Deploying a new permission set is straightforward using Gearset. Depending on whether you are deploying the permission set manually (using Compare and Deploy) or automatically (using Continuous integration) the user experience will be slightly different.
Deploying a new Permission Set manually
After creating a new permission set in your source org (for example your development sandbox) you will need to deploy it to your testing environment.
To do this navigate to the Compare and Deploy page in Gearset, and select your source and target orgs.
Choose a filter - if you don't already have a custom filter that you use for permission updates then you can use Gearsets' "Default profiles comparison" which includes everything you need for deploying permission sets and profiles.
Check that you have your source, target and filter selected. Click "Compare now".
In the comparison you will be able to easily filter for the new permission set you have created - look under "New items" and then filter for permission sets and user permissions for that new permission set.
If you have other new items you can filter for these as well using the same method - permissions do not have to be deployed separately to other metadata types.
Once you have found the components you would like to deploy to the target org select them and click "Next".
Problem Analysis will highlight and remove references in the permission set to components that either don't exist or are not enabled in the target environment.
After reviewing the suggested fixes and warnings you can proceed to the "pre-deployment summary" screen, where you will see a summary of what you are deploying.
This should be your new permission set, the user permissions for that new permission set, and any other components you're deploying at the same time.
While on this screen you can do a few things, like updating your deployment notes or the status of an associated Jira ticket.
When you're ready to validate your changes you can click the "Validate deployment" button.
After the validation has run you will see a list of the validated components on screen.
You can either immediately deploy this to your target org, or schedule the deployment for a later time or date.
Click "Deploy now" to deploy your changes.
Deploying permission sets automatically
If you have a Pipeline set up in Gearset you will be enjoying automatic validation, testing and deployments.
To have your permission sets deployed as part of your Pipeline you will need to make sure that they're included in your filters - when setting up your Pipeline you will be able to select them for inclusion in your CI jobs.
If you would like some help setting up your Pipeline or have questions about how else you can utilize automation in Gearset please get in touch with the team via the in-app chat.
How can I see what a permission set has access to?
Sometimes we want to see the impact of a permission set, before we get to the point of actually deploying it.
This is easy to do - navigate to your Monitoring jobs (if you don't yet have any jobs set up you can follow these instructions, having one Monitoring job for each org is a sensible policy to monitor and track changes).
Once there find the org with the permission set you want to check, and click "View history".
Once you can see the historical job runs, click "Explore permissions" which will open up the permission specific view.
Clicking into this will allow you to explore the permission sets in your org, and see what level of access they have to various components. This information can also be exported as a CSV file.
How to deploy permission set assignments
Permission set assignments are data rather than metadata, so if you’re deploying a new or updated permission set and have changed the assignments you will need to split this process into 2 steps.
First deploy your permission set, or permission set updates.
I have a new permission set in my source org, and have assigned it to my user.
I am deploying the new permission set to my target org.
Gearset problem analyzers make sure that the deployment will be successful.
After I have deployed the permission set, I start a data deployment to deploy the permission set assignments. By inputting the permission set ID Gearset can find the assignments associated with that specific permission set.
At the next stage we see the objects related to the permission set assignments.
Finally we run the data deployment, and confirm it’s success.
At the end of this process I have deployed my new permission set and the associated permission set assignments successfully to the target org.