Profiles Get a Second Life: Why the Permissions U-Turn Is Good News for Your Org

Salesforce cancelled the profile permission retirement. What changed, why it happened, and the permission set security model architects should still build.

Security · Permissions · Platform Strategy

Profiles Get a Second Life: Why the Permissions U-Turn Is Good News for Your Org

Salesforce has cancelled the retirement of permissions in profiles, a deadline that had been on the calendar since January 2023. Here is what actually changed, why the decision makes sense, and the permission set model your org should build anyway.

Reading time: ~9 minutes | Published: July 2026 | Published By: Sandip Patel, Salesforce Architect
DEADLINE 0 Hard dates left on the profile retirement
TIMELINE 3.5 yrs From first announcement to full cancellation
ADOPTION 20.5% Orgs fully on a permission set model
STILL TRUE No. 1 Least privilege remains the recommended model
TL;DR

Salesforce has cancelled the retirement of permissions in profiles, originally planned for Spring ’26, after customer feedback showed the ecosystem was not ready and a few feature gaps remained. Nothing about security best practice changed. Least privilege through permission sets and permission set groups is still the model to build. The difference is that you now migrate on your own schedule instead of against a countdown.

1
The Deadline That Quietly Disappeared
The retirement is cancelled, not postponed. Here is the story.

Somewhere in your backlog sits a ticket called “migrate profiles to permission sets.” It has been there since 2023. It has survived three reprioritization meetings, two admin handovers, and at least one consultant who swore it was urgent. As of last month, the deadline behind that ticket no longer exists.

In June 2026, Salesforce updated its official Knowledge article to say the retirement of permissions in profiles has been cancelled. Not delayed. Not deprioritized. Cancelled. The enforcement that was planned to begin with Spring ’26 is off the calendar entirely, based on customer feedback and remaining feature gaps.

To understand why this matters, it helps to see how long this deadline lived.

1
January 2023
The End-of-Life Announcement

Salesforce announces that permissions on profiles will retire, with Spring ’26 as the target. Three years feels like a generous runway, and the ecosystem starts planning.

2
2024
The Deadline Softens

Cheryl Feldman, Director of Product Management, announces that Salesforce will no longer enforce the Spring ’26 end-of-life date, while still recommending a permission set led security model.

3
June 2026
The Cancellation

Salesforce’s Knowledge article is updated: the retirement is cancelled based on customer feedback and remaining feature gaps. Profiles continue to support permissions.

4
July 2026
The Ecosystem Reacts

Salesforce Ben and community voices pick up the story. The consensus lands in an interesting place: the deadline is gone, but the migration is still worth doing.

This is, as far as I can tell, the first time Salesforce has fully cancelled a retirement of this scale rather than pushing the date. Retirements have slipped before. Salesforce for Outlook moved from 2024 to 2027. But a complete cancellation of a change that would have touched every single org is new territory, and it says something about how seriously Salesforce weighs customer readiness.

2
Why Salesforce Pulled the Plug
Customer feedback and honest feature gaps drove the call

The official reasoning comes down to two things: customers pushed back, and the tooling was not fully ready to support a clean migration at scale. Both are true, and both deserve a closer look.

ADOPTION
20.5%
Of orgs have fully transitioned to a permission set led model, per the SF Ben Admin Survey 2026
GAPS
3
Notable feature gaps remain: record type defaults, app defaults, and page layout assignment
IMPACT
100%
Of Salesforce orgs would have been affected by the retirement. Every single one.

Start with the adoption number. When roughly four out of five orgs have not completed the transition three and a half years after the announcement, forcing the change would have created real pain for real customers. That is not a hypothetical. That is production access breaking on a Tuesday.

Then there are the gaps. Record type defaults and app defaults never made a clean landing in permission sets. Page layout assignment still lives on the profile, and Salesforce has been clear that the future of layouts is Lightning App Builder and Dynamic Forms rather than porting the old assignment model over. Forcing a retirement while those pieces were unfinished would have pushed customers into workarounds nobody wanted.

