Using Permission Sets in Salesforce and Setting Up a Profile Governance Policy for Your Organization
Profiles are assigned to users in Salesforce and determine what permissions they have on various objects and fields, and what they see via page layouts.
Over time, if you accommodate ad-hoc requests from business users who just want one additional permission here, or another permission there, you might have built up a large inventory of profiles that differ from each other ever so slightly. Or worse, if the differences between similar profiles are small, and not documented, you’ll spend time trying to figure out the tiny nuances, give up, and possibly create yet another profile. Subsequent updates mean more work for you as you have to make those updates in this growing number of profiles.
One way to reduce the creation of profiles is to start using permission sets, in conjunction with developing a profile governance policy.
Permission sets bundle up permissions that can be assigned to individual users, without having to create a new profile. So, if a few sales-ops users within the sales organization need a special permission to manage territories, you can create a permission set for that, and assign it to just those few users instead of creating a confusing second profile for them.
A profile governance policy can be used to ensure consistency within a company with multiple system administrators. It spells out how granular permission adjustments will go. For example, if granularity is applied to a business unit and region, and someone make a request that applies just to their business unit, region, and vertical specialization, this may be better accommodated via a permission set.