You are here:
Permission Set Groups Control
Manage Permission Set Group to make sure that user access is granted based on specific job functions (personas) and adheres to the principle of least privilege, minimizing "permission sprawl."
Control Name
Permission Set Group Management
Recommended Configuration
Bundle permission sets together based on user job personas or roles:
Standard Permission Set Groups | Customer Permission Set Groups | Permission Set Groups from Managed Packages | Session-Based Permission Set Groups.
Control Overview
Manage Permission Set Group to make sure that user access is granted based on specific job functions (personas) and adheres to the principle of least privilege, minimizing "permission sprawl."
Security Risk If Not Configured
Ineffective management of Permission Set Groups (PSGs) can turn a streamlined security model into a "black box" of overlapping access. When PSGs are not governed correctly, the company faces a significant gap between intended security and actual user permissions.
Threat Scenarios
An unmanaged Permission Set Group acts as a "security black box" where a user who has changed roles retains high-level legacy permissions, such as "Modify All Data" or "Export Reports," that were never deprovisioned. A malicious actor or compromised account can then use these bundled, undocumented privileges to exfiltrate the entire customer database, with the activity remaining undetected because it appears as legitimate system behavior within the complex group structure.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Increased risk depending on number of users, roles and permissions in the company.
Higher Risk When
The absence of Multi-Factor Authentication (MFA) and Real-Time Event Monitoring significantly amplifies the risk, as it allows unauthorized actors to exploit over-privileged accounts without immediate detection.
Furthermore, a lack of formal periodic access reviews makes sure that unauthorized privileges remain hidden, leaving unnecessary high-level permissions active long after a user's business role has changed.
Low or No Risk When
To minimize the risks associated with ineffective Permission Set Group (PSG) management, companies can implement Salesforce Shield Event Monitoring to provide real-time visibility and automated blocking of suspicious activities, such as bulk data exports, that over-privileged users might attempt.
Additionally, establishing a rigorous Quarterly Access Review (QAR) process makes sure that unauthorized permission is systematically identified and remediated by validating every user’s current group assignments against their actual job functions.
Business and Integration Considerations
Admins should review their permission set groups to align with their company structure.
Recommended Remediation
Implement periodic access review, and perform grouping of permission sets that align with principle of least privilege.
Security Health Review Guidance
N/A - Currently not inspected by the Security Health Review tool.
