Whether using Profiles, Permission Sets or both, if you're managing Salesforce permissions, you know how challenging it can get. One day everything's running smoothly, next day someone can't access their reports and you're deep in profile settings trying to track down recent changes. With multiple team members updating permissions across different orgs, this scenario is all too familiar.

In this article, we'll explore the common permission challenges that Salesforce professionals face and how Salto can help address them. We'll also dive into the specific capabilities Salto offers, including exploring permissions, comparing them across orgs, and deploying only the necessary permissions.

‍

‍

The permission challenges we all face

Any experienced Salesforce professional knows these pain points:

• Permissions get modified left and right - devs adding fields, admins tweaking access, pretty much daily changes
• Huge files, slow to retrieve, slow to deploy
• Permissions never match across orgs - what's in UAT is different from prod, dev is its own story
• Good luck trying to quickly figure out what permissions are in each profile or why a certain user lost his access to the Opportunity object
• Manual deployments - you can't pick what to deploy, and things break  so everyone is ending up doing them manually 

Salto doesn't remove all the pains, but it can help a lot by giving admins more visibility to their permission setup and more control over which permissions to include in their deployment. 

Salto treats Profiles differently 

At Salto, we handle permissions differently. Here's what we do:

1. Extract your org's metadata and keep a browsable copy you can actually search through
2. Add a semantic layer that breaks down those massive profile and permission set files into isolated, stand-alone permissions components 
3. Map all the connections between these pieces - so you can see exactly how field permissions relate to objects, how record types connect to page layouts, and more.
   
   

These three unique technological capabilities are what enable Salto to bring unmatched control and clarity to permission management. By combining structured, searchable metadata, a granular semantic layer, and comprehensive mapping of relationships, Salto transforms complex permission handling into a transparent and manageable process.

‍

‍

Read below to see how Salto’s approach looks in action.

Start with understanding your current Permissions setup and fix issues (duplicates, overlap, misalignment and more) 

1. Explore your Profiles and Permissions and get immediate insights 

Ever spent hours trying to figure out why your marketing team suddenly can't access campaign reports? We've all been there. Salto lets you search across all your permissions instantly - like Ctrl+F for your Salesforce permissions. Instead of clicking through endless setup menus and scrolling through profiles, Salto lets you explore them easily. 

But it's not just about finding permissions - it's about understanding their dependencies. For example, when you look at a field, Salto shows you every permission related to it, which permission sets include it, and all the related components that might be affected if you change it. No more surprises from hidden dependencies.

Key use cases:

• Troubleshoot access issues
• Track down where permissions are set
• Understand who has access to what
• Investigate security concerns
• See the full impact before making changes

The impact is immediate: what used to take hours now takes minutes. No more guesswork, no more "let me get back to you on that." Just clear answers about who has access to what and why, and most importantly - what might break if you change it.

‍

‍

2. Compare permissions within an org 

Trying to remove redundant Permission Sets or standardizing access across teams? 

Salto shows you clear comparisons of Profiles and Permissions Sets within a single org. You can spot exactly which object permissions, field permissions, and system permissions differ between profiles.

This becomes crucial when:

• Creating new roles based on existing ones
• Understand where Permission Sets overlap 
• Standardizing access across teams
• Cleaning up duplicate Permission Sets and Profiles
• Merging departments or teams
• Validating profile updates

Teams using this capability typically eliminate duplicate profiles, ensure consistent access across similar roles, and significantly reduce their profile maintenance overhead.

‍

3. Keep orgs in sync

"Does your UAT permissions match prod?", probably not, but you’re not the only one. With Salto, you can compare Permissions across your orgs and see exactly what's different. Spot when permissions drift from UAT, or when production gets out of sync and easily align them. 

Once your Permissions are properly set, start using Salto to deploy permission changes the right way 

4. Ensure no relevant permission is left behind

When deploying changes between orgs using Salto (up or down the pipeline), we automatically surface all permissions related to the metadata elements you’re deploying, ensuring that no necessary permissions are missed.

5. Deploy JUST the permissions you need

Salto can tell the difference between different permissions and treat them as a separate, standalone metadata component. 

When deploying a field (or any other metadata type), Salto will flag it’s Field Level Security permissions as a dependency instead of flagging the entire Profile/Permission Set. Then, you, as a user, will be able to choose the specific permissions you’d like to include in the deployment.   

‍

6. Adding new Permissions Set / Profile seamlessly 

Have you ever tried deploying a permission for a field that does not exist on target?

When introducing a new Profile or Permission Set, Salto provides unmatched control and flexibility. Here's how Salto ensures seamless deployment:

1. When deploying a new Profile or Permission Set, Salto automatically flags all related metadata elements that the permissions reference, and whether or not they exist in the target org. 
2. Salto allows you to select which metadata elements to include in the deployment. If any element doesn’t exist in the target org, you have the flexibility to exclude it while proceeding with the rest of the permissions as planned. This capability streamlines your deployment process and helps prevent issues due to missing elements.

Salto's unique approach to managing Salesforce permissions can help admins streamline and improve the process of maintaining secure and consistent access across their Salesforce ecosystem. It gives them better visibility into what’s implemented, the ability to understand which permissions are linked to each component, and a lot of control on what they choose to include in their deployment. 

‍