Custom permission is one of the Salesforce features to grant user access to custom processes or apps.
Once a record is approved by an Approval Process, even system admin should not be able to edit that approved record. Only users who have been assigned to a custom Permission Set should be able to edit the approved record.
We can build a solution for the above requirement by using Apex code; however, if we use apex code, then we need to maintain the code and write test class for that functionality. So, better way to avoid the maintenance overhead is to use Salesforce configuration approach.
Salesforce provides a better solution to accomplish this with the help of custom permission. We will see the steps below:
Step 1: Create a custom permission named Program Supervisor or any.
Build -> Develop -> Custom permission
Step 2: Create a Permission Set called Program Supervisor. In that Permission Set, click Custom Permission under Apps section; then click the edit button to select the custom permission from Available Custom Permissions to Enabled Custom permission and finally click the Save button.
We created an approval process to submit the record for approval and created a field update in final approval action. Once the record is approved, the field update action updates the approved date field. We can use approved date filed to identify whether the record is approved or not.
Write a validation rule by referring to the custom permission as below to check whether the current user has access to a specific Custom Permission or not; here, we used “$permission” to access the custom permission. When we assign the Program Supervisor Permission Set to a user, the user automatically gets permission to the Program Supervisor Custom Permission also.
AND(NOT($Permission.Program_Supervisor ),!ISBLANK( Approved_Date__c))
Therefore, Custom Permission is an effective way to avoid development and code maintenance overhead in Salesforce.