Using Elements.cloud, you can compare all your profiles, permission sets and permission set groups to figure out which ones overlap in permissions being granted. You can then narrow down your scope to do a detailed comparison of similarities and decide how to consolidate your permission controllers.
Prerequisites
Your space must be on an Enterprise license or a consulting license
Synced Org Model
View access to the Org Model within the Elements app
Scheduled batch job in the managed package to get profile data
Run the comparison report
With many profiles, permission sets and permission set groups in your Org, it is impossible to know where to start your analysis. With Elements.cloud, you can run a report that will automatically compare and detect which permission controllers are most similar to each other (and therefore need to be merged or split into distinct, lean permission sets).
To run a comparison of profiles, permission sets, and permission set groups:
Open the Org model
Click on the 'Download large data set' icon in the top right part of the screen
Run 'Permissions similarity score'
Wait for the notification, then click on the notification to download the CSV file, which you can take into a spreadsheet.
The generated file will be a matrix of every profile, permission set, and permission set group compared against every other profile, permission set and permission set group. Each pairing will receive a score between 0 and 100%
0% means that there is no overlap at all between the pair;
100% means that two permission controllers are identical.
You can colour-code the matrix in the spreadsheet to find where you have the highest overlap and therefore which permission controllers should be consolidated.
Compare permissions granted by multiple profiles, permission sets and permission set groups
Once you have identified which permission controllers overlap the most, you can perform an in-depth analysis:
Find the profile, permission set, or permission set group in the org model to run the comparison against
Open the Insights tab in the right panel and navigate to the Access sub-tab
Click on the 'Analyze access' button:
By opening each of the categories separately, review the detailed access
Click the 'Compare' button within the modal window
Give the report a title, so you can review it once it's generated from the 'Select' tab
Select permission controllers against which the comparison should be generated
Wait for the results when the status is Ready
Open the heatmap
The cells in red or orange indicate high overlap in a given category, whereas green cells indicate a low level of overlap. Empty cells mean that for a given category, none of the permission controllers grant access to.
The heatmap allows you to explore only the differences between selected permissions by clicking on the cell. 'Same-access' permissions are not displayed to streamline the comparison.
How to analyze access:
Click on the single cell to explore the permissions which are different between two profiles or permission sets.
Click on the row title (category of permission) to explore the permissions of that type which are different across all selected profiles and permission sets.
Click on the column to select the profile or permission set. When a column is selected (you can select many), you will have the option to create a story record. You can capture what sort of changes should be done to selected profiles or permission sets as a result of your analysis. That story will be automatically linked to the metadata.
