Skill

sf-permissions

Analyzes Salesforce Permission Sets and Groups for hierarchy views, access auditing, user-permission reviews, and 'who has access to X?' queries on objects, fields, and metadata.

security

npx claudepluginhub jaganpro/sf-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Use this skill when the user needs **permission analysis and access auditing**: Permission Set / Permission Set Group hierarchy views, “who has access to X?” investigations, user-permission analysis, or permission-set metadata review.

Supporting Assets

SKILL.md

Similar Skills

salesforce-enterprise-rbac

1.9k

Configures Salesforce Profiles, Permission Sets, Roles, OWD, and Sharing Rules for enterprise RBAC including SSO integration.

3 tools

salesforce-pack

audit-permissions

109

Audits table permissions on Power Pages sites against site code and Dataverse metadata. Generates HTML report with severity-grouped findings (critical, warning, info, pass) and fix suggestions.

4 files10 tools

power-pages

sf-metadata

388

Generates Salesforce metadata XML for custom objects, fields, validation rules, record types, layouts, profiles; queries org schema via sf CLI. For .object-meta.xml and related files.

20 files

jaganpro-sf-skills-7

Stats

Stars388

Forks88

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

sf-permissions

Use this skill when the user needs permission analysis and access auditing: Permission Set / Permission Set Group hierarchy views, “who has access to X?” investigations, user-permission analysis, or permission-set metadata review.

When This Skill Owns the Task

Use sf-permissions when the work involves:

permission set / permission set group analysis
user access investigation
finding which permission grants object / field / Apex / flow / tab / custom-permission access
auditing or exporting permission configuration
reviewing permission metadata impacts

Delegate elsewhere when the user is:

creating new metadata definitions → sf-metadata
deploying permission sets → sf-deploy
analyzing Apex-managed sharing logic → sf-apex

Required Context to Gather First

Ask for or infer:

target org alias
whether the question is about an object, field, Apex class, flow, tab, custom permission, or specific user
whether the goal is hierarchy visualization, access detection, export, or metadata generation
whether the output should be terminal-focused or documentation-friendly

Recommended Workflow

1. Classify the request

Request shape	Default capability
“who has access to X?”	permission detector
“what does this user have?”	user analyzer
“show me the hierarchy”	hierarchy viewer
“export this permset”	exporter
“generate metadata from analysis”	generator or handoff

2. Connect to the correct org

Verify sf auth before running permission analysis.

3. Use the narrowest useful query

Prefer focused analysis over broad org-wide scans unless the user explicitly wants a full audit.

When choosing identifiers, prefer stable metadata names first:

PermissionSet.Name
PermissionSetGroup.DeveloperName
CustomPermission.DeveloperName
object and field API names such as Account or Account.AnnualRevenue
Assignee.Username / email for user-centric checks

Use Salesforce record IDs only when:

the underlying object model requires ParentId or SetupEntityId, or
you are drilling into records returned by a prior read-only query in the same investigation

4. Render findings clearly

Use:

ASCII tree or table output for terminal work
Mermaid only when documentation benefit is clear
concise summaries of which permission source grants access

5. Hand off creation or deployment work

Use:

sf-metadata for richer metadata generation
sf-deploy for deployment

High-Signal Rules

distinguish direct Permission Set grants from grants via Permission Set Groups
prefer Name / DeveloperName / API names over org-specific record IDs for first-pass investigation queries
be explicit about whether access is object-level, field-level, class-level, flow-level, or custom-permission-based
use Tooling API where required for setup entities and advanced visibility questions
for agent access questions, verify exact agent-name matching in permission metadata
when a follow-up child query requires ParentId or SetupEntityId, resolve the ID from a prior result instead of starting with copied IDs

Output Format

When finishing, report in this order:

What was analyzed
Org / subject scope
Which permissions grant access
Whether access is direct or inherited
Recommended follow-up

Suggested shape:

Permission analysis: <hierarchy / detect / user / export>
Scope: <org, user, permission target>
Findings: <permsets / groups / access level>
Source: <direct assignment or via group>
Next step: <export, generate metadata, or deploy changes>

Cross-Skill Integration

Need	Delegate to	Reason
generate or modify permission metadata	sf-metadata	metadata authoring
deploy permission changes	sf-deploy	rollout
identify Apex classes needing grants	sf-apex	implementation context
bulk user assignment analysis	sf-data	larger data operations

Reference Map

Start here

Specialized analysis

Score Guide

Score	Meaning
90+	strong permission analysis with clear access sourcing
75–89	useful audit with minor gaps
60–74	partial visibility only
< 60	insufficient evidence; expand analysis