Create a resource set
Create a collection of your org's user groups, workflows, authorization servers, apps, and customizations. After you've created a resource set you can assign it to the admins and roles in your org.
Before you begin
Ensure that you’re signed in as a super admin.
Start this task
In the Admin Console, go to .
Go to the Resources tab. The Resources tab displays a list of previously created resource sets and their descriptions. You can also edit the resource set from this page.
Click Create new resource set. The Create new resource set page opens.
In the Resource set name field, enter the name of the resource set. Choose a name that’s self-explanatory about the resources it includes.
Optional. In the Resource set description field, enter a short description of the resource set.
In the Add Resources section, enter the following values:
Add users from the following groups
Enter group names to add all users from those groups.
Select the Constrain to all users check box if you want the resource to be constrained to all users in the organization.
Remember, when you constrain these resources to a role, the user permissions of the role will impact the resources and the admin can manage the users within the groups selected here. See About role permissions.
Enter group names to constrain the resource to admins.
Select the Constrain to all groups check box if you want the resource to be constrained to all groups in the organization.
When used in an admin assignment that has group permissions in the role, this constrains what groups the delegated admin has group permissions on. See About role permissions.
Enter application names to constrain the resource to admins.
You can add apps and app instances as a resource. The resource will apply to all application and profile source permissions. See Best practices for creating a custom role assignment.
Select the Constrain to all applications check box if you want the resource to be constrained to all applications in the organization.
You can select the app type (such as all Salesforce apps) or specific app instances.
Add delegated flows
Enter workflow names to constrain the resource to admins.
Select the Constrain to all delegated flows checkbox if you want the resource to be constrained to all delegated flows in the organization.
Add authorization servers
Enter authorization names to constrain the resource to admins.
Select the Constrain to all authorization servers check box if you want the resource to be constrained to all authorization servers in the organization.
Admins can only create new authorization servers if their role is scoped to all authorization servers.
Add customizations Enter customizations to constrain the resource to admins.
Select the All customizations checkbox if you want the resource to be constrained to all customizations in the organization. These admins can create and delete brands, add and manage custom domains, add and manage email domains, manage SMS, and configure general customization settings.
If you enabled Redesigned Resource Editor for Admin Roles, you can choose Select customizations to constrain the resource to specific brands. These admins have access to all customizations for the brands you select, except creating and deleting brands, adding and managing email domains, and adding and managing custom domains.
Click Save resource set. You can see the resource set you just created on the Resources tab.
You can use Okta-sourced, AD-sourced, and LDAP-sourced groups as resources. However, the following permissions aren't applicable to AD-sourced and LDAP-sourced groups:
Manage users' authenticator operations
Edit users' profile attributes
Manage group membership