Skip to main content

SF-0089 · Scenario · Medium

How to ignore or bypass validation rules?

✓ Verified by Vikas Singhal · Last reviewed 5/17/2026 · Updated for Spring '26

Validation rules can’t be turned off per-user out of the box — but you can write the formula so that certain users skip it. The modern, supported pattern is custom permissions. Old-school approaches (profile checks, hard-coded user IDs) are anti-patterns; an interviewer wants to hear the right answer first.

The right answer — custom permissions

  1. Create a Custom Permission, e.g. Bypass_Account_Validation.
  2. Assign it to a Permission Set (or directly to a profile).
  3. Reference it in the rule formula with $Permission:
AND(
  NOT($Permission.Bypass_Account_Validation),
  ISBLANK(Industry)
)

Now anyone with the Bypass_Account_Validation custom permission can save the record even when Industry is blank.

Why custom permissions are the right answer

  • Granular: not tied to profile or role
  • Auditable: you can see who has the permission set assigned
  • No formula edits when team membership changes — just update the permission set

Other patterns (and their trade-offs)

PatternHow it worksUse it?
Profile check in formula — $Profile.Name <> "System Administrator"Skip rule for one profileOK for emergency-only bypass; brittle
Hierarchy custom setting — read a setup flag like $Setup.Bypass__c.Enabled__cMaster kill-switchUseful for data loads, but risky if forgotten
Bypass field on User$User.Bypass_Validation__c = TRUEPer-user flagWorks, but custom permissions do this better
Hard-code a user ID$User.Id <> "005..."Never. Won’t deploy cleanly across orgs

A real-world example: data loader run

Imagine you need to load 50,000 legacy Accounts that don’t conform to your current rules. The clean playbook:

  1. Create Data_Migration_Bypass custom permission
  2. Wrap your rules: AND(NOT($Permission.Data_Migration_Bypass), ...)
  3. Assign the permission to the integration user only
  4. After the load, remove the assignment

The rule still protects new manual edits — only the integration user gets the pass.

What interviewers really want

  • Custom permission named first
  • A formula example showing the $Permission.X reference wrapped in NOT()
  • A note that profile checks work but aren’t recommended for new development
  • Awareness that bypasses should always be scoped and time-bound, not permanent

Bonus follow-up

Some validation rules need to skip during API/integration calls. Two ways:

  • The custom-permission approach above, assigned to the integration user
  • A custom checkbox on the record (Skip_Validation__c) that the integration sets to TRUE — but this leaks implementation into your data model and is generally worse

Verified against: Salesforce Help — Custom Permissions. Last reviewed 2026-05-17 for Spring ‘26 release.