Salesforce Access Management and Review
Understand access in your Org — from the big picture to the fine details
Access Controls You Can Understand and Manage
As the Salesforce platform has evolved, how users work in it has evolved, too. The result is that, in many mature Orgs, access is governed by a mix of roles, profiles, permission sets and permission set groups. Changing a system of this complexity is risky, but carrying on without appropriate visibility into who can see and do what leaves you open to security and compliance violations.
Investigate, Simplify, Monitor
Wouldn't it be great if you have tightly defined roles, profiles and permissions? If you were confident only authorized users had access to your most sensitive data? If you could prove it to auditors who want to see that your revenue-related data is locked down?
Gaining visibility is the first challenge — from there, you can take steps to consolidate and cleanup, and build policies that protect the data auditors care most about.
Strongpoint makes it easy. Here's how.
How Does Strongpoint Help?
Strongpoint documents and continually monitors your roles, profiles and permission sets. (Actually, our metadata engine tracks a lot of things, which you can read more about in our Documentation and How Does Strongpoint Work? pages.)
Strongpoint treats this documentation like other forms of metadata, and gives you tools to map out the connections between roles/profiles/permissions and Objects/fields. With it, you can investigate access to critical Objects; troubleshoot access problems; track changes to permissions; create controls to block risky role assignments; and more.
Get granular with Object- and field-level reports and spreadsheets
Object Access Review
A complex object in Salesforce may contain multiple custom fields, standard fields, formula fields, record types, picklist values, buttons and links. If you’re working with personal data or in a regulated environment where compliance has crept into scope, you need to know things are secure.
Strongpoint gives you easy-to-work-with reports and spreadsheets showing all settings attached to an Object, profile or permission set. See everything controlling an Object as well as detailed permissions for each setting — with Strongpoint, it's easy to stay informed and confident about who can see and do what in your Org.
Review access at the field level
See what's in scope for compliance
Analyze profiles and permission sets
Streamline access reviews
Access Review in Action
Choose any Standard or Custom Object and see all profiles or permission sets with Read, Create, Edit, Delete, ViewAll or ModifyAll permissions:
This information is also available in the Strongpoint Customization Record (above) and in a conventional Salesforce report:
Use Strongpoint's Object Export tool to dig deeper and review permission set assignments at the field level — a key audit priority for healthcare and other tightly regulated industries:
The Object Export tool is also extremely helpful for reviewing Apex Class and Visualforce permissions to troubleshoot user access issues. Here's a close up of that information in a typical Object report:
Watch a Demo:
Instant insights into your Org
In this short clip, our resident Salesforce expert Rick Roesler walks you through several ways to review access levels in your Org.
Get continuous visibility into profiles and permissions
Granular access review tools are essential for troubleshooting problems when they arise. But more and more, we're seeing that access management requires continuous visibility into how users can interact with your Org — and its potential repercussions for security and compliance.
Strongpoint gives you several tools for managing access control in your Org on an ongoing basis. Identify and consolidate similar profiles to cleanup and prevent unauthorized access. Or stay vigilant by building intelligent policies to alert you when things change.
Review access by user/profile/
Migrate profiles to permission sets
Track changes to user access
Identify red flags for compliance
Key Strongpoint Tools
Get an in-depth look at everything a user can see and do. Do they have the appropriate permissions they need to do their job? Just as Strongpoint lets you drill down by Object, you can also conduct a detailed review of access and permissions by User:
You can also review the details of your profiles and permission sets — comparing access levels to see what can be consolidated or migrated to a permission set group. Here's a look at the Permissions with Profile/PermissionSet report:
Create policies that monitor for changes to specific profiles or permission Sets — and log everything in audit-friendly reports. Strongpoint treats changes to user permissions the same way it treats other metadata — giving you a verifiable audit log showing who changed what and a full diff of what was affected:
Try it in Your Org:
Go into your next audit with confidence
For audit purposes, understanding who has access to various parts of your Org is just as important as understanding what’s in it. In fact, they’re two sides of the same coin — it’s great to know where your revenue-related data is, but you also need to know who can see it, who can edit it, and who can delete it.
SOX is a typical use case for this — especially now that more businesses are handing revenue-related data on the platform and auditors are looking for tighter controls around who can access it. But access control is also relevant for GDPR, HIPAA and other regulatory standards.
By documenting your Org and giving you tools to manage access, Strongpoint eliminates some of the most difficult, time-consuming work of audit prep.
Determine what's in scope and what isn't
Consolidate profiles and permission sets to simplify audits
Implement compliance-friendly change policies
Create mitigating controls for sensitive data access
Key Strongpoint Tools
Build out hyper-specific policies governing who can grant different levels of access to different Objects and fields.
Here's a policy record for a custom Object with tight controls around access — any changes to associated roles, profiles and permission sets require testing across a full software development lifecycle:
Implement a closed-loop management system for changes to access levels, and automatically reconcile approvals to requests in audit-friendly logs.
Some types of access should never be granted without prior approval. With blocking controls in place, Strongpoint automatically prohibits role assignments that could put critical data at risk and jeopardize compliance with SOX and other regulatory standards.
Watch the Webinar
Access Controls in Salesforce
Learn the difference between profiles, permission sets and permission set groups — and how to manage them, with or without Strongpoint.