Using Elements.cloud, you can compare all your profiles and permission sets to figure out which ones overlap in permissions being granted. You can then narrow down your scope to do a detailed comparison of similarities and decide how to consolidate your profiles and permission sets.
Prerequisites
Your space must be on Enterprise license or consulting license
Synced Org Model
View access to the Org Model within Elements app
Scheduled batch job in the managed package to get profile data
Run the comparison report
With many profiles and permission sets in your Org, it is impossible to know where to start your analysis. With Elements.cloud, you can run a report that will automatically compare and detect which profiles and permission sets are most similar to each other (and therefore need to be merged or split into distinct, lean permission sets).
To run a comparison of profiles and permission sets:
Open the Org model
Click on 'Download large data set' icon in the top right part of the screen
Run 'Profile / Permission set similarity score'
Wait for the notification, then click on the notification to download the CSV file which you can take into a spreadsheet.
The generated file will will be a matrix of every profile and permission set compared against every other profile and permission set. Each pairing will receive a score between 0 and 1:
0 means that there is no overlap at all between the pair.
1 means that two permission controllers are 100% the same
You can colour-code the matrix in the spreadsheet to find where you have highest overlap and therefore which profiles or permission sets should be consolidated.
Compare permissions granted by multiple profiles and permission sets
Once you have identified which profiles and permission sets overlap the most, you can perform in-depth analysis.
Find the profile or permission set in the org model to run the comparison against
Open 'Optimize' tab in the right panel
Click on 'Analyze access' button at the top of the access tab
Click 'Compare' button within the modal window
Schedule a comparison report to run (and select which profiles or permission sets to compare against the selected component)
Wait for results to generate
Open the comparison table
The comparison table works like a heatmap. The cells in red or orange indicate high overlap in a given category of permissions, whereas green cells indicate low level of overlap. Empty cells mean that for a given type of access, neither of the profiles or permission sets being compared grant any access.
The comparison table allows you to explore only the differences between selected profiles and permission sets. Overlapping permissions are not displayed to streamline the comparison.
How to analyze access:
Click on the single cell to explore the permissions which are different between two profiles or permission sets.
Click on the row title (category of permission) to explore the permissions of that type which are different across all selected profiles and permission sets.
Click on the column to select the profile or permission set. When a column is selected (you can select many), you will have the option to create a story record. You can capture what sort of changes should be done to selected profiles or permission sets as a result of your analysis. That story will be automatically linked to those metadata.
