Admin Guide
Users and Permissions
Profile, permission-set group, and role access model
Assignment Model
The repo uses Salesforce profiles plus functional permission-set groups. The README defines the baseline assignment pattern:
| User type | Baseline assignment |
|---|---|
| Internal staff | Sales User profile plus functional groups. |
| Managers | Sales User profile plus matching manager groups. |
| Administrators | System Administrator profile plus relevant admin groups. |
| 3PL integrations | API profile plus ThreePL_Integration. |
Permission-Set Groups
Functional groups in source include:
| Area | Groups |
|---|---|
| Sales | Sales_User_Group, Sales_Manager, Sales_Admin |
| Customer service | Customer_Service_User |
| Finance | Finance_User, Finance_Manager, Finance_Admin |
| Operations | Operations_User, Operations_Manager, Operations_Admin |
| Purchasing | Purchasing_User, Purchasing_Manager, Purchasing_Admin |
| Warehouse | Warehouse_User, Warehouse_Manager, Warehouse_Admin |
| Commissions | Commission_User, Commission_Manager_Group, Commission_Admin |
| 3PL | ThreePL_Operations, ThreePL_Integration, ThreePL_Runtime_Integration |
| Public payment sites | Payments_Public_Checkout_Site_Guest_Access, Payments_Webhook_Site_Guest_Access |
Admin Checks
Before adding a user to a group, confirm the job function and the least access that lets the user work. Do not use admin groups to fix normal sales or operations access issues.
Run local access checks before changing metadata:
npm run permissions:roles:report
npm run permissions:who-can -- --object Sales_Order__c --access read
npm run permissions:who-can -- --field Sales_Order__c.Status__c --access edit
npm run permissions:matrix:crud -- --scope groups --object Sales_Order__cProduction Drift
Use the org audit when validating a live QA or production org against source:
npm run permissions:org:audit -- --target-org vesperLast updated on