You are here:
User Access Policies
Salesforce User Access Policy is a security and administrative control that allows for the automated or manual management of user permissions and licenses based on predefined criteria.
Control Name
User Access Policies
Recommended Configuration
Manual Grant or Revoke Access with User Access Policy:
- Setup>User Management Settings>Enable User Access Policies and Enhanced Interface for User Access Policies enabled
- Setup>User Access Policies>New User Access Policy>Edit Criteria>Define Actions
Automatically Grant or Revoke Access with User Access Policy:
- Setup>User Management Settings>Enable User Access Policies and Enhanced Interface for User Access Policies enabled
- Setup>User Access Policies>New User Access Policy>Edit Criteria>Define Actions>Automate Policy
Control Overview
Salesforce User Access Policy is a security and administrative control that allows for the automated or manual management of user permissions and licenses based on predefined criteria, such as user roles, profiles, or custom field values.
By defining these policies, administrators can streamline the granting and revoking of access mechanisms—including permission sets, package licenses, and public group memberships—making sure that access control is consistent and efficient across the company.
Security Risk If Not Configured
Failure to configure effectively and securely User Access Policies risks the automated over-provisioning of sensitive permissions at scale, potentially granting broad data access to unauthorized users through mismanaged filter criteria.
Threat Scenarios
An internal threat actor or an employee with modified user attributes could trigger a misconfigured User Access Policy that automatically grants them high-level administrative permissions or access to sensitive data sets. Without secure validation and corresponding revocation logic, this remains undetected, allowing the user—or an attacker who has compromised their account—to exploit broad system access indefinitely.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Number of users, user access scope.
Higher Risk When
The risk of misconfiguring Salesforce User Access Policies is significantly amplified by poor data governance and a lack of field-level security on the user record fields used as policy criteria. If these fields are not strictly controlled, unauthorized changes can inadvertently trigger the automated granting of high-level permissions.
Low or No Risk When
To minimize the risk of misconfiguring Salesforce User Access Policies, companies should implement strict field-level security and validation rules on the user record attributes (such as Role or Department) that trigger the automated granting of permissions.
Additionally, enabling Field History Tracking on these trigger fields and performing regular User Access Reviews to make sure any unauthorized or accidental privilege escalation is promptly detected and remediated through clear audit trails.
Business and Integration Considerations
Customers should consider user experience, and user types.
Recommended Remediation
Implement a combination of automatic and manual Grant or Revoke Access action as needed using User Access Policy.
Security Health Review Guidance
N/A - Currently not inspected by the Security Health Review tool.
