Yes — a user can have many permission sets assigned at the same time, and stacking them is the recommended modern pattern in Salesforce. The user’s effective access is the union of their profile plus every assigned permission set; permission sets only add access, they never remove it. This is precisely why Salesforce nudges orgs away from “one profile per role” toward a minimal profile plus stacked permission sets.
Why multiple permission sets is the point
The historical mistake was per-role profiles: Sales Rep, Sales Manager, Sales Ops, Sales Rep North-America, Sales Rep EMEA, Sales Rep Enterprise — each a near-duplicate that drifted apart over years. Permission sets fix this by letting you compose access from reusable building blocks:
Profile: "Sales Minimum Access" (one profile for the whole org)
+ Permission Set: "Lead Management"
+ Permission Set: "Opportunity Forecast"
+ Permission Set: "Data Loader Access"
+ Permission Set: "EMEA Region"A user can have any combination of those four sets. Add or remove a set, and only that user’s access changes — no profile clone, no audit drift.
How conflicts are resolved
Since permission sets are additive, “conflicts” rarely happen — the most permissive grant wins. Examples:
- Profile says “no Edit on Account,” one permission set grants “Edit on Account.” Result: Edit allowed.
- One permission set says “Read on Amount field,” another doesn’t mention it. Result: Read allowed (the union).
- Profile gives “Modify All” on Lead, permission set doesn’t include it. Result: Modify All still allowed (nothing revokes it).
The only mechanism that removes permissions is a Muting Permission Set inside a Permission Set Group — and even then the mute only applies to users assigned through that group, not via direct assignment.
Practical limit
There’s no hard cap on the number of permission sets you can assign to a single user that an interviewer is likely to probe. Salesforce publishes per-org limits on total permission sets (currently 1,500 per org including managed-package ones), but per-user assignment is effectively unlimited. In practice, organizations top out around 10-20 active assignments per user — past that, Permission Set Groups are the cleaner answer.
Permission Set Groups — the next step
When you find yourself assigning the same 5-6 permission sets to the same role of users, bundle them into a Permission Set Group. The group is assigned as one unit; Salesforce computes the union of the included sets behind the scenes. Groups also support muting permissions — include a permission set, but turn off specific permissions inside it for users assigned through this group.
Common interview follow-ups
- Can a permission set remove access granted by a profile? No — permission sets are strictly additive. Use a muting permission set inside a permission set group if you need to subtract.
- What’s the order of evaluation? There isn’t one — Salesforce computes the union of all granted permissions at runtime, no ordering required.
- Do permission set licenses count toward the limit? Permission set licenses are a separate concept (an add-on license that enables certain permission sets); they don’t count against the permission-set-per-user count.
- Can I assign permission sets via API or in bulk? Yes —
PermissionSetAssignmentis a writable object. Data Loader, Apex, and Flow can all assign permission sets to users programmatically.
Verified against: Salesforce Help — Permission Sets and Permission Set Groups. Last reviewed 2026-05-17.