Control Who Sees What

Control Name

Permission Control

Recommended Configuration

• User Permissions - Permission Sets | App Permissions | System Permissions
• Object Permissions - Object Access | Enable Reports | Track Activities | Track Field History
• Field Permissions - Set Field-Level Security - Visible | Read-Only
• Revoke Permission - Setup | Select A User | View Summary | Manage Assignments

Control Overview

Salesforce uses a layered security model where Object and Field Permissions define the baseline for data access (CRUD), while Administrative, User, and Custom Permissions grant specific functional capabilities and system-level authority.

To maintain a secure environment, these permissions are managed through Profiles and Permission Sets, allowing administrators to define precisely user scope and use revocation mechanisms to strip access immediately when it is no longer required or if a security threat is identified.

Security Risk If Not Configured

Failure to properly configure object, field, and administrative permissions creates a significant risk of privilege access and unauthorized data exposure, where users can view or modify sensitive business records and system settings far beyond their job requirements. Compromised accounts may retain persistent access, leading to unauthorized data exfiltration.

Threat Scenarios

A malicious insider accessing through a compromised account and because administrative and object-level permissions were not strictly managed or revoked upon the user's role change, the attacker quietly exfiltrates proprietary intellectual property and sensitive financial records without triggering traditional security alerts.

Estimated CVSS Score Range

Critical (9.0–10.0).

Risk Impact Considerations

Risk severity depends on the type of users, user population size, type of data stored.

Higher Risk When

When the foundational controls for Object, Field, and Administrative permissions are misconfigured, several items below can increase the risk such as lack of API access control, excessive System Administrator, Modify All Data and View All Data permission assignment, lack of IP login restriction, and unrestricted export and reporting permission.

Low or No Risk When

This control can be considered low risk when one or more of the following are implemented:

• Transaction Security Policies (Salesforce Shield): Create policies that trigger an MFA challenge or block the action entirely if a user attempts a high-risk activity, such as exporting more than a certain number of records or accessing sensitive data from an unrecognized IP address.
• Login IP Ranges and MFA: By enforcing Login IP Ranges at the Profile level, make sure that users can only access the system from trusted corporate networks (or VPNs). Combined with Multi-Factor Authentication (MFA), this drastically reduces the risk of credential-based attacks.

Business and Integration Considerations

Perform a thorough business impact analysis to make sure that tightening object and field access doesn't inadvertently block critical cross-departmental workflows or cause high-priority automated integrations to fail.

Recommended Remediation

Implement the principle of least privilege when assigning permissions, perform periodic review to analyze and report on user permissions to identify "over-privileged" users.

Security Health Review Guidance

N/A - Currently not inspected by the Security Health Review tool.