PERMISSION & FLS AUDIT — HOW TO USE
Read Me
End-to-end guide for running a Permission & FLS Audit on a Salesforce org.
What this tool does
Permission & FLS Audit scans your Salesforce org's entire permission model and produces a downloadable Excel workbook showing who can read, create, edit, and delete each object, which profiles and permission sets grant access to sensitive fields, where over-privilege exists, and where cleanup is possible.
The report covers:
- Object permissions across every profile and permission set
- Field-Level Security (FLS) for all scanned objects
- Over-privileged roles (View All / Modify All on sensitive objects)
- Sensitive field exposure by non-administrator profiles or permission sets
- Unassigned permission sets (cleanup candidates)
- Admin-only fields (potential data isolation gaps)
- User-level risk scores based on access stacking
- Object permission mismatches (Edit without Create, Create without Delete)
- A prioritized Recommendations tab
- A Permission Health Score with an A-F grade
No managed package required. No Connected App setup required. No Salesforce configuration changes needed. The tool authenticates using your existing Salesforce browser session -- the same session you are already using in Salesforce. It is a read-only diagnostic.
When to use this tool
- Before a Salesforce security or access review
- Before cleaning up profiles or permission sets
- When users may have more access than they should
- When inheriting an unfamiliar Salesforce org
- Before a compliance, governance, or audit committee review
- Before consolidating or simplifying permission sets
- When field-level security is difficult to audit manually in Setup
- When you need to explain your org's access model to an IT or security team
Supported Salesforce editions
Supported:
- Professional Edition -- API access must be enabled
- Enterprise Edition
- Unlimited Edition
- Developer Edition
- Scratch Orgs and Sandboxes
Not supported:
- Essentials Edition -- no Salesforce API access is available in this edition
Before you start
- Open Salesforce in the same browser you will use for the audit.
- Log in to the Salesforce org you want to audit and confirm your session is active.
- Use a Salesforce user with sufficient access for complete results. System Administrator is recommended -- see Required Salesforce permissions below.
- Allow enough time. Audits on large orgs with many objects, profiles, and permission sets may take several minutes.
- Do not close the audit tab while a scan is running.
- Browser privacy tools, third-party cookie blockers, or an expired Salesforce session may interrupt the workflow. If that happens, reload Salesforce, reconnect, and run again.
Step-by-step: how to run the audit
Step 1 -- Open the app
Go to permissions.keelcadence.com in your browser. The landing page explains the tool and shows the bookmarklet button.
Step 2 -- Save the bookmarklet
Drag the Connect to Permission & FLS Audit button from the landing page to your browser's bookmarks bar. This bookmarklet is the connection method -- no package, no Connected App, and no Salesforce configuration is needed.
Step 3 -- Connect to Salesforce
Open a Salesforce page in the same browser -- any Salesforce page while you are logged in. Click the bookmarklet from your bookmarks bar. The bookmarklet reads your active Salesforce browser session and sends it securely to the audit app.
If a new tab opens showing a Salesforce API list instead of the audit app, click the bookmarklet one more time in that new tab.
The Salesforce Session ID is held only in a signed server-side session cookie for the duration of your active session. It is never stored in the database, logs, or report files.
Step 4 -- Review the connection screen
After connecting, the app shows a confirmation screen with your connected username, display name, Org ID, and instance URL. Review these to confirm you are connected to the correct org.
Step 5 -- Select objects (optional)
The Select Objects screen shows all SObjects available in your org, grouped into Custom Objects and Standard Objects. You can:
- Leave all objects unchecked to scan every object in the org (full audit)
- Select specific objects to narrow the audit to those objects only
- Use the quick buttons -- Custom, Standard, All, None -- to select groups quickly
- Use the search box to filter the list by object name or label
Before running, tick the checkbox to confirm you have read and agree to the Terms of Use and Privacy Policy. Then click Run Audit →.
Step 6 -- Wait for the audit to complete
The app redirects to a progress screen. A progress bar updates automatically every two seconds -- do not close this tab. Larger orgs with many objects and permission sets will take longer. If the audit fails partway through (for example, due to a session expiry), an error message will appear with a link to return and try again.
Step 7 -- Review on-screen results
When the audit completes, the app shows an on-screen results summary including:
- Profile and permission set counts, active user count, objects and fields scanned
- Over-privileged profiles and permission sets (critical)
- Potentially sensitive field exposures (critical)
- Unassigned permission sets, near-duplicate access patterns, and object gaps (warnings)
- A headline finding: DATA RISK DETECTED, REVIEW NEEDED, or AUDIT COMPLETE
These findings are free. The full XLSX workbook requires a one-time purchase.
Step 8 -- Purchase the full workbook
Click Download Full XLSX Workbook. The app redirects to Stripe Checkout, which handles the payment securely. KeelCadence does not store card numbers, CVV codes, or full card details -- those are handled entirely by Stripe.
After payment, Stripe redirects back to the results page with the Download XLSX Workbook button unlocked. The purchase is linked to your specific audit run.
