Ensure that users have secure and appropriate levels of access to objects and fields. Assign the new Salesforce CPQ Admin User Access and Salesforce CPQ Partner User Access permission sets to your Salesforce CPQ admins and partner users. Review the new permissions added to the Salesforce CPQ Customer User Access permission set. Then use a CPQ package setting to test the permission sets before they’re enforced in Spring ’22.
Where: This change applies to Lightning Experience and Salesforce Classic in Salesforce CPQ.
When: Salesforce enforces this update in Spring ’22. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.
Why: A series of four Access permission sets and requirements contain data security–related permissions. In Summer ’21, we added the permission sets User Access and Customer User Access. In Winter ’22, we added permission requirements to the Customer User Access set, and we added two more sets, Partner User Access and Admin User Access. We also introduced the same data-security permissions to standard CPQ permission sets.
As permission requirements are added in future releases, two methods help ensure that your users never risk missing important data security updates.
- If you cloned or created custom permission sets for admins, users, partners, or customers, assign the appropriate Access set. We designed Access sets for assignment directly to your users, without cloning or editing.
- If you don’t clone or use custom permission sets, you can use the standard sets alone, without assigning Access sets,
For example, let’s say you assign a customized admin permission set to admins and the standard Customer User set to customers. In this case, assign the Admin User Access permission set to your admins. Your customers can continue using the Customer User set without changes.
For a complete list of new permissions in each Access permission set, review New and Changed Objects, Fields, and Permissions in Salesforce CPQ and Billing Winter ’22.
How: To review this update, from Setup, in the Quick Find box, enter Release Updates, and then select Release Updates.
Data restrictions for the Access permission sets are enforced in Salesforce CPQ Spring ’22. Until then, you have some options for testing them in your org. When the CPQ package setting Perform Enhanced Data Access Checks is active, Salesforce CPQ enforces data restrictions for the Access permission sets. When Perform Enhanced Data Checks is inactive, the Access permission set restrictions aren’t enforced.
To start testing, assign the Salesforce CPQ User Access set to your users. Then assign the Salesforce CPQ Customer User Access set to your customer users. Next, from Setup, in the Quick Find box, enter Installed Packages, and then click Installed Packages. Go to Salesforce CPQ and click Configure. In the Additional Settings tab, select Perform Enhanced Data Access Checks.
You can turn Perform Enhanced Data Access Checks on and off as needed before Spring ’22. In Spring ’22, we’ll remove the Perform Enhanced Data Access Checks setting and enforce data restrictions for the Access permission sets.
Assign New Access Permission Sets and Review New Permissions (Release Update) (salesforce.com)