The Security

permission set doesn’t handle included permission sets

For a while

now, it has been possible to nest/include/link to existing permission set from

other permission sets and thereby allowing for easier creation and maintenance of

permission sets.

For example,

you want to create a permission set that includes D365 Basic and D365 Purch

Edit and call it NewSet.

If I assign

the permission sets NewSet and Security to a user named UserX, I would expect

that UserX would get all the permissions of D365 Basic and D365 Purch Edit as

well as the right to assign these to other users – a right granted by having

the Security permission set.

That is however

not the case – if I try with UserX to assign either D365 Basic or D365 Purch

Edit to another user (UserY) I get an error. If I assign NewSet it works.

If I add D365

Basic and D365 Purch Edit directly to UserX’s list of permission sets, I can now

assign them to UserY.

So, the

conclusion is that the Security only looks at directly assigned permission sets

and not nested/included/linked, and that severely limits the usability of the

Security permission set. This more or less forces you to either hand out Super

permissions for more users or manually sit and assign all permission sets to

Security users, so they in turn can assign permission sets to others.

It's currently a limitation of the security permission set. You can only assign permission sets that are directly assigned to you. So this needs to be changed.