Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            User Access Management in Setup with Agentforce (Beta)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            User Access Management in Setup with Agentforce (Beta)

            Use Agentforce to troubleshoot user access issues, review the permissions and access that users have, and understand how access is configured.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, Unlimited, and Developer Editions with Foundations or Agentforce 1 Editions
            User Permissions Needed
            To use Setup with Agentforce:

            The required permissions for Setup with Agentforce. See Assign Required Permissions and Access for Setup with Agentforce (Beta).

            AND

            The required permissions for the task listed in the table.
            Note
            Note Setup with Agentforce is a pilot or beta service that is subject to the Beta Services Terms at Agreements - Salesforce.com or a written Unified Pilot Agreement, if executed by Customer, and the Non-GA Credit Consumption term in the Product Terms Directory. Enabling this pilot or beta service consumes Data 360 credits and is at the Customer's sole discretion.

            Agentforce can help you with these tasks and requests related to user access.

            Supported Task Example Requests Additional Required User Permissions
            Get information on supported tasks for user access management
            • “What can you do related to user access management for permissions?”
            • “How can you help me manage user record access?”
            		 None
            Review what object, field, and user permissions a user has or doesn’t have
            • “What level of access does Lincoln Ulrich have to the Account object?”
            • “Can Lance Park create permission sets?”
            • “Is Jessica Tanaka able to update the Priority field on cases?”
            		 None
            Review what access users, groups, and roles have to a record and why they have this access
            • “Tell me who has access to the Acme Account record and how they have this access.”
            • “Explain why Lincoln Ulrich has Read Only access to the Acme Account.”
            • “Which users, groups, or roles can edit the Project Q4 Deal Opportunity record?”
            		 None
            Troubleshoot access issues related to object, field, and user permissions
            • “Explain why Erin Donaghue is able to update the Status field on cases.”
            • “Confirm that Ada Balewa doesn’t have the ability to edit opportunities.”
            • “Why can’t Erica Douglass export reports?”
            		None
            Troubleshoot access issues related to record access
            • “Why can’t Candance Evans see the contact record for Jane Doe at TechGlobal Corp?”
            • “Why is Jay McRose able to edit case number 00000001?”
            • “Why can Erin Donaghue only see case 00000002?”
            		 None
            Troubleshoot access issues related to external client app access
            • “Can you check whether Kathy Cooper has access to external client application Example Integration?”
            • “Confirm if Matt Wilson is assigned to the external client application Sample ECA.”
            		None
            See what permissions are required for a Salesforce task or feature
            • “What permissions do I need to convert leads?”
            • “Provide a list of user permissions required for managing permission sets.”
            		 None
            Compare the record access that two different users have
            • “Can you show me what access Lance Park has versus what Ada Balewa has for account Acme, and detail how each user’s access is derived for this record?”
            • “Why can Linda Rosenberg edit contact Jane Doe but Erica Douglass can’t?”
            		 None
            Get a list of all profiles, permission sets, or permission set groups
            • “List of all profiles.”
            • “Show me all permission sets.”
            		 None
            Create or update custom permission sets
            • “Create a permission set that grants read and edit permissions on Account.”
            • “Update permission set Sales_Operations to enable the ability to create dashboards.”
            • “Create a permission set named ‘Report Management’ with a description of ‘Enables user to make report changes’.”
            		 Manage Profiles and Permission Sets
            Create or update custom permission set groups
            • “Can you add the Full Account Access permission set to the Sales Manager permission set group?”
            • “Remove the Case Management permission set from the Service_Rep permission set group.”
            		 Manage Profiles and Permission Sets
            Get information about existing permission sets and their enabled permissions
            • “Is there a permission set that allows a user to convert leads?”
            • “Show me permission sets that have Edit Account permissions enabled.”
            • “Do I have a permission set that grants access to cases?”
            		None
            Get information about internal and external organization-wide default sharing settings
            • “What’s the OWD for the Contact object?”
            • “What is the organization wide default for Opportunity?”
            • “What is the org wide default for Case object?”
            		 None
            Update internal and external organization-wide default sharing settings
            • “Set the internal org-wide default access for the Account object to Private.”
            • “Change the OWD for the Contact object to Controlled by Parent.”
            • “Update the external organization-wide default access for the Knowledge object to Public Read-Only.”
            		 Manage Sharing
            Ask questions about what sharing rules for specific objects grant access to a specified user, role, or public group
            • “Show me all criteria-based Account sharing rules that are currently granting access to Erin Donaghue.”
            • “Which sharing rules for the Opportunity object are applied to the Sales Director role and its subordinates?”
            • “What account sharing rules are set up for the Key Accounts Onboarding public group?”
            • “List sharing rules for accounts.”
            		 None
            Create sharing rules
            • “Create a sharing rule that shares Campaign records with Type=Email with the Sales Reps group. Give this group Read/Write access.”
            		 Manage Sharing
            Review what public groups a user belongs to and filter by name
            • “List the public groups for user Nina Gupta that have ‘Project’ in their name.”
            • “Show me the public groups for user Samir Patel that contain the word ‘Regional’.”
            		 None
            Create a public group
            • “Create a public group that has ‘Grant Access Using Hierarchies’ disabled.”
            • “Create a public group for the specified purpose or team.”