Step 9 -- Download the XLSX workbook
Click Download XLSX Workbook. The file downloads as an
.xlsx workbook named KeelCadence_PermissionsFLS_[OrgID]_[Date].xlsx.
The workbook contains 13 tabs covering the full permission and FLS audit.
Step 10 -- Save and share the report
- Save the workbook securely -- it contains a full review snapshot of your Salesforce access model.
- Share only with authorized internal stakeholders (Salesforce admin team, IT, security, compliance).
- Treat the report as Salesforce configuration and security material.
- Note your Report ID (shown on the results screen) -- you will need it if you contact support or request deletion.
Step 11 -- Disconnect or request deletion
Click Disconnect in the top navigation bar to clear your application session. This removes the Salesforce session from the app's server-side cookie.
There is no self-serve delete button for audit report data. To request deletion of a report before the 90-day automated purge, email support@keelcadence.com with your Report ID. Reports are automatically deleted by a daily purge job after 90 days.
What data is read
The tool reads metadata only -- it does not read business record values:
- Profile definitions (name, user type)
- Permission Set definitions and group assignments
- Permission Set assignments per active user
- Object Permissions (Create, Read, Edit, Delete, View All, Modify All) per profile and permission set
- Field-Level Security settings (Read / Edit) per field, per profile and permission set
- Active User list -- names, usernames, and profile assignments, used for assignment counts and risk scoring
- SObject list used to populate the object selection screen
The tool does not export individual Salesforce business record values. The report focuses on metadata, configuration, permissions, and aggregate counts.
What is not read or stored
- No managed package is required or installed.
- No Connected App setup is required.
- No OAuth refresh tokens are stored for the current Session-ID flow.
- Salesforce Session IDs are not stored in the database, logs, reports, or XLSX files.
- Salesforce Session IDs are used only during the active audit workflow and discarded after the audit completes or fails.
- Individual Salesforce business record values (Accounts, Contacts, Opportunities, and other record data) are not exported.
- KeelCadence does not store card numbers, CVV codes, or full payment card details.
Session duration
Your Salesforce session is controlled by your Salesforce org's session settings. Salesforce sessions commonly last around 2 hours by default, but your org may use a different timeout. If you start an audit near the end of your Salesforce session, the audit may fail partway through. If that happens, reconnect to Salesforce and run the audit again.
How to interpret the report tabs
The downloaded workbook contains 13 tabs.
Cover -- Visual dashboard with scorecard tiles showing key counts (profiles, permission sets, users, objects, fields), severity tiles for critical and high findings, an overall Permission Health Score, and a bar chart of findings by category. Start here for an executive summary.
Summary -- Org info, run date, total counts, and a row-by-row breakdown of key audit metrics. Use this tab to share high-level numbers with stakeholders who do not need the full detail.
Profile Permissions -- One row per Profile and Object combination. CRUD columns show Yes/No. Rows highlighted in red have View All or Modify All on a sensitive object. Use this tab to see which profiles have the broadest access to each object.
Perm Set Permissions -- Same structure as Profile Permissions but for Permission Sets, excluding profile-linked system sets. Amber rows are unassigned; red rows are over-privileged. Use this tab alongside Profile Permissions to see the full CRUD picture.
FLS Matrix -- Fields as rows, profiles and permission sets as columns. Each cell shows Read and/or Edit access. Sensitive fields are highlighted. Use this tab to see which roles can access which fields -- useful for FLS-specific reviews or when preparing for a data privacy assessment.
Over-Privileged -- Every profile or permission set that has View All Records or Modify All Records on a sensitive object (User, Account, Contact, Opportunity, and others). These are critical findings -- any compromise or misuse of these roles can expose all records in the affected objects.
Unassigned Perm Sets -- Permission sets with zero active user assignments. These are cleanup candidates that add schema noise and increase audit surface without providing access to anyone. Review and archive or delete them.
Admin-Only Fields -- Fields where only the System Administrator profile has FLS access (Read or Edit). These may be intentionally restricted or legacy fields that no longer serve a purpose. Review whether each restriction is still intentional.
User Risk Score -- A risk score per active user, color-coded by relative risk level. Users are ranked by a score based on access breadth, sensitive access patterns, and administrative review signals. Sort descending to identify your highest-risk users first.
Object Gaps -- Profiles or permission sets with mismatched object permissions: Edit without Create, or Create without Delete. These mismatches are often unintentional and can cause data quality problems for users in those roles.
Sensitive Exposure -- Sensitive fields (SSN, salary, tax ID, health data, and similar) that are readable by profiles or permission sets other than System Administrator. Each row includes a recommended action and a risk note. If this tab is empty, no sensitive field exposure was detected.
Recommendations -- A prioritized remediation plan generated from all audit findings. Sort by Priority (P1 first) and work top-down. Each row includes the finding, a recommended action, estimated effort, and the risk of taking that action. Mark rows green and delete them as items are resolved.
Permission Health Score -- An overall health score (0-100) and letter grade (A-F) for the org's permission model, broken down by category. Use this tab to track improvement across audits over time and communicate permission model health to leadership.
