controls, and tools that actually make admins’ lives easier—is all happening in the permission set ecosystem. We made a similar point when discussing why DevOps and CI/CD are game changers for Salesforce as well.
So yes, while profiles are still standing, the innovation train has officially left the station. That means it’s a good time to unpack what’s really happening.
Salesforce User Profile Changes: What Actually Changed (and What Didn’t)
Salesforce originally announced that most permissions would move out of profiles by Spring ’26. Now? They’ve hit pause on enforcing that deadline. The message: “We’re not ready to pull the plug until the admin experience is smoother.”
Here’s the nuance:
- Profiles aren’t going away entirely. They’ll continue to handle certain essentials, such as login hours, IP restrictions, default apps, and default record types. (That makes them more of a configuration tool, and if you’ve read our take on configuration vs. customization in Salesforce, you know why that matters.)
- Permission-related innovation has shifted. New features are being designed for Salesforce Permission Sets and Permission Set Groups, not profiles.
So, profiles will hang around for basics, but don’t expect any shiny new features.
Why Transition to Salesforce Permission Sets Now (Instead of Waiting)?
You could wait until Salesforce forces your hand, but why? Moving toward permission sets in Salesforce now gives you:- Scalability: Modular permission sets are easier to manage across large or rapidly growing orgs.
- Compliance: Audits become less intimidating when access is organized in a clear and structured manner.
- Future-proofing: Features like User Access Policies (already rolling out) anticipate a permission–set–driven world.
And let’s be honest—untangling years of messy Salesforce roles and profiles at the eleventh hour? That’s admin nightmare fuel. It’s also exactly the kind of thing a Salesforce Org Health Check would uncover before it becomes a crisis.
Ready to take the next step and evaluate your Salesforce health?
3 Salesforce Tools for Smarter Access
Here are three areas where Salesforce is putting its energy—and what you should get familiar with:
- Permission set groups
- User Access & Permissions Assistant
- User access policies
1. Permission Set Groups
Bundle permission sets into neat packages (say, “everything a Sales rep needs”) and assign in one go. Goodbye click-fest, hello cleaner Salesforce org.
2. User Access & Permissions Assistant (UAPA)
UAPA is a free Salesforce app that helps you actually see who has what access, catch over-permissioned users, and test changes before going live. Think of it as your visibility sidekick.
3. User Access Policies
Automate permission assignments based on attributes like department, role, or region. This is rolling out more broadly now (beyond beta), though availability may depend on your org. Translation: let Salesforce do the heavy lifting while you sip your latte.
It’s the same automation-first mindset we covered in a previous blog post, all about using AI to help scope your Salesforce project.
5 Steps to Migrate from Salesforce Profiles and Roles (Without Losing Your Mind)
You don’t need to Marie Kondo every Salesforce user profile overnight. Instead, take advantage of this breathing room:
1. Take Stock |
Audit your permissions with UAPA or Strongpoint. Expect to find zombie profiles, outdated Salesforce Roles, and mystery access nobody remembers creating. |
2. Group & Simplify |
Align Salesforce Permission Sets and groups with job functions. Keep it clean, logical, and reusable. |
3. Reframe the Strategy |
Ditch “profile plus patches.” Think modular: What does this user actually need to do their job? (If you’ve read our guide about when and where to customize in Salesforce, you’ll see the parallels here.) |
4. Level Up the Team |
Give your admins time to learn the new tools. Trailhead has great content on permission sets, groups, and access policies. |
5. Prepare for Automation |
Start enriching user records with metadata, such as job title and department. These fields become the triggers for automated access policies down the road. |
The Bottom Line on Salesforce Roles, Profiles, and Permission Sets
Think of Salesforce profiles like that old flip phone you still keep in a drawer “just in case.” Sure, it technically works—you can make a call, maybe even play Snake—but nobody’s building new apps for it.
Meanwhile, over in the shiny new world of Salesforce permission sets and permission set groups, things are buzzing. Automation is smarter, access is cleaner, and admins finally have tools that don’t make you want to pull out your hair.
Profiles aren’t going “poof” tomorrow (they’ll still handle basics like login hours and defaults), but they’re also not the future. If you stick with profiles as your primary access strategy, you’ll be like the person still carrying that flip phone while everyone else is tapping away on smartphones.
Make the shift early, and you’re in control—no scrambling at the last minute, no messy audits, just stronger security and a lot fewer headaches. The writing’s on the wall: Salesforce is marching toward modular, automated, scalable access. The only question is—are you marching with it, or dragging your flip phone behind?
And if you’re still weighing the investment, here’s why working with a Salesforce Partner delivers real ROI.
Need Help Untangling Salesforce User Profiles and Roles? DSG Can Help
Overwhelmed by profiles, roles, and permission chaos? You don’t have to tackle it solo.
At DSG, we help Salesforce teams untangle access messes, tighten security, and design smarter permission strategies that actually scale. Whether you’re cleaning up old Salesforce user profiles, streamlining Salesforce roles, or rolling out automation like User Access Policies—we’ve got your back.
Want to future-proof your org? Let’s chat. A quick, no-pressure consultation could save you from a lot of permission-set-induced headaches.