Crash Course:
Salesforce Profiles 
and Permission Sets

Manage access controls for stress-free audits

Tuesday September 22, 2020

2 PM EDT

Prep for Audit With Smarter Access Controls

New to SOX? Learn what your auditors will expect you to demonstrate

It’s increasingly difficult to pass a SOX audit without a thorough review of your Salesforce access controls. This may not have always been the case, but as auditors adopt stricter standards — and learn to ask more probing questions — the only way to avoid costly rework is to get your Org ready ahead of time. 

In this crash course, we’re taking a close look at some of the best practices for reviewing Salesforce profiles and permission sets — and managing them on an ongoing basis. We’ll start with the basics, including how to use the newly introduced permission set groups, as well as some general principles that apply to setting up access controls. 

Then, we’ll get into audit prep — and introduce you to some free tools that can help you analyze permissions in your Org and build a tighter, more secure system from the ground up. Register to secure your spot today.

Full Agenda

Introduction: The Challenge of Complexity 

  • Why auditors care about access controls
  • How to make sure users have the right level of access 
  • How to balance security/audit-readiness with ease of use

Access Controls in Salesforce: Context and History 

  • What are profiles? What are permission sets? 
  • Why did Salesforce introduce permission sets and permission set groups?
  • What is the relationship between permissions/permission sets and objects?

Best Practices for Ongoing Access Management in Salesforce

  • Instituting the principle of least privilege
  • Using Permission Sets to clean up Profiles
  • Using permission set groups effectively

Auditing The Profiles and Permission Sets in Your Org

  • What your auditors will want to see 
  • How — and why — to conduct an access control self-assessment
  • How to build tighter controls from the ground up

Free Tools for Profile and Permission Set Management

  • Using Workbench to compare profiles
  • Using Flashlight to see which profiles/permission sets have access to which objects

See Strongpoint in action

Get in touch today