            Delegated Administrator

            OR

            Manage Users
            Review the membership of a specific public group, including users, roles, and nested public groups
            • “Display the members assigned to the ‘Global Marketing Leaders’ public group.”
            • “What’s the current membership of the ‘Asia Delivery Managers’ public group”
            • “Are there any roles or other groups included in the ‘Finance Department’ public group?”
            • “Show me all members in the ‘Car Models’ public group.”

            Manage Users

            AND

            The “Enhanced Public Group Assignment” setting enabled
            Create or update a queue’s details and supported objects
            • “Create a queue named Tier 2 Suppor.t”
            • “Update the email for the Sales queue.”
            • “Add Case support to the Billing queue.”
            • “Change the routing configuration for the Service queue.”
            • “Add public group Sales Reps and role Sales Directors to Sales queue.”
            		 Manage Users
            List all queues or public groups
            • “List all queues.”
            • “Show me all public groups.”
            		 None
            Add or remove users from permission sets, permission set groups, public groups, and queues
            • “Add user Mary Green to the ‘Service Cloud Users’ and ‘Service Cloud Management’ permission set groups.”
            • “Remove user Matt Wilson from the permission set Sales_App_Access.”
            • “Add user Anthony Hall to the ‘Level 2 Support’ queue and remove him from the ‘Escalation Support’ queue.”
            • “Remove the user Caleb Dunn and Jerry from ‘All Employees’ public group.”

            Assign Permission Sets

            OR

            Manage Users
            Troubleshoot user access with the Setup Audit Trail
            • “Why can’t Erica Douglass manage users anymore? What changed?”
            • “Help me understand why user Candace Evans can’t edit account records since last week.”
            		 None

            User Access Management Considerations

            • In questions about a user’s permissions, if the user is assigned permissions via a session-based permission set, the permissions are returned whether the permission set is activated or not.
            • You can ask questions about and reference both criteria-based and owner-based sharing rules. However, you can create only criteria-based sharing rules via the agent, and they must be on objects other than accounts and contain only a single criteria condition.
            • Questions related to guest user access aren’t supported.
            • If the organization-wide default is set to Controlled by Parent for an object, responses about related sharing rules and record access can be inaccurate.
            • Responses related to a user’s ability to delete or transfer a record aren’t always accurate.
            • Responses about a user’s ability to edit a record don’t reflect whether the user has the required Edit permission for the related object.
            • Setup Audit Trail questions related to which user changed a specific setting or configuration aren’t supported. Agent responses also don’t reflect changes made by AI agents or delegate administrators.
            • For questions related to user access that use information from the Setup Audit Trail, only changes related to permission sets, permissions set groups, profiles, roles, user access policies, organization-wide defaults, and user records are considered.
            • You can search and filter Setup Audit Trail entries returned matching specific criteria. However, these capabilities aren’t supported when using the Setup Audit Trail to troubleshoot user access.
             
            Loading
            Salesforce Help | Article