Common findings and how to use them
Over-privileged profiles -- A profile with View All or Modify All on Account, Contact, Opportunity, or User means every user on that profile can see or change every record in that object, regardless of ownership or sharing rules. Restrict these grants to the minimum required.
Permission sets with View All or Modify All -- Same risk as over-privileged profiles, but delivered via a permission set. Check the Unassigned Perm Sets tab -- if these sets are not assigned to anyone, they are lower urgency but still create audit surface.
Sensitive fields readable outside System Administrator -- Fields like SSN, salary grade, tax ID, or health data should typically be restricted to administrators or specific roles. The Sensitive Exposure tab identifies each field and who can read it.
Unassigned permission sets -- Permission sets with no active users are governance noise. They complicate audits and should be archived or deleted unless they are intentionally held in reserve.
Admin-only fields -- Fields readable or editable only by System Administrator may be intentionally restricted. Verify whether each restriction reflects a conscious design decision or is a legacy artefact from a previous implementation.
Object gaps (Edit without Create) -- A user who can edit records but not create them is an unusual pattern. It may reflect a deliberate workflow constraint or an accidental misconfiguration. Either way, document the reason.
High user risk scores -- Users with many layered permission sets, especially when combined with View All or Modify All and sensitive field access, present the most concentrated access risk. These users should be reviewed first if a security incident occurs.
Required Salesforce permissions
The connected Salesforce user must have:
- API Enabled -- system permission
- View Setup and Configuration -- system permission
- Read access on Profile, PermissionSet, ObjectPermissions, FieldPermissions, and User objects
System Administrator profiles satisfy all of these by default and are recommended for the most complete audit results.
Users with limited access may still be able to run the audit, but results may be incomplete if Salesforce restricts access to specific profiles, permission sets, field permissions, object permissions, or user metadata.
Troubleshooting
Salesforce session expired -- Go back to Salesforce in the same browser, confirm you are still logged in, then click the bookmarklet again to reconnect.
Not enough permissions to run a full audit -- Reconnect using a Salesforce user with System Administrator or equivalent access. Limited users may produce incomplete results.
API access disabled -- API Enabled must be on for the connected user's profile. Enable it in Salesforce Setup under Profile settings, or ask your Salesforce admin.
Unsupported edition -- Essentials Edition does not include Salesforce API access and cannot be audited with this tool.
Audit takes longer than expected -- Orgs with many objects, profiles, and permission sets take longer. Keep the browser tab open and wait for the progress bar to complete.
Audit fails partway through -- The most common cause is a Salesforce session timeout. Reconnect and run again. If the problem repeats, try a shorter audit by selecting a subset of objects.
Bookmarklet opens a Salesforce API page instead of the audit app -- This is expected on Lightning and Setup pages: Salesforce first opens an API page so the bookmarklet can read a session that is valid for the audit. Click the bookmarklet once more in the new tab that opened to finish connecting.
Browser cookie or privacy tool blocking the connection -- Some browser extensions block the session cookie that the bookmarklet reads. Temporarily disable the extension or try a standard browser profile without extensions.
Payment completed but download button is not available -- Wait a few seconds and refresh the results page. If the issue persists, email support@keelcadence.com with your Report ID and a note that payment was completed.
Download link does not work or file is missing -- Reports are retained for 90 days. If the link has expired, the file has been automatically deleted. Email support@keelcadence.com with your Report ID if you need to discuss options.
Results look incomplete -- The connected user may not have access to all profiles, permission sets, or field metadata. Try reconnecting as a System Administrator for a full audit.
Need to delete your data -- Email support@keelcadence.com with your Report ID. Data is automatically purged after 90 days if no earlier deletion is requested.
Privacy and security notes
- KeelCadence tools are read-only diagnostics. No Salesforce data is modified.
- No managed package is required.
- No Connected App setup is required.
- No OAuth refresh tokens are stored for the current Session-ID flow.
- Salesforce Session IDs are not stored in databases, logs, reports, or XLSX files.
- Salesforce Session IDs are used only during the active audit workflow and discarded after the audit completes or fails.
- Audit reports and related metadata are retained for up to 90 days. Automated purge jobs delete report files and related database records after that period.
- Users may request earlier deletion by emailing support@keelcadence.com with their Report ID.
- Payments are processed by Stripe. KeelCadence does not store card numbers, CVV codes, or full payment card details.
- KeelCadence uses consent-gated Google Analytics 4 for website and product usage analytics. GA4 is configured for sanitized page views and high-level funnel events only.
- GA4 is not used to analyze Salesforce audit report contents.
- KeelCadence does not use advertising pixels, retargeting pixels, fingerprinting, session replay, or email marketing automation.
Policy and legal
For full details, use the canonical KeelCadence pages:
- Security — keelcadence.com/security
- Privacy Policy — keelcadence.com/privacy
- Terms of Use — keelcadence.com/terms
- IT Review — keelcadence.com/it-review
Contact and support
For questions about a report, include your Report ID and email support@keelcadence.com.