Created
August 16, 2022 15:48
-
-
Save jdschleicher/acaf9e07aa32546ec7296e78b26a5faf to your computer and use it in GitHub Desktop.
Remove List of Permission Sets and/or Permission Set Groups by Customer Persona and Replace with updated list of Customer Persona Permission Sets and/or Permission Set Groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // **** THIS SCRIPT WILL START OFF BY DELETING ALL ASSIGNMENTS OF THE BELOW PERMISSION SETS IN VARIABLE personaToPermissionSetsToRemove AGAINST THE TARGETED ORG *** | |
| // **** THIS SCRIPT IS INTENDED TO SWITCH OUT PERM SETS AND PERM SET GROUPS IN THE REMOVE MAP VARIABLE WITH THE PERM SETS AND PERM SET GROUPS IN THE REPLACE MAP VARIABLE**** | |
| // **** NOTE -- PERMISSION SETS AND PERMISSION SET GROUPS ARE INTERCHANGEABLE FOR PERMISSIOSETASSIGNMENTS | |
| // STEP #1 - Get all Permission Sets and Permission Set Group API Names that will be Removed AND Added from/to Users | |
| List<String> allPermissionSetAndPermissionSetGroupAPINames = new List<String> { | |
| 'Account_ReadOnly', | |
| 'Contact_ReadOnly', | |
| 'Opportunity_ReadOnly', | |
| 'Account_Write', | |
| 'Contact_Write', | |
| 'Opportunity_Write', | |
| 'CRM_Manager_PermSet_Group', | |
| 'CRM_Reviewer_PermSet_Group' | |
| }; | |
| /*** STEP #2 - Create Persona Keys that will be used in the Remove and Replace Maps and User Id capture to Add Perm Sets to | |
| For each Persona defined, | |
| 1. ) there needs to be a map key/value set added of Persona to Permission Sets and Permission Set Groups to REMOVED (personaToPermissionSetsToRemove) | |
| 2. ) there needs to be a map key/value set added of Persona to Permission Sets and Permission Set Groups to be ADDED ( personaToPermissionSetsToReplace ) | |
| 3. ) there needs to be a map key/value set added of Persona to an empty string list that will capture User Ids of all the users who had their Permission Sets removed based on Persona | |
| ***/ | |
| static final String crmManagerPersona = 'crmManagerPersona'; | |
| static final String crmReviewerPersona = 'crmReviewerPersona'; | |
| // STEP #3 - Create Map of Persona To Permission Sets that need to be removed from all Users in the Org | |
| static final Map<String, List<String>> personaToPermissionSetsToRemove = new Map<String, List<String>>{ | |
| crmManagerPersona => new List<String>{ | |
| 'Account_Write', | |
| 'Contact_Write', | |
| 'Opportunity_Write' | |
| }, | |
| crmReviewerPersona => new List<String>{ | |
| 'Account_ReadOnly', | |
| 'Contact_ReadOnly', | |
| 'Opportunity_ReadOnly' | |
| }, | |
| }; | |
| // STEP #4 - Create Map of Persona To Permission Sets that need to be added to the Users in the Org who had their Permission Sets replaced based on Persona | |
| static final Map<String, List<String>> personaToPermissionSetsToReplace = new Map<String, List<String>>{ | |
| crmManagerPersona => new List<String>{ | |
| 'CRM_Manager_PermSet_Group' | |
| }, | |
| crmReviewerPersona => new List<String>{ | |
| 'CRM_Reviewer_PermSet_Group' | |
| } | |
| }; | |
| // STEP #5 - Build Map of Persona Keys to a List of User Ids that will get populated during | |
| // the "Removal" method as each Permission Set Assignment will reveal an associated User Id we want to update with the map of Personas to Permission Sets we want to replace with | |
| Map<String, List<String>> personaToUserIdsToReplace = new Map<String, List<String>>{ | |
| crmManagerPersona => new List<String>(), | |
