Control Access to a Custom Button

I recently installed ChimpSync , which, by the way, I am mightily impressed with. To use it, you add a custom button 'Synchronize with MailChimp' onto the Campaign Page Layout. However, I didn't want all users to have access to this. Controlling access to a button is not currently available as standard functionality but there is an idea here that you can vote on.

One solution would have been to create a new profile and map the Campaign Page Layout with button to the new profile and map the Campaign Page Layout without the button to other profiles. This introduces a maintenance overhead though as any subsequent changes to the Campaign Page Layout need to be made in two places and both profiles need to be maintained.

Instead, I used Custom Permissions, Generally Available (GA) in Winter '15 , to control which users could use the button and which received an error. With this solution, all users that see the Page Layout on which the button has been placed will see the button but only those with the Custom Permission can use it. Also, the 'button behaviour' needs to be 'Execute Javascript' to use this solution.

To set this up, first create a Custom Permission by typing 'custom p' in Setup Search and clicking on 'Custom Permissions'. Click 'New', give it a label, tab through the name field and give it a description. Did you get that last bit? Give it a description!

Now, in Setup, go to the object where the button will be added to the page layout, Campaign in this case. Click 'Buttons, Links and Actions' and click the 'New Button or Link' button.Give it a label, tab through the name field and give it a description. Did you get that last bit? Give it a description!

Where the button code goes, surround your code with

if ( {!$Permission.ChimpSync} ) {

<-- the code that authorised users get to execute -->

else {
alert ("You are a lowly and powerless being. You are not worthy of The Mighty Custom Permission. You have no place here. Be gone.");
}

where 'ChimpSync' is what appears in the 'Name' field of your Custom Permission. If you entered 'My Custom Permission' as the label and tabbed into Name, the Name will be My_Custom_Permission' and the line above would be

if ( {!$Permission.My_Custom_Permission} ) {

In my case, I viewed the Campaign custom button 'Synchronize with MailChimp' that is installed with the AppExchange package, copied the JavaScript and pasted it into my own custom button where I took the opportunity to correct the label spelling and called it 'Synchronise with MailChimp'. The 'if...' statement above goes before the very first line of the pasted code and the 'else...' goes after the very last '}'.

If you add your new custom button to the Page Layout(s) now, all users, including system admins, will get the error message. You may wish to use a more sensitive tone than that adopted above.

To authorise users to run the code in the button, either add the Custom Permission to one or more Profiles, or add it to a Permission Set and assign the Permission Set to users. In my case I used the latter approach:

Now users with the Custom Permission can use the button.