For anyone else looking, there is a slightly simpler way with only one easy loop. 1. Get Records element to pull permission sets (same as Jack did) 2. Loop element to go through permission sets 3. For each Assignment element (inside loop): add the Id of the current perm set to a text variable collection "permSetIds" or something like that 4. Get Records element: Get user's existing permission set assignments. Criteria: --- AsigneeId (Equals) $Record > User ID --- PermissionSetId (In) permSetIds 5. Delete Records element: delete record collection from step 4 (same as Jack) I believe the "In" operator was added in a recent release, so it was not available when Jack created this video. I arrived here from that same reddit post, and I was stumped by the "permission is owned by profile" error. It also explains why in my tests I saw two permission set assignments when I was expecting one. Thank you Jack for the video, I found it very helpful and was able to move past the issue now. 👍
For those who need to remove both permission sets and permission set groups these steps from @migalexdiaz are working fine! The step number 4 will fetch everything (Permission Sets & Permission Set Groups) and remove all records assigned.
Hey, thanks for this, it was a huge help! Quick Note, this flow breaks if the user doesn't have any permission sets assigned to begin with. I needed to add an additional decision before deleting the collection variable for if the collection was null or not.
@@jackgimbert6071 I ran into governor limits. I have user with more than 35 permission set assignment and when the flow runs for this I received error "number of iterations exceeded". Is there any other work around to this
@@sanketrahate2935 For the use case it was meant for they wanted to do it for one user, but I can bulkify this. I will post an updated package later tonight/this week when I get a chance.
@@jackgimbert6071 Actually it is also being used for single user but as our org has near about 60 70 permission sets and when the user has large number of permission set assignment. So the flow has limit of 2000 iteration and it counts every element in loop as single entry. The two loops causes to reach governor limits quickly. Is there any other way to achieve the same.
Hello! I was the person who asked this question. I’m following along but I’m stuck on one part. When you crest your assignment-what are you using as the “Value”? I made a collection variable and used the Operator “Add” but I’m not clear what you used for your Value.
I add the current item from the second loop, if you download the package you can see what I did exactly. When you use a loop it creates a variable you can access called "Current Item from x Loop" or something like that, if the current item matches then we wanna add it to the collection variable. Hopefully that makes sense, if not lmk. Happy to explain it further.
This was great and wonderfully helpful. Thank you Jack! One question for you, I see you have a collection variable labelled permsetassignments. I was able to follow along, but I don't see any mention to this variable in the flow, I downloaded the flow and also don't see it being referenced by any of the elements? Am I crazy? I just wanted to make sure I didn't miss something. Thank you!
Two more question for you as well Jack, why in the Get Permission Set element are we setting the IsOwnedByProfile to False? Just trying to understand the significance of this criteria. Second question here, it looks like (and maybe this is just my org) for users that have over 5 permission set licenses, we run into an error when removing the active checkmark "Unable to Access Page - The value of a parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information." Any idea of a possible way to avoid this limit? Cheers!
Hey Joel, I just went back over what I built, I think I may have originally meant to use that collection variable, but the name was not specific enough so I made another called matchingpermissionsetassignments.
I check IsOwnedByProfile to weed out some profile permission sets that you cannot delete from a user due to them being associated with a profile. We can't see them from the user detail page, but they're there if you query the permission set assignments associated with that user. For your second question, I'd have to know more about your org. A quick google search indicated this may have to do with permission set licenses associated with an installed package that is expired? I'll do some research and get back to you. I'm glad this was helpful :) Cheers!
@@joelmatzdorf4151 I did some more research and the error could be coming from a lot of places it seems. If you could provide debug logs when the error occurs, I can probably sniff out what's going on. Also, I'd check if you have any other automations setup that may be getting triggered when you run this flow as it seems this could be a cause.
Hey Alexandra! This was designed for a specific use case, but based on what I've read online the change would be quite small. Both permission sets & permission set groups are related to a user via a junction object called 'PermissionSetAssignment'. An easy way of replicating this would be to query the permissionsetgroup object where the records are related to the current user, then put that collection into a delete records element. If I have time this week I will upload an example of that, that removes permissionsetgroups and permissionsets. Additionally, the new 'filter' component was not available when I made this video, you could get rid of the nested for loops by using that probably.
Thank you so much for the video! I'm running into the error "Number of iterations exceeded" when a user has a few permission set assignments. Any idea how to bypass this?
@@jackgimbert6071 Unable to Access Page The value of a parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information.
Delete PermissionSetAssignment records whose IDs are stored in {!Matchingpermissionsetassignments}. Variable Values None. Result Info Failed to delete records whose IDs are in {!Matchingpermissionsetassignments}.
For anyone else looking, there is a slightly simpler way with only one easy loop.