Why This Is the Right Call

Walking away from a deadline the tooling cannot support is the responsible move. Salesforce listened to feedback, looked at actual adoption data, and chose customer stability over an arbitrary date. Meanwhile, investment continues where it counts: the improved user management experience in Setup, permission sets, permission set groups, and summary views. The direction did not change. The forcing function did.

I will admit the cancellation stings a little for those of us who ran client migrations against this timeline. But every one of those migrations left the org in a better place. Cleaner access, and audits you can actually run. None of that work is wasted, and I would make the same recommendation again today.

3
What Didn’t Change: Least Privilege Still Wins
Least privilege through permission sets is still the model

Here is the part that gets lost in the headlines. Salesforce cancelled the retirement. It did not cancel the recommendation. The official guidance is the same as it was last year: adopt a least privilege model using profiles for baseline settings and permission sets for access control.

If you are designing this from scratch, or untangling an org that grew organically since 2014, this is the layered model that works:

Profile
Baseline Only

Default assigned apps, page layout assignment, record type defaults, login hours, and IP ranges. One profile per user category, as few as you can manage. Many mature orgs get down to a single profile.

Permission Sets
Functional Blocks

Object access, field access, system permissions, and Apex class access, grouped by function. “Manage Quotes” or “Export Reports”, not “Everything the Sales Team Might Need Someday.”

Permission Set Groups
Job Roles

Bundles of permission sets that map to actual jobs. A Sales Manager group might contain six functional sets. Assign the group, not six individual sets.

Muting Permission Sets
The Subtraction Layer

Remove specific permissions from a group without rebuilding it. Useful when one region or one team needs almost everything the group grants, minus one sensitive item.

“Salesforce cancelled the deadline. It did not cancel the reason the deadline existed.”

Profiles are rigid. Every user gets exactly one, and stacking exceptions into profile clones is how orgs end up with 74 profiles and no idea who can delete an Opportunity. Permission sets compose. That composability is why the recommendation stands regardless of any retirement date.

4
The Agentforce Angle Nobody Mentions
Agents are users too, and they need scoped access

There is a second reason the permission set model matters more in 2026 than it did in 2023, and it has nothing to do with retirement dates. Your org is about to have more non-human users than human ones.

Every Agentforce agent runs as a user with an identity and a set of permissions. When an agent creates a case, updates an order, or queries customer data, your permission model is the thing standing between “helpful automation” and “an agent that can touch everything.” Agents do not squint at a warning and think twice. They act on whatever access they have, at machine speed.

🤖
One Agent, One Identity

Each agent should have its own user and its own permission set. Shared access between agents makes auditing agent actions nearly impossible.

🔒
Scoped, Not Broad

A service agent that handles order inquiries needs read access to Orders and write access to Cases. It does not need Modify All Data. Ever.

🔍
Auditable by Design

When each agent’s access lives in a named permission set, “what can this agent do” is a thirty second question instead of a forensic project.

Try building that on profiles. You would need a new profile per agent, each one carrying the full weight of layouts, defaults, and settings the agent will never use. Permission sets were built for exactly this shape of problem: granular, composable, assigned to a specific identity for a specific purpose. The agent era is quietly the strongest argument for the permission set model Salesforce has been recommending all along.

5
Your Migration Plan, Minus the Deadline Panic
Move on your schedule, not against a countdown

The cancellation hands you a gift most platform changes never do: time. Use it to do the migration properly instead of rushing it against a date. Here is the sequence I run with clients.

REVIEW RESTRUCTURE GOVERN
1
Map where your permissions actually live
Inventory every profile and permission set, and find out which grants are duplicated, orphaned, or mysterious. Most orgs discover profiles cloned years ago for one user who left in 2021.
Week 1-2
2
Measure the gap against least privilege
For each user category, compare what they can do against what they need to do. The delta is your risk surface. This exercise alone usually finds two or three permissions that should never have been granted.
Week 2-3
3
Build functional permission sets
Create sets around functions, not people. Then compose permission set groups per job role. Move access grants out of profiles as you go, leaving only baseline settings behind.
The core work
4
Collapse your profiles
As access moves into sets, profiles shrink to baseline shells. Consolidate aggressively. Teams that finish this report getting large orgs down to a handful of profiles, sometimes one.
Highest payoff
5
Set rules so drift cannot return
New access requests get a permission set, never a profile edit. Document the pattern, add it to your review checklist, and audit quarterly. Governance is what keeps the cleanup from being an annual event.
Ongoing

