How To Use Custom Permission To Give Users Exceptions To Validation Rule

3 min readJul 20, 2022

Author: Rishabh Dubey

Requirement: There are lists of users with different Roles and Profiles who should be able to bypass certain Validation rules.

In this Scenario if we hard code the validation rule by Profile ID, Role ID or User ID every time a new user is created or a user with different role and profile to bypass the validation rules then we need to update the validation rules again and again.

Instead of this we can create a custom permission, assign custom permission to the user by permission set and use that permission in our validation rule.

Step 1: Create a Custom permission

a. Go to Setup

b. Search for Custom Permission

c. Click on New Custom Permission

d. Label = Bypass Account Validation

Step 2: Create A permission Set and Assign the custom permission to the permission set

a. Go to setup search for permission set then click on New

b. Label = Bypass Account Validation

c. Go to custom permission in Permission set

d. Add the custom permission to the permission set

Step 3: Assign this permission set to the desired users

a. Click on manage assignment

b. Click on Add users and select the users from the list

Step 4: Update your Validation Rule.

Old Syntax:


ISCHANGED( Industry ),

ISPICKVAL(Industry ,”Technology”)


a. To add this custom permission to validation open the validation rule

b. Inside the AND operator, add one more condition to check the validation will only give errors to users who do not have custom permission assigned.

c. Type NOT() and inside the Parentheses enter the custom permission API name

d. Click on Add Fields then Permissions, Select your custom permission and select insert

New Syntax:


ISCHANGED( Industry ),

ISPICKVAL(Industry ,”Technology”),

NOT( $Permission.Bypass_Account_Validation )


By adding the NOT($Permission….) to the end of the criteria, anyone who possesses the custom permission will be able to get around this validation rule. This logic essentially says “if the user doesn’t have the permission, fire the rule”.