1. Get Records element to pull permission sets (same as Jack did)
2. Loop element to go through permission sets
3. For each Assignment element (inside loop): add the Id of the current perm set to a text variable collection "permSetIds" or something like that
4. Get Records element: Get user's existing permission set assignments. Criteria:
--- AsigneeId (Equals) $Record > User ID
--- PermissionSetId (In) permSetIds
5. Delete Records element: delete record collection from step 4 (same as Jack)
I believe the "In" operator was added in a recent release, so it was not available when Jack created this video. I arrived here from that same reddit post, and I was stumped by the "permission is owned by profile" error. It also explains why in my tests I saw two permission set assignments when I was expecting one. Thank you Jack for the video, I found it very helpful and was able to move past the issue now. 👍
For those who need to remove both permission sets and permission set groups these steps from @migalexdiaz are working fine! The step number 4 will fetch everything (Permission Sets & Permission Set Groups) and remove all records assigned.
Hey, thanks for this, it was a huge help! Quick Note, this flow breaks if the user doesn't have any permission sets assigned to begin with. I needed to add an additional decision before deleting the collection variable for if the collection was null or not.
Thank you for this! I came from reddit! :)
Hope it helped!
Awesome work Jack 😁👍
Thanks 👍
Thankyou jack it was very helpful for me
so touching for an excellent video
Thanks man, this was a great help🙌🙌🙌
Happy to help!
@@jackgimbert6071 I ran into governor limits. I have user with more than 35 permission set assignment and when the flow runs for this I received error "number of iterations exceeded".
Is there any other work around to this
@@sanketrahate2935 For the use case it was meant for they wanted to do it for one user, but I can bulkify this. I will post an updated package later tonight/this week when I get a chance.
@@jackgimbert6071 Ok thanks, untill then I will try to find some solution from my end.
@@jackgimbert6071 Actually it is also being used for single user but as our org has near about 60 70 permission sets and when the user has large number of permission set assignment.
So the flow has limit of 2000 iteration and it counts every element in loop as single entry.
The two loops causes to reach governor limits quickly.
Is there any other way to achieve the same.
Hello! I was the person who asked this question. I’m following along but I’m stuck on one part. When you crest your assignment-what are you using as the “Value”? I made a collection variable and used the Operator “Add” but I’m not clear what you used for your Value.
I add the current item from the second loop, if you download the package you can see what I did exactly.
When you use a loop it creates a variable you can access called "Current Item from x Loop" or something like that, if the current item matches then we wanna add it to the collection variable.
Hopefully that makes sense, if not lmk. Happy to explain it further.
This was great and wonderfully helpful. Thank you Jack! One question for you, I see you have a collection variable labelled permsetassignments.
I was able to follow along, but I don't see any mention to this variable in the flow, I downloaded the flow and also don't see it being referenced by any of the elements? Am I crazy? I just wanted to make sure I didn't miss something. Thank you!
Two more question for you as well Jack, why in the Get Permission Set element are we setting the IsOwnedByProfile to False? Just trying to understand the significance of this criteria.
Second question here, it looks like (and maybe this is just my org) for users that have over 5 permission set licenses, we run into an error when removing the active checkmark "Unable to Access Page - The value of a parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information."
Any idea of a possible way to avoid this limit? Cheers!
Hey Joel,
I just went back over what I built, I think I may have originally meant to use that collection variable, but the name was not specific enough so I made another called matchingpermissionsetassignments.
I check IsOwnedByProfile to weed out some profile permission sets that you cannot delete from a user due to them being associated with a profile. We can't see them from the user detail page, but they're there if you query the permission set assignments associated with that user.
For your second question, I'd have to know more about your org. A quick google search indicated this may have to do with permission set licenses associated with an installed package that is expired? I'll do some research and get back to you.
I'm glad this was helpful :) Cheers!
@@joelmatzdorf4151 I did some more research and the error could be coming from a lot of places it seems. If you could provide debug logs when the error occurs, I can probably sniff out what's going on. Also, I'd check if you have any other automations setup that may be getting triggered when you run this flow as it seems this could be a cause.
Hi Jack
Thanks for your video! Its really helping me.
I am nee to SFDC flows.
Can you mention what Variables you have created for this flow?
Loop within a loop? Thought that was not a good idea
Hi Jack, how to check null pointer in this flow?
Thanks Jack for this video! What if you are doing permission set group?
Hey Alexandra! This was designed for a specific use case, but based on what I've read online the change would be quite small. Both permission sets & permission set groups are related to a user via a junction object called 'PermissionSetAssignment'.
An easy way of replicating this would be to query the permissionsetgroup object where the records are related to the current user, then put that collection into a delete records element. If I have time this week I will upload an example of that, that removes permissionsetgroups and permissionsets.
Additionally, the new 'filter' component was not available when I made this video, you could get rid of the nested for loops by using that probably.
Thank you so much!!!
Thank you so much for the video! I'm running into the error "Number of iterations exceeded" when a user has a few permission set assignments. Any idea how to bypass this?
I followed your guide and installed the package but it didn't work in both. 😞 Value exceeds parameter length and no records match delete criteria.
Can you share the full error ?
@@jackgimbert6071 Unable to Access Page
The value of a parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information.
Delete PermissionSetAssignment records whose IDs are stored in {!Matchingpermissionsetassignments}.
Variable Values
None.
Result
Info
Failed to delete records whose IDs are in {!Matchingpermissionsetassignments}.