Not sure where your org stands today? One query tells you a lot about how much access still flows through profiles versus standalone sets:

SOQL// Assignments per permission set (profiles excluded)
SELECT PermissionSet.Name, COUNT(Id) assignments
FROM PermissionSetAssignment
WHERE PermissionSet.IsOwnedByProfile = false
GROUP BY PermissionSet.Name
ORDER BY COUNT(Id) DESC

If that list is short and your profile count is long, you know which direction the work runs.

Already permission set led
Nothing changes. You built it right.
Mid-migration when the news broke
Keep going. Just breathe easier.
Never started
Start with the review phase this quarter
6
Real Talk: What This Doesn’t Mean
The cancellation is not a free pass

A cancelled deadline is easy to misread. Before anyone closes that migration ticket as “won’t do,” a few clarifications are in order.

What the Cancellation Means
The genuinely good news
  • No forced migration date hanging over your roadmap
  • Profile based access keeps working, so nothing breaks
  • You control the pace and sequencing of the transition
  • Salesforce demonstrated it adjusts plans based on customer readiness
What It Does Not Mean
Read the fine print
  • Profiles are not getting new permission features or investment
  • Least privilege did not stop being the recommendation
  • Page layouts remain profile era; Dynamic Forms is the direction
  • Building new access logic on profiles today is still the wrong call

There is also a quieter lesson here about how the community responded. The admins and architects who finished their migrations are not complaining. On Salesforce Ben, one commenter described completing the move and running a sizable org on a single profile, calling the switch something teams should prioritize rather than postpone. The people who did the work got the benefit. The deadline was never the point.

Looking ahead, the question for your org is simple. Salesforce has removed the external pressure and left the internal one: would your access model pass a security review today? If an auditor asked who can export customer data, could you answer in minutes? If a new Agentforce agent went live tomorrow, would its access be scoped or inherited from something built in 2019?

The retirement is cancelled. The reasons for it are alive and well. The orgs that treat this as breathing room, rather than a reprieve, are the ones that will be glad they did.

7
Frequently Asked Questions
Migration timing, feature gaps, and first steps
Is the profile permissions retirement really cancelled, or just delayed again?
Cancelled. Salesforce’s official Knowledge article, updated in June 2026, states the enforcement has been cancelled based on customer feedback and remaining feature gaps. This is different from the 2024 update, which only removed the enforcement date. That said, Salesforce still recommends a permission set led security model, so the strategic direction is unchanged.
Should I stop my profile-to-permission-set migration?
No. Least privilege is still the recommended security model, and permission sets are still the best tool to get there. The cancellation removes the deadline pressure, not the value. Finish the migration on your own schedule, and use the extra time to do it cleanly instead of quickly.
What should stay on the profile in a permission set led model?
Baseline settings only: default assigned apps, page layout assignment, record type defaults, login hours, and IP ranges. All object, field, system, and Apex access should live in permission sets, composed into permission set groups per job role.
What is the difference between permission sets and permission set groups?
A permission set is a functional block of access, like “Manage Quotes.” A permission set group bundles several sets into a job role, like “Sales Manager,” and supports muting to subtract specific permissions without rebuilding the group. Assign groups to people, and keep the underlying sets small and single purpose.
Does this change anything for Agentforce agents?
It reinforces the existing guidance. Every agent runs as a user and should have its own identity with a dedicated, tightly scoped permission set. Least privilege matters even more for agents than for humans, because agents act on whatever access they have without hesitation and at scale.
What is the single best first step this quarter?
Run a permissions review. Inventory your profiles and permission sets, query PermissionSetAssignment to see where access actually flows, and measure the gap between what users can do and what they need to do. That review tells you whether you need a restructure, a cleanup, or just governance to hold the line.

Leave a reply

Your email address will not be published. Required fields are marked *