Skip to main content
Users with dangerous permission

Report on users who have dangerous system permissions within the Org

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

Using, you can find all users who have dangerous system permissions within Salesforce Org and understand which profile, permission set or permission set group grants them that dangerous permission.


  • Your space must be on Enterprise license or consulting license

  • Synced Org Model

  • View access to the Org Model within Elements app

  • Scheduled batch job in the managed package to get profile data

Supported dangerous permissions

The report will look for following 33 system permissions within Salesforce:

  • Allow user to access privacy data

  • Manage Encryption Keys

  • Modify All Data

  • View All Data

  • View Concealed Field Data

  • View Encrypted Data

  • Weekly Data Export

  • Bulk API Hard Delete

  • Create Public Links

  • Edit Read Only Fields

  • Export Reports

  • Manage Sharing

  • Modify Data Classification

  • Apex REST Services

  • Customize Application

  • Manage IP Addresses

  • Manage Login Access Policies

  • Manage Multi-Factor Authentication in API

  • API EnabledRun the report on users with dangerous permissions

  • Manage Auth. Providers

  • Manage Certificates

  • Manage Connected Apps

  • Modify Metadata Through Metadata API Functions

  • View Setup and Configuration

  • Manage Internal Users

  • Manage Users

  • Assign Permission Sets

  • Manage Custom Permissions

  • Manage Password Policies

  • Manage Profiles and Permission Sets

  • Manage Roles

  • Password Never Expires

  • Reset User Passwords and Unlock Users

Analyze which users have dangerous permissions and why

In order to see the list of users with dangerous system permissions in your Salesforce Org:

  1. Go to your Org model

  2. Click on the report icon in top right section of the screen

  3. Click to run a new report

  4. From the list of available reports, scroll down to option 'Users with dangerous permissions'

Did this answer your question?