Notifications
Clear all
Topic starter
07/06/2026 8:50 pm
TL;DR: Over 80% of Salesforce access is still managed through profiles, a quarter of users rely only on profiles, and some environments have 30% admin-level access, creating rigidity, overexposure, and audit problems according to Cyera Research Labs. Static access models are failing because Salesforce governance must behave like a living control process, not a one-time configuration.
NHIMG editorial — based on content published by Cyera: Are Your Salesforce Permissions Protecting You, or Exposing You?
By the numbers:
- 80% of access is still managed through profiles, files rather than permission sets.
- One environment had 30% of users with admin-level access.
Questions worth separating out
Q: How should security teams reduce profile sprawl in Salesforce?
A: Start by making profiles the smallest possible baseline and move functional differences into permission sets and permission set groups.
Q: Why do admin-heavy Salesforce environments create governance risk?
A: Admin-heavy environments blur the line between ordinary work and unrestricted access.
Q: What do security teams get wrong about Salesforce permission reviews?
A: They often review access as if profiles were stable job roles, when in reality business needs and integrations change continuously.
Practitioner guidance
- Minimise profile scope Reduce profiles to baseline access only, then move differentiated permissions into permission sets and permission set groups so changes do not ripple across entire user populations.
- Inventory all override permissions List every user with View All Data, Modify All Data, or equivalent super-user access, then require a named business justification and an explicit owner for each entitlement.
- Review admin concentration regularly Track the percentage of users with admin-level access and investigate any environment where elevated access moves far beyond a small trusted control group.
What's in the full article
Cyera's full analysis covers the operational detail this post intentionally leaves for the source:
- Exact breakdown of how profiles, permission sets, and permission set groups were observed across the analysed Salesforce environments
- The permission combinations that most often created excessive access, including the high-impact admin-style settings
- The article's follow-on series topics on record-level access, sharing models, and data exposure
- Examples of how profile-heavy access complicates audit and ongoing maintenance in real deployments
👉 Read Cyera's analysis of Salesforce permission sprawl and admin overexposure →
Salesforce permissions and admin sprawl: what IAM teams need to know?
Explore further
08/06/2026 8:32 am
Salesforce permission sprawl is a governance failure, not just an administration issue. When over 80% of access sits in profiles, the organisation has collapsed fine-grained entitlement design into a coarse legacy model. That makes least privilege hard to sustain, because every change to a profile affects a broad user population. The practical conclusion is that access design has drifted away from role precision and into structural overexposure.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often entitlement inventory remains incomplete even before review begins.
A question worth separating out:
Q: Who should own elevated access decisions in Salesforce?
A: Elevated access should have a named business and technical owner, with clear justification and a review cycle tied to operational need. Without accountable ownership, admin rights become ambient risk instead of controlled exception. That ownership model is what keeps high-impact permissions from turning into permanent privilege.
👉 Read our full editorial: Salesforce permission sprawl is exposing customer data
