Removing Custom Permissions from Profiles in Bulk

In support of migrating to Permission Sets, Salesforce Administrators are commonly asked to "remove Custom Permissions from Profiles" as an initial step. Luckily, with some SOQL and DML, we can achieve this en masse.

To fully grasp this operation, you'll need a fundamental understanding of the sObject in scope: SetupEntityAccess. This object manages access settings for non-object entities like Apex Classes, Custom Permissions, Flows, etc. within Permission Sets. Imagine it as an access key for granting or restricting users' ability to interact with specific setup components. Holistically, this allows granular control over sensitive configurations.

To isolate direct Profile assignments (of Custom Permissions), we need to query this object and isolate Parent.IsOwnedByProfile = true in the WHERE clause. Our example is leveraging the "Convert Leads" Custom Permission.

  • Open Developer Console or Salesforce Inspector reloaded (or your tool of choice)
  • Copy & paste the following SOQL query into the Query Editor; ensure that you replace "Convert_Leads" with your Custom Permission's Developer Name:

  • Delete the output rows