Paste Profile or PermissionSet metadata XML (multiple supported), or upload .profile-meta.xml / .permissionset-meta.xml files. Instantly surface over-privileged access, admin cloning, stale permsets, FLS exposure, and license waste — all in your browser.
sf project retrieve start -m Profile,PermissionSet then paste. Multiple files supported — concatenate them.Paste one or multiple .profile-meta.xml / .permissionset-meta.xml files — the auditor detects file boundaries automatically.
Retrieve from SFDX: sf project retrieve start -m Profile,PermissionSet
Running all risk checks. Usually takes under a second.
Copy a plain-text executive summary to paste into Slack, Jira, or your next sprint review. Or download a formatted PDF to share with stakeholders and auditors.
This auditor catches what's visible in exported metadata. A live org connection cross-references permission sets against actual user assignments, last-login dates, and license types — so you get a true exposure picture, not just a flag list.
No spam. Get notified when live org permission analysis ships. Cancel anytime.
🔗 Permissions control what users can do — sharing rules control what records they can see.
→ Audit your Sharing Rules at /sharingFurther Reading
→ Salesforce Admin Debt: 7 Signs Your Org Needs an Audit