Table: salesforce_permission_set - Query Salesforce Permission Sets using SQL
Salesforce Permission Sets are a flexible and granular means of assigning permissions and access settings within a Salesforce organization. They allow you to extend user's functional access without changing their roles or profiles. Permission Sets can be used to grant additional permissions and access settings to users, on top of what their profile provides.
Table Usage Guide
The salesforce_permission_set table provides insights into Salesforce Permission Sets within a Salesforce organization. As a Salesforce administrator, explore permission set-specific details through this table, including assigned permissions, access settings, and associated metadata. Utilize it to uncover information about permission sets, such as those with specific user access, the permissions associated with each set, and the verification of access settings.
Important Notes
- If the
naming_conventionconfiguration argument is set toapi_native, please see API Native Examples. - This table has one field for each permission with the pattern
permissions_permission_name, e.g.,permissions_edit_task. If true, users assigned to this permission set have the named permission. The number of fields varies depending on the permissions for the organization and license type.
Examples
Basic info
Explore which permissions are custom-made within your Salesforce environment. This can help you better manage user access and understand the creation timeline of these permissions.
select id, name, label, description, is_custom, created_date,from salesforce_permission_setselect id, name, label, description, is_custom, created_datefrom salesforce_permission_setList non-custom permission sets
Explore which permission sets in your Salesforce environment are not custom-made. This helps to understand the default permissions given and aids in maintaining security standards.
select id, name, label, description, is_custom, created_date,from salesforce_permission_setwhere not is_custom;select id, name, label, description, is_custom, created_datefrom salesforce_permission_setwhere not is_custom;List permission sets that contain the "Modify All Data" permission
Explore which permission sets in Salesforce have been granted the capability to modify all data. This is useful to identify potential security risks and ensure only appropriate roles have such extensive permissions.
select id, name, label, description, is_custom, created_date, permissions_modify_all_datafrom salesforce_permission_setwhere permissions_modify_all_data;select id, name, label, description, is_custom, created_date, permissions_modify_all_datafrom salesforce_permission_setwhere permissions_modify_all_data;API Native Examples
If the naming_convention config argument is set to api_native, the table and column names will match Salesforce naming conventions.
Basic info (with API Native naming convention)
Explore the basic details of your permission sets to understand their custom status and creation date. This can help you manage and organize your permission sets effectively.
select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet";select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet";List non-custom permission sets (with API Native naming convention)
Discover the segments that consist of non-custom permission sets. This can be useful in understanding the default sets provided by the platform and to ensure they align with your organization's security guidelines.
select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where not "IsCustom";select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where "IsCustom" = 0;Show permission sets created in last 30 days
Discover the segments that have recently updated their access rights by focusing on those that have made changes within the past month. This is useful for maintaining security and ensuring that permissions are up-to-date.
select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where "CreatedDate" <= now() - interval '30' day;select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where "CreatedDate" <= datetime('now', '-30 day');List permission sets where activation required
Discover the segments that require activation within your permission sets. This can help you identify areas where additional steps may be needed before the permission set can be used, improving your system's security and compliance.
select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where "HasActivationRequired";select "ID", "Name", "Label", "Description", "IsCustom", "CreatedDate"from "PermissionSet"where "HasActivationRequired" = 1;Schema for salesforce_permission_set
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| created_by_id | text | The contact id of the user who created this permission set. | |
| created_date | timestamp with time zone | The Created Date. | |
| description | text | The description of the permission set. | |
| has_activation_required | boolean | Indicates whether the permission set requires an associated active session (true) or not (false). | |
| id | text | The unique id of the permission set. | |
| is_custom | boolean | If true, the permission set is custom (created by an admin); if false, the permission set is standard and related to a specific permission set license. | |
| is_owned_by_profile | boolean | If true, the permission set is owned by a profile. | |
| label | text | The permission set label, which corresponds to Label in the user interface. | |
| last_modified_by_id | text | The Last Modified By ID. | |
| last_modified_date | timestamp with time zone | The Last Modified Date. | |
| license_id | text | The ID of either the related PermissionSetLicense or UserLicense associated with this permission set. | |
| name | text | The permission set unique name in the API. | |
| namespace_prefix | text | The namespace prefix for a permission set that's been installed as part of a managed package. If the permission set isn't packaged or is part of an unmanaged package, this value is empty. | |
| permission_set_group_id | text | If the permission set is owned by a permission set group, this field returns the ID of the permission set group. | |
| profile_id | text | If the permission set is owned by a profile, this field contains the ID of the Profile. | |
| system_modstamp | timestamp with time zone | The date and time when order record was last modified by a user or by an automated process. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- salesforceYou can pass the configuration to the command with the --config argument:
steampipe_export_salesforce --config '<your_config>' salesforce_permission_set