All Collections
Salesforce Metadata
Salesforce user access
Understand what permissions are being granted by a profile or permission set
Understand what permissions are being granted by a profile or permission set

Analyze access granted by a profile or a permission set in Salesforce

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

You can quickly scan and understand what level of access is being granted by profiles or permission sets in your Org. You can use that to both plan your permission optimization and quickly understand what a given profile or permission set does.

Prerequisites

  • You must be on Enterprise license or have a consulting space

  • You must have a synced Org Model

  • View access to the Org Model within Elements app

  • Scheduled batch job in the managed package to get profile data

Report on access given by profiles and permission sets

To understand what permissions are granted by profiles and permission sets in your Org, and to understand which ones may be granting too many permissions, run the access categories report. To do that:

  1. Open the Org model app

  2. Click on a report icon in the top right corner of the screen.

  3. Click to run a new report.

  4. Choose Profile/Permission set Access Categories from the dropdown.

  5. When the report is ready, click on the notification from the report icon.

The report will list every profile and permission set in the Org as rows and every category of permissions as a columns (e.g. object permissions, field permissions etc.) The numbers in cell indicate how many metadata are accessible using that permission controller.

For instance, if a profile shows 609 field permissions, that means it grants access to a total of 609 fields in the Org.

Review access granted by a given profile or permission set

Using Elements.cloud application, you can analyze what permissions are being granted by each profile or permission set.

To see which permissions are being granted by a profile or permission set:

  1. Find the right metadata component in your Org model

  2. Open the 'Optimize' tab in the right pane

  3. Click 'Analyze access' button at the top of the panel

  4. You will see a grid of types of permissions (e.g. object permissions) and a number (e.g. 7). That number indicates how many permissions of that type are being granted.

  5. Click on the number to drill down and see the concrete, alphabetically sorted list of metadata and level of access granted by the selected profile or permission set

Related Articles
Audit who has access to Salesforce objects, fields, and other sensitive metadata and why
Compare and consolidate permissions across profiles and permission sets
Get Salesforce user access data
Setting up the Profile metadata batch job
Users with dangerous permission
Did this answer your question?