Skip to content

Flow Name: Add/Remove user to/from the Super Admin Public Group

Last Updated: 2024-09-30 Source Code: Add_Remove_user_to_from_the_Super_Admin_Public_Group.flow-meta.xml

API Name: Add_Remove_user_to_from_the_Super_Admin_Public_Group Status: Active Type: Custom Trigger: After save (create and update) of User records

Business Purpose

This flow maintains the membership of the "Super Admin" public group by automatically adding users with the "System Administrator (Custom)" profile and removing users who no longer have that profile or are deactivated. This automation ensures case sharing rules and other permissions dependent on this group remain accurate without manual intervention.

Process Flow

  1. Profile Lookup: Retrieves the "System Administrator (Custom)" profile details
  2. Profile Check: Determines if user currently has or previously had the Super Admin profile
  3. Group Lookup: Finds the "Super_Admin" public group by developer name
  4. Membership Check: Queries existing GroupMember records for current user and group
  5. Decision Logic:
  6. Add to Group: User has Super Admin profile, is active, and is not already a member
  7. Remove from Group: User no longer has Super Admin profile, is inactive, or already exists but shouldn't be in group
  8. Group Maintenance: Creates or deletes GroupMember record as appropriate
📊 Click to view Process Flow Diagram 
flowchart TD
    Start([Start: User Create/Update<br/>After Save Trigger]) --> GetProfile[Get Profile:<br/>"System Administrator (Custom)"]

    GetProfile --> ProfileCheck{User Has or Had<br/>Super Admin Profile?}

    ProfileCheck -->|No| End([End])
    ProfileCheck -->|Yes| GetGroup[Get Public Group:<br/>"Super_Admin"]

    GetGroup --> CheckMember[Check Existing GroupMember<br/>for User and Group]

    CheckMember --> Decision{User Status?}

    Decision -->|Has Profile & Active<br/>& Not Member| Add[Create GroupMember Record]
    Decision -->|Lost Profile or<br/>Inactive & Is Member| Remove[Delete GroupMember Record]
    Decision -->|Already Correct| End

    Add --> End
    Remove --> End

    style Start fill:#e1f5ff
    style GetProfile fill:#f0e1ff
    style ProfileCheck fill:#fff4e1
    style GetGroup fill:#f0e1ff
    style CheckMember fill:#f0e1ff
    style Decision fill:#fff4e1
    style Add fill:#ffe1e1
    style Remove fill:#ffe1e1
    style End fill:#e1f5ff

Key Business Rules

  • Only processes users who currently have or previously had "System Administrator (Custom)" profile
  • Automatically adds active Super Admin users who aren't already group members
  • Automatically removes users who lose Super Admin profile or become inactive
  • Prevents duplicate group memberships
  • Operates on both user creation and profile/status changes

Dependencies

  • User standard object with ProfileId and IsActive fields
  • Profile standard object with specific "System Administrator (Custom)" profile
  • Group standard object with "Super_Admin" developer name
  • GroupMember standard object for group membership management
  • Case sharing rules that reference the Super Admin public group (PR-29901)

⚠️ Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • Missing Groups/Profiles: No error handling if "Super_Admin" group or "System Administrator (Custom)" profile don't exist
  • Permission Dependencies: Verify case sharing rules and other permissions work correctly with group membership changes

HIGH - Address Soon After Go-Live

  • Bulk Operations: No handling for bulk user updates - could cause performance issues or governor limit exceptions
  • Timing Issues: Group membership changes happen after user save - verify dependent permissions update correctly

MEDIUM - Future Enhancement

  • Error Logging: No audit trail of group membership changes or error notifications if operations fail
  • Complex Logic: Multiple decision branches could be simplified for better maintainability

LOW - Monitor

  • Profile Dependencies: Hardcoded profile name could break if profile is renamed
  • Group Dependencies: Hardcoded group developer name creates maintenance dependency

Maintenance Notes

Complexity: Medium - Logic handles multiple scenarios but depends on specific named objects. Review quarterly to ensure profile and group names remain accurate. Monitor for governor limits during bulk user operations. Consider error handling enhancements for production stability.