Skip to main content

Observability Access Monitoring

Access monitoring shows you what permissions every user in your Salesforce org has and where each one comes from in a single, easy to understand location.

Written by Patrick Boyd

What is access monitoring?

Salesforce spreads a user's effective access across several places — their profile, any assigned permission sets, and permission set groups. Working out who can actually do what normally means opening each of those pages in turn and piecing it together yourself.

Access monitoring brings it all into Observability. In one view you can:

  • See every user, profile, permission set and permission set group in the connected org.

  • Drill into any of them to see the exact permissions they grant or hold.

  • Trace where a user's access comes from (their profile vs. a specific permission set or group).

  • Surface overly-permissive users and focus on the highest-risk permissions first.

Enabling access monitoring

Access monitoring is enabled per Observability monitoring job.

Once enabled, Gearset will take a snapshot of your salesforce organisation's access model and will show this in the access monitoring dashboard.

Enable for an existing observability job

  • Open Observability and select the Access tab for your monitoring job.

  • If it isn't enabled yet, you'll see a card explaining what access monitoring does

  • Click 'Enable in settings' to view your settings and enable this feature

Enable for a new observability job

When adding a new observability job, you will be able to choose to enable Access Monitoring in the first tab of the settings screen.

Access Monitoring Dashboard

The Access tab is split into four tables, one per entity type:

  • Users - everyone in the org and a summary of their permissions.

  • Profiles - each profile and the permissions it grants.

  • Permission sets - each permission set and its assigned users.

  • Permission set groups - each group and the permission sets it contains.

Drilling into the details

You can click on each row in this table to open a sidebar showing a breakdown of more detail for that entity.

  • A user shows Permissions (every effective permission, alongside the source that grants it.

  • A profile shows its Permissions and the Users on it.

  • A permission set shows its Permissions, the Users assigned (with the profile each user is on), and the Permission set groups that include it.

  • A permission set group shows its Permissions, Users, and the Permission sets that belong to it.

Clicking on a any row in the sidebar will drill through further, allowing you to easily discover the structure of your org's security model.

Permission set groups and muting permission sets

When you open a permission set group, the Permission sets tab lists every member set, including any muting permission sets.

Muting permission sets remove permissions the group would otherwise grant, so they're shown with their own icon, and their blocked permissions are rendered with a strikethrough to set them apart from granted ones.

The sidebar header links back to the parent group so you can navigate between the two.

Snapshot history

Access monitoring works from periodic snapshots of your org's access model. To see when these were taken:

  • Click View snapshot history next to the access monitoring sub-tabs.

  • The modal lists previous snapshots, shows when the next one is scheduled, and surfaces any errors from a failed run.

  • If you don't want to wait, click Take snapshot now — a progress indicator shows while it runs, and the list refreshes when it finishes.

Related Articles
What access does Gearset need when connecting to a Salesforce org?
Observability quick start guide
Manually configuring error monitoring for your Salesforce org
Monitoring limits FAQs
Getting the most from your Org Intelligence trial
Did this answer your question?