| crmReviewerPersona => new List<String>() | |
| }; | |
| List<PermissionSet> allPermSets = [ | |
| SELECT Label, | |
| Name, | |
| Id, | |
| (SELECT AssigneeId,Assignee.Name FROM Assignments) | |
| FROM PermissionSet WHERE Name in :allPermissionSetAndPermissionSetGroupAPINames | |
| ]; | |
| public Map<String, List<String>> deletePermissionSetsByPersonasAndCapturePersonaToUserIdsMap(List<PermissionSet> allPermSets, Map<String, List<String>> personaToPermissionSetsToRemove ) { | |
| List<PermissionSetAssignment> permissionSetAssignmentsToRemove = new List<PermissionSetAssignment>(); | |
| for (PermissionSet permSet : allPermSets) { | |
| for (PermissionSetAssignment assignment : permSet.Assignments) { | |
| permissionSetAssignmentsToRemove.add(assignment); | |
| for (String personaKey : personaToUserIdsToReplace.keySet()) { | |
| if (!personaToUserIdsToReplace.get(personaKey).contains(assignment.AssigneeId) | |
| && personaToPermissionSetsToRemove.get(personaKey).contains(permSet.Name)) { | |
| personaToUserIdsToReplace.get(personaKey).add(assignment.AssigneeId); | |
| } | |
| } | |
| } | |
| } | |
| System.debug('HERE IS NUMBER OF ASSIGNMENTS TO REMOVE : ' + permissionSetAssignmentsToRemove.size()); | |
| delete permissionSetAssignmentsToRemove; | |
| return personaToUserIdsToReplace; | |
| } | |
| public List<PermissionSetAssignment> getPermissionSetAssignmentsByPersonaAndPermissionSetGroups( | |
| Map<String, List<String>> personaToUserIdsToReplace, | |
| Map<String, List<String>> personaToPermissionSetsToReplace, | |
| PermissionSet permSet, | |
| String personaKey ) { | |
| List<PermissionSetAssignment> newPermissionSetAssignmentsToReplace = new List<PermissionSetAssignment>(); | |
| for (String userId : personaToUserIdsToReplace.get(personaKey)) { | |
| for (String personaBasedPermissionSetOrPermissionSetGroup : personaToPermissionSetsToReplace.get(personaKey)) { | |
| if (permSet.Name == personaBasedPermissionSetOrPermissionSetGroup) { | |
| PermissionSetAssignment permSetAssignment = new PermissionSetAssignment ( | |
| AssigneeId = userId, | |
| PermissionSetId = permSet.Id | |
| ); | |
| newPermissionSetAssignmentsToReplace.add(permSetAssignment); | |
| } | |
| } | |
| } | |
| return newPermissionSetAssignmentsToReplace; | |
| } | |
| public void addPermissionSetsByPersonas(List<PermissionSet> allPermSets, | |
| Map<String, List<String>> personaToPermissionSetsToReplace, | |
| Map<String, List<String>> personaToUserIdsToReplace) { | |
| List<PermissionSetAssignment> newPermissionSetAssignmentsToReplace = new List<PermissionSetAssignment>(); | |
| for (PermissionSet permSet : allPermSets) { | |
| for (String personaKey : personaToUserIdsToReplace.keySet()) { | |
| List<PermissionSetAssignment> newPersonaBasedPermissionSetAssignments = getPermissionSetAssignmentsByPersonaAndPermissionSetGroups( | |
| personaToUserIdsToReplace, | |
| personaToPermissionSetsToReplace, | |
| permSet, | |
| personaKey | |
| ); | |
| newPermissionSetAssignmentsToReplace.addAll(newPersonaBasedPermissionSetAssignments); | |
| } | |
| } | |
| insert newPermissionSetAssignmentsToReplace; | |
| } | |
| personaToUserIdsToReplace = deletePermissionSetsByPersonasAndCapturePersonaToUserIdsMap(allPermSets, personaToPermissionSetsToRemove); | |
| addPermissionSetsByPersonas(allPermSets, personaToPermissionSetsToReplace, personaToUserIdsToReplace); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment