I am a part of a small organization, which has a large number of custom applications. I have found that different users need different sets of permissions in different applications. This has become so unmanageable that we are almost at the point of creating unique profiles for each of our 80+ users.
It would be great if we could create profiles specific to each of the applications we have, and assign these profiles to each user account as needed.
For example, imagine a new Recruiting application, which would need to have the following profiles: Recruiter, Hiring Manager, Interviewers, and General Users. Each of these profiles would have different permissions in the Recruiting application.
In the cases of SalesForce users who already exist who might need access to the permissions granted by one of these profiles, normally we would need to modify their existing profile to add the permissions, layouts, et al. to their profile. However, if mulitple users share a profile, and we only need a subset of these users to have these permissions, we now need to create a new profile for this subset of users.
If we had application specific profiles instead, we could define a specific set of permissions, layouts, et al. which would be used for each of the profiles in the custom application. We can then assign the application specific profile to those user accounts which would need these permissions. This way, a specific Sales Representative could be added to the 'Interviewer' profile, instead of granting all Sales Representatives to the 'Interviewer' profile, to allow specific Sales Representatives to perform interviews using the custom application.
When publishing applications to the Appexhange, application specific profile information could be included. This would allow us to quickly add these custom profiles to existing user accounts and ensure that we are consistantly applying the necessary permissions for each function in the new application to the appropriate users, without having to review and potentially modify all our existing profiles.
To resolve conflicts between the global profiles, and the application specific profiles, we could have a global setting which would allow us to define if all user receives the most restricted set of permissions (closed or least permissions model) or if the user receives the most open set of permissions (open or most permissions model) when conflicts are encountered.