Salesforce Access Management and Review

Understand access in your Org — from the big picture to the fine details

Access Controls You Can Understand and Manage

As the Salesforce platform has evolved, how users work in it has evolved, too. The result is that, in many mature Orgs, access is governed by a mix of roles, profiles, permission sets and permission set groups. Changing a system of this complexity is risky, but carrying on without appropriate visibility into who can see and do what leaves you open to security and compliance violations.  

Investigate, Simplify, Monitor

Wouldn't it be great if you have tightly defined roles, profiles and permissions? If you were confident only authorized users had access to your most sensitive data? If you could prove it to auditors who want to see that your revenue-related data is locked down?

Gaining visibility is the first challenge — from there, you can take steps to consolidate and cleanup, and build policies that protect the data auditors care most about. 

Strongpoint makes it easy. Here's how.

access review logo@2x
access-image-low

How Does Strongpoint Help?

Strongpoint documents and continually monitors your roles, profiles and permission sets. (Actually, our metadata engine tracks a lot of things, which you can read more about in our Documentation and How Does Strongpoint Work? pages.) 

Strongpoint treats this documentation like other forms of metadata, and gives you tools to map out the connections between roles/profiles/permissions and Objects/fields. With it, you can investigate access to critical Objects; troubleshoot access problems; track changes to permissions; create controls to block risky role assignments; and more.

Get granular with Object- and field-level reports and spreadsheets

Object Access Review

A complex object in Salesforce may contain multiple custom fields, standard fields, formula fields, record types, picklist values, buttons and links. If you’re working with personal data or in a regulated environment where compliance has crept into scope, you need to know things are secure. 

Strongpoint gives you easy-to-work-with reports and  spreadsheets showing all settings attached to an Object, profile or permission set. See everything controlling an Object as well as detailed permissions for each setting — with Strongpoint, it's easy to stay informed and confident about who can see and do what in your Org. 

check-1

Review access at the field level

check-1

See what's in scope for compliance

check-1

Analyze profiles and permission sets

check-1

Streamline access reviews

Access Review in Action

Choose any Standard or Custom Object and see all profiles or permission sets with Read, Create, Edit, Delete, ViewAll or ModifyAll permissions:

cr permissions

This information is also available in the Strongpoint Customization Record (above) and in a conventional Salesforce report:

object report 1

 

Use Strongpoint's Object Export tool to dig deeper and review permission set assignments at the field level — a key audit priority for healthcare and other tightly regulated industries:

field report

 

The Object Export tool is also extremely helpful for reviewing Apex Class and Visualforce permissions to troubleshoot user access issues. Here's a close up of that information in a typical Object report:

apex review

 

Watch a Demo:

Instant insights into your Org

In this short clip, our resident Salesforce expert Rick Roesler walks you through several ways to review access levels in your Org. 

 

 

Get continuous visibility into profiles and permissions

Access Management

Granular access review tools are essential for troubleshooting problems when they arise. But more and more, we're seeing that access management requires continuous visibility into how users can interact with your Org — and its potential repercussions for security and compliance.

Strongpoint gives you several tools for managing access control in your Org on an ongoing basis. Identify and consolidate similar profiles to cleanup and prevent unauthorized access. Or stay vigilant by building intelligent policies to alert you when things change.

check-1

Review access by user/profile/
permission set

check-1

Migrate profiles to permission sets

check-1

Track changes to user access

check-1

Identify red flags for compliance

Key Strongpoint Tools

Get an in-depth look at everything a user can see and do. Do they have the appropriate permissions they need to do their job? Just as Strongpoint lets you drill down by Object, you can also conduct a detailed review of access and permissions by User:

user review

 

You can also review the details of your profiles and permission sets — comparing access levels to see what can be consolidated or migrated to a permission set group. Here's a look at the Permissions with Profile/PermissionSet report:

profiles w permission set

 

Create policies that monitor for changes to specific profiles or permission Sets — and log everything in audit-friendly reports. Strongpoint treats changes to user permissions the same way it treats other metadata — giving you a verifiable audit log showing who changed what and a full diff of what was affected:

perm set change log

 

Try it in Your Org:

Our free app, Flashlight, comes with a suite of access management tools, including the Object Exporter.

Here's a demo of it in action. Try it for yourself — with no risk or commitment — by downloading your copy of Flashlight today:

Download Flashlight

 

Go into your next audit with confidence 

Regulatory Compliance

For audit purposes, understanding who has access to various parts of your Org is just as important as understanding what’s in it. In fact, they’re two sides of the same coin — it’s great to know where your revenue-related data is, but you also need to know who can see it, who can edit it, and who can delete it. 

SOX is a typical use case for this — especially now that more businesses are handing revenue-related data on the platform and auditors are looking for tighter controls around who can access it. But access control is also relevant for GDPR, HIPAA and other regulatory standards. 

By documenting your Org and giving you tools to manage access, Strongpoint eliminates some of the most difficult, time-consuming work of audit prep. 

 

check-1

Determine what's in scope and what isn't

check-1

Consolidate profiles and permission sets to simplify audits

check-1

Implement compliance-friendly change policies

check-1

Create mitigating controls for sensitive data access

Key Strongpoint Tools

Build out hyper-specific policies governing who can grant different levels of access to different Objects and fields.

Here's a policy record for a custom Object with tight controls around access — any changes to associated roles, profiles and permission sets require testing across a full software development lifecycle:

change policy access

 

Implement a closed-loop management system for changes to access levels, and automatically reconcile approvals to requests in audit-friendly logs.  

Some types of access should never be granted without prior approval. With blocking controls in place, Strongpoint automatically prohibits role assignments that could put critical data at risk and jeopardize compliance with SOX and other regulatory standards. 

Watch the Webinar

Access Controls in Salesforce

Learn the difference between profiles, permission sets and permission set groups — and how to manage them, with or without Strongpoint. 

 

 

Canva Design DAEaQXtZNHQ-2

Additional Resources

Follow these links to learn more about Salesforce access management, or get in touch to find your solution and get pricing:

Get a Price

risk-image-low

Next Step:

Impact Analysis

Salesforce Orgs are complex — impact analysis shows you how a change to one customization will affect the rest of your system.