Computer implemented methods and apparatus for providing permissions to users in an on-demand service environment

What is claimed is: 1. A computer implemented method for providing permissions to users of a database system, the method comprising: receiving, at a server associated with the database system, criteria; selecting, using the server, a first permission set and a second permission set, each of the first and second permission sets being defined by a respective grouping of permissions indicating accessibility of a component of a system, the first and second permission sets associated with at least one of the criteria, the permissions and the permission sets stored as data objects in the database system; identifying, using the server, one or more of the users as being associated with the at least one criteria; determining, using the server, that a first count of permissions in the first permission set is lower than a second count of permissions in the second permission set; assigning the first permission set to the one or more users responsive to the determination that the first count of permissions in the first permission set is lower than the second count of permissions in the second permission set; and storing or updating a data object indicating the assignment of the first permission set in the database system. 2. The method of claim 1 , wherein the criteria include one or more of: a geographic location, a level within an organizational hierarchy, an industry, and a role. 3. The method of claim 1 , wherein the criteria include one or more permissions. 4. The method of claim 1 , further comprising: determining that the identified one or more users does not exceed a maximum user limit associated with the permission set. 5. The method of claim 1 , further comprising: generating an audit trail associated with the assignment of the permission set. 6. The method of claim 1 , wherein assigning the permission set includes creating a permission set assignment object. 7. The method of claim 6 , wherein the stored data includes the permission set assignment object. 8. The method of claim 6 , wherein the permission set assignment object includes a user identifier and a permission set identifier. 9. The method of claim 1 , wherein the selected permission set is one of a plurality of permission sets, the selected permission set including a plurality of permissions. 10. The method of claim 9 , wherein the permissions include one or more entities used by the service environment, wherein the one or more entities include one or more of: objects, fields, applications, and system wide permissions. 11. The method of claim 1 , wherein the server receives the criteria through an application programming interface (API). 12. The method of claim 1 , wherein the component of the system is a field of a record stored within a database. 13. The method of claim 1 , wherein the component of the system is an object. 14. The method of claim 1 , wherein the selected permission set is one of a plurality of permission sets, the selected permission set assigned to a lowest number of users. 15. One or more computing devices for providing permissions to users of a database system, the one or more computing devices comprising: one or more processors operable to execute one or more instructions to: receive criteria; select a first permission set and a second permission set, each of the first and second permission sets being defined by a respective grouping of permissions indicating accessibility of a component of the database system, the first and second permission sets associated with at least one of the criteria, the permissions and the permission sets stored as data objects in the database system; identify one or more of the users as being associated with the at least one criteria; determine that a first count of permissions in the first permission set is lower than a second count of permissions in the second permission set; assign the first permission set to the one or more users responsive to the determination that the first count of permissions in the first permission set is lower than the second count of permissions in the second permission set; and store or update a data object indicating the assignment of the first permission set on one or more storage mediums in the database system. 16. A non-transitory computer-readable storage medium storing instructions executable by a computing device to perform a method for providing permissions to users of a database system, the method comprising: receiving criteria; selecting a first permission set and a second permission set, each of the first and second permission sets being defined by a respective grouping of permissions indicating accessibility of a component of a system, the first and second permission sets associated with at least one of the criteria, the permissions and the permission sets stored as data objects in the database system; identifying one or more of the users as being associated with the at least one criteria; determining that a first count of permissions in the first permission set is lower than a second count of permissions in the second permission set; assigning the first permission set to the one or more users responsive to the determination that the first count of permissions in the first permission set is lower than the second count of permissions in the second permission set; and storing or updating a data object indicating the assignment of the first permission set in the database system.