Are there any books, tutorials or whitepapers out there that recommend a strategy how to cope with the complexity of profiles and permissions in big Salesforce orgs?
You find fragments of that in blogs and help articles but I am looking for a complete view of this topic including:
- How to migrate from profiles to permission (sets)
- How to govern the quality of single perm sets, so they don’t overlap too much.
- Which tools support managing permissions
This is a pretty broad question. Keep in mind that sharing and visibility now has an architect level certification all to itself. I don’t think any single post here can encapsulate all that you need to know to manage it effectively. But to start off with what salesforce recommends, check out Trailhead’s official “Architect Journey: Sharing and Visibility” cert guides here. You can check out the “Sharing and Visibility” section.” These were resources hand picked by current Technical Architects.
I’d also check out Dreamforce Video – so many profiles so little time
Some other discussions on Best Practices
Salesforce Blog Where Permission Sets shine
Getting into actual tools to help you out, for comparing you have several good options, including:
- Force.com Migration Tool
- Eclipse IDE (or some other Salesforce IDE) and any diff tool
- This Heroku app
- This Chrome Extension
For managing permissions, the main tool I know of is
The Permissioner, or list views of profiles.