Varonis debuts trailblazing features for securing Salesforce. Learn More

Introducing Athena AI our new generative AI layer for the Varonis Data Security Platform.

Learn more

Compare Salesforce user permissions with ease

2 min read
Last updated June 9, 2023

Salesforce complexity breeds risk and creates headaches for admins. With complicated Profiles, Roles, Permission sets, and Groups, it is incredibly difficult and time-consuming to understand what a user can and cannot do in the CRM tool.

With the new permissions comparison feature in Varonis DatAdvantage Cloud, we’re taking hours of work off Salesforce admins’ plates. With the click of a button, admins can compare two users’ aggregated permissions side-by-side and quickly identify discrepancies. You can even compare permissions across different Salesforce orgs — a game-changer for teams handling mergers and acquisitions.

Permissions comparison final 720(Compare two Salesforce users’ permissions side by side)

Get a Free Data Risk Assessment

Analyzing permissions in Salesforce

To understand what a user can do in Salesforce using only Salesforce’s native tools, CRM admins must take into account the permissions a user was granted through their Profile and add up the different Permission Sets and Permission Set Groups to get their effective permissions. Yowza.

To add to the complexity, admins can mute (exclude) specific permissions when they assign permission sets to a user. And all of that is just so admins can understand what tables and fields users can access. Figuring out what records a user can read, and edit is a whole other can of worms.

system permissions hi-res(System Permissions configuration in Salesforce)

To determine a user’s record-level permissions, you need to review your org-wide defaults (i.e., can anyone access/edit a new record, or can only the creator) and analyze where the user sits within the organizational hierarchy.

Profile permissions hi-res(Object and field permissions configuration in Salesforce)

By default, a manager can access and edit records that their employees or anyone else below them hierarchically can access.

Role Hierarchy hi-res(Role Hierarchy settings in Salesforce)

The process of going through each of these nested screens and keeping track of each of the settings (using Excel, for example) can take CRM admins hours.

Now try and compare one user’s effective permissions with another user. Even if you have this information kept on hand, there’s a good chance something has changed since the last time you reviewed their permissions, and so you’ll probably need to re-compile that data again to be safe. By only using Salesforce’s native tools alone, you’ve created an unsustainable process.

Simplify permission analysis and comparison with Varonis.

Varonis radically simplifies analyzing permissions in Salesforce, displaying a user’s net effective permissions + how they were obtained, all on one screen.
Instead of clicking into every user’s Profile, then clicking into every single one of their Permission Sets, you can see all user effective permissions in one place.

System permissions final 720-2
(Analyze system permissions in DatAdvantage Cloud)

Go deep into object and field-level permissions.

On top of system-level permissions, Varonis extends visibility to the object and field level. We simplify access into a simple CRUDS model (create, read, update, delete, share) and show you exactly what level of access someone has to every field and record in your environment.

Field and record access final 720
(Analyze field and object level permissions in DatAdvantage Cloud)

With this new update from Varonis, Salesforce admins can go a step further and compare two users’ permissions from the same screen as we demonstrated above.

Become a Salesforce hero

Interested in learning who can access your Salesforce data and why? It only takes 15 minutes to get started with Varonis DatAdvantage Cloud. Schedule your risk-free demo today.



What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
Varonis Expands DSPM Capabilities with Deeper Azure and AWS Support
Varonis is expanding its IaaS coverage to AWS databases and Azure Blob Storage, strengthening the CSPM and DSPM pillars of our Data Security Platform.
How Varonis Helps With Email Security
Discover how you can proactively reduce your email attack surface, stop data exfiltration, and curb gen AI risk with accurate and automated email security.
Varonis Introduces Athena AI to Transform Data Security and Incident Response
Using Athena AI, the new gen AI layer for Varonis, natural language, customers can conduct in-depth security investigations and analyses more efficiently.
What's New in Varonis: November 2023
This month, Varonis’ Data Security Platform gets new features for accelerating investigations, improving your email security posture, and enabling Zero Trust in hybrid environments.