Permissions Explorer: a game-changer in Salesforce Permissions management
The Elements.cloud Permissions Explorer is a suite of three powerful tools that are essential for understanding, optimizing, and reporting on Salesforce permissions with speed and precision.
What is Permissions Explorer?
Managing user permissions effectively in a Salesforce Org is a cornerstone of operational success and compliance. The Elements.cloud Permissions Explorer marks a significant advancement in this area. With its innovative core tools (Access Analyzer, Permissions Comparison, and Compliance Reporting) Permissions Explorer will transform and simplify the way you manage Salesforce permissions.
With speed and precision, you can use Permissions Explorer to deal with issues like:
- Alice and Bob are both in Finance, in similar roles. Alice has access to Gross Margin and Commission fields on the Opportunity object, but Bob does not (but should). Why?
- Charlie made a change to an Account field that he should only have read access to. Why?
- Dave, the General Counsel, needs a report by end-of-day on every user that has access to personal data on the Patient object.
- Ellen, the Chief Information Security Officer, needs that same report. But she also needs a report of how that access has changed during the last six months. By end-of-day.
- The SOX auditors will be in next week. Frank, the CFO, needs a report of everyone who has edit access to objects involved with revenue recognition.
- Many overlapping Profiles and a random assortment of Permission Sets make access management difficult for Ginny, the Salesforce Administrator. There’s a Profile consolidation project on the backlog. Where do you even start?
Access Analyzer: see who has access to what … AND WHY!
Imagine being able to pinpoint every user’s access level to an Object, Field, or Flow with laser precision … directly from the Salesforce Setup page! Though important, it’s not enough to just know which users have access to an item or even what that level of access is. In order to take action, you need to understand exactly which permissions are granting specific levels of access for each user. Access Analyzer is a powerful tool that delivers actionable access insights to 16 different Salesforce metadata types.
- Apex Classes
- Applications
- Custom Permissions
- External Data Sources
- Fields (standard and custom)
- Flows
- Page Layouts
- Record Types
- Tabs
- Visualforce Pages
- Objects
- Standard Objects
- Custom Objects
- Custom Settings
- Custom Metadata Types
- Big Objects
- Platform Events
From Salesforce Setup, you can immediately see all Profiles, Permission Sets, and Permission Set Groups that grant access to the item. In addition, for each permission, you can see how many users are assigned and what level of access is being granted.
With one click on “Analyze user access,” you can drill down and see all the users that have access, their level of access and the specific permissions that are granting access.
Interested in just seeing who has “modify-all” access? No problem. Just filter.
And, with one more click, you can drill down on each individual user to see which permissions are granting specific access.
And, of course, all these views can be exported so that you can keep records of changes across audit periods.
Permissions Comparison: dissect and compare Permissions with precision
Even though Salesforce will no longer enforce the Spring ’26 “End of Life of Permissions on Profiles”, we all know that moving toward a permissions-led model will make access management and security simpler and more manageable. Any project to migrate permissions from Profiles to Permission Sets and Permission Set Groups requires at minimum:
- Understanding the permissions granted by every Profile
- Understanding how permissions differ between Profiles
The Permissions Comparison tool dramatically simplifies this part of the process.
From the Elements app, you can run a report that computes the degree of similarity between every pair of profiles and permission sets. Yes, you read that right. Every pair. Here, we’ve imported the results into Excel to identify clusters of Profiles that have 80% or greater similarity. These clusters would be a good place to start looking for consolidation.
From Salesforce Setup, for both Profiles and Permission Sets, you have an at-a-glance view of how many permissions are being granted in each of the permission categories (objects, fields, classes, user permissions, etc).
Clicking on a category, reveals the access granted to each item in that category. Wait! Why is the “Case Edit” permission set granting access to the Candidate__c object? Is it misnamed? Or was there a mouse-slip when we created the permission set? That definitely needs some investigation.
Once you have an idea of the permissions that may be in scope for consolidation, you can run a detailed comparison report between those permissions. While the org-wide permission comparison report above gives you a single similarity score for two permissions, the detailed report provides a category-by-category similarity score in the form of a heat map.
With one click you can easily drill down into any category to identify similarities and differences.
All this data is available from Salesforce Setup and is easily exportable as a csv to your favorite analysis tool. With Permissions Comparison, getting a handle on detailed Profile and Permission Set access has never been easier.
Compliance Reporting: align with regulatory standards
Permissions Explorer’s Compliance Reporting, streamlines auditing and reporting processes, significantly easing the burden of maintaining compliance with laws like GDPR and HIPAA. These reports can be exported so that changes can be tracked across audit periods.
- Users with Dangerous Permissions: Tracks 33 user permissions related to data security, system security, and user management. The report shows each user with the permission and the specific Profile, Permission Sets, and/or Permission Set Groups granting that permission.
- Users with access to sensitive data: Tracks all encrypted fields and any fields that have their Data Sensitivity Level (“Confidential”, “Restricted”, etc.) and/or Compliance Categorization (“PII”, “HIPAA”, etc.) properties set. The report shows each user with access to the field, their level of access (read or edit), and the specific Profile, Permission Sets, and/or Permission Set Groups granting access.
Summary
Permissions Explorer represents a leap forward in Salesforce permissions management. The Access Analyzer, Permissions Comparison, and Compliance Reporting tools address a wide array of needs, from operational efficiency to compliance to risk management.
Whether your role is Awesome Admin, Consultant, IT Security, Compliance, or Risk Management, with Permissions Explorer you’ll find that permissions analysis and reporting tasks that used to take weeks can now be done in minutes.
Webinar: Permissions Explorer, your answer to Profiles & Permission Sets
Struggling with complex permission management, security concerns, or compliance issues in your Salesforce environment? Elements.cloud’s Permissions Explorer offers you the solution. Don’t miss the opportunity to see Permissions Explorer in action and have your burning questions, answered by our product experts; Tues Dec 19th at 8 AM – 9 AM PST.
Sign up for
our newsletter
Subscribe to our newsletter to stay up-to-date with cutting-edge industry insights and timely product updates.
Rick Roesler
Senior Technical Product Manager8 minute read
Published: 8th December 2023