Turn permission chaos into an audit-ready access pack.
PermSweep reviews redacted Salesforce exports and shows who can read, edit, export, or administer sensitive assets — plus what to clean up first.
Validation page only. Early users get a manual redacted-export review before software or Salesforce integrations are built.
access review pack
812 users · 74 profiles · 19 risks
Public report folders
23 users can edit revenue dashboards through folder share
Duplicate profile paths
Sales Ops and RevOps Analyst differ by export rights only
Permission-set group
Modify All granted through legacy launch bundle
Next action
“Ask the Sales Ops owner whether the export permission is intentional, then attach the folder-share screenshot to the audit note.”
Narrow customer
Salesforce admins, RevOps admins, and security/compliance owners at 200–1,500 employee companies with many profiles, roles, permission sets, and report folders.
Paid problem
Audit and cleanup requests burn days because effective access lives across profiles, permission sets, folder shares, roles, package permissions, screenshots, and Workbench exports.
Landing test
Join to test whether a redacted-export review and access-risk pack is valuable before installing a managed package or buying a heavy GRC suite.
Day-in-the-life pain
The audit asks one question. Salesforce answers from seven places.
A finance leader asks who can edit revenue dashboards. Security asks who can export account data. The admin opens Setup, report folders, roles, permission sets, permission set groups, packages, Workbench, and a spreadsheet — then still has to explain how the access path works.
Input
Upload redacted users, profiles, roles, permission sets, permission set groups, object permissions, report folders, and dashboard folder exports.
Checks
PermSweep normalizes grants, traces effective access paths, spots risky report/export/admin rights, compares near-duplicate profiles, and flags missing evidence.
Output
A board of risky grants, cleanup owners, missing-export gaps, and an auditor-ready packet explaining who can read, edit, export, or administer sensitive Salesforce assets.
Why spreadsheets break
A permission screenshot is not an access explanation.
Native setup pages can show pieces, but they do not hand you a clean review packet: which user has risky access, which path grants it, whether the grant is duplicated, who owns the decision, and what evidence is missing for the audit file.
Effective-access map
Show why a user can touch a report, dashboard, object, or admin function instead of sending auditors raw setup screenshots.
Risky grant triage
Highlight export, edit, modify-all, public-folder, stale admin, and overlapping permission paths that deserve a human review first.
Profile comparison
Cluster similar profiles and permission sets so admins can explain differences before cleanup turns into spreadsheet archaeology.
Redacted-export first
Start with exports and screenshots. No managed package, no live production credential, and no promise of unsafe auto-remediation.
Cleanup sprint board
Convert findings into owner tasks with evidence needed, proposed fix, business owner, and audit note.
Evidence, not proof
Public threads show the same shape: access questions become manual investigations.
These sources do not prove demand. They justify a narrow landing-page test: will admins share redacted exports and ask for a concise access-review pack before committing to heavier tooling?
Salesforce StackExchange · report/dashboard access
An admin needs to find users with read, edit, and delete access on reports and dashboards across the whole org, and notes that manual checking may not be possible with profiles and permission sets.
Salesforce StackExchange · profile/role cleanup
A large org with 600+ users, 500+ roles, and 70 profiles needs a systematic way to compare similar profiles, find differences, and clean up the access model.
Salesforce StackExchange · permission-set exports
Even querying permission sets and permission set groups through Workbench can require a confusing bundle of setup and user-view permissions.
Salesforce StackExchange · CRUD/FLS review
AppExchange/security-review teams run into CRUD/FLS evidence issues, reinforcing that Salesforce permission proof is a recurring governance problem.
Objections
Why not native reports, Shield, or a spreadsheet?
Native tools: useful for pieces, but audit owners still need a cross-object explanation and cleanup queue.
Heavy GRC: may be right later. The test is whether a focused export-based review is valuable before procurement.
Spreadsheets: they collect evidence, but they do not explain permission paths or prioritize risky grants by themselves.
Early waitlist offer
Send one redacted export set. Get one access-review pack.
- • The exact export/screenshot checklist for the manual test.
- • A risky-grant map and missing-evidence checklist.
- • A cleanup sprint board you can hand to business owners.
- • Validation call: would this save enough audit/admin time to pay for?