All Collections
Feature overviews
Salesforce Org Models
Salesforce user access
Compare and consolidate permissions across profiles and permission sets
Compare and consolidate permissions across profiles and permission sets

Transition from profiles to permission-set based access model; compare overlap and streamline access granted by profiles and permission sets

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

Using Elements.cloud, you can compare all your profiles and permission sets to figure out which ones overlap in permissions being granted. You can then narrow down your scope to do a detailed comparison of similarities and decide how to consolidate your profiles and permission sets.

Prerequisites

  • Your space must be on Enterprise license or consulting license

  • Synced Org Model

  • View access to the Org Model within Elements app

  • Scheduled batch job in the managed package to get profile data

Run the comparison report

With many profiles and permission sets in your Org, it is impossible to know where to start your analysis. With Elements.cloud, you can run a report that will automatically compare and detect which profiles and permission sets are most similar to each other (and therefore need to be merged or split into distinct, lean permission sets).

  • To run a comparison of profiles and permission sets:

    1. Open the Org model

    2. Click on 'Download large data set' icon in the top right part of the screen

    3. Run 'Profile / Permission set similarity score'

    4. Wait for the notification, then click on the notification to download the CSV file which you can take into a spreadsheet.

The generated file will will be a matrix of every profile and permission set compared against every other profile and permission set. Each pairing will receive a score between 0 and 1:

  • 0 means that there is no overlap at all between the pair.

  • 1 means that two permission controllers are 100% the same

You can colour-code the matrix in the spreadsheet to find where you have highest overlap and therefore which profiles or permission sets should be consolidated.

Compare permissions granted by multiple profiles and permission sets

Once you have identified which profiles and permission sets overlap the most, you can perform in-depth analysis.

  1. Find the profile or permission set in the org model to run the comparison against

  2. Open 'Optimize' tab in the right panel

  3. Click on 'Analyze access' button at the top of the access tab

  4. Click 'Compare' button within the modal window

  5. Schedule a comparison report to run (and select which profiles or permission sets to compare against the selected component)

  6. Wait for results to generate

  7. Open the comparison table

The comparison table works like a heatmap. The cells in red or orange indicate high overlap in a given category of permissions, whereas green cells indicate low level of overlap. Empty cells mean that for a given type of access, neither of the profiles or permission sets being compared grant any access.

The comparison table allows you to explore only the differences between selected profiles and permission sets. Overlapping permissions are not displayed to streamline the comparison.

How to analyze access:

  1. Click on the single cell to explore the permissions which are different between two profiles or permission sets.
    โ€‹

  2. Click on the row title (category of permission) to explore the permissions of that type which are different across all selected profiles and permission sets.
    โ€‹

  3. Click on the column to select the profile or permission set. When a column is selected (you can select many), you will have the option to create a story record. You can capture what sort of changes should be done to selected profiles or permission sets as a result of your analysis. That story will be automatically linked to those metadata.

Did this answer your question?