You’ve likely heard us talk about the importance of the principle of least privilege (PLP) by now, but if you’re still not familiar, let me break it down for you. The PoLP is a cornerstone of modern cybersecurity. Essentially, the principle states that users should have the minimum access needed to do their jobs, and no additional privileges. Following this principle correctly helps reduce the likelihood of a security breach due to overprivileged accounts, minimizing the risk of things like mistaken (or intentional) data leaks or tampering, or manual errors that could disrupt business.
Here are three ways you can streamline user security and fortify your Salesforce org with the PoLP.
What’s great about the PoLP is that it can also be applied to any platform, including Salesforce! As admins, you can apply the PoLP to your Salesforce org in several ways. The most common use case is to configure permission sets to grant minimal access to users; we know how easy it is to unintentionally over-grant permissions or inherit users that are over-privileged.
If you’re curious about the current state of your users, you can conduct a privilege audit by reviewing all existing accounts and permissions to ensure there are no over-privileged accounts. Moving forward, you’ll also always want to assign Salesforce’s least privilege profile (the Minimum Access user profile) to users, and layer on permissions using permission sets and permission set groups according to the access required. You can find more details about how to do this in the Protecting Data with the Principle of Least Privilege blog post, and try using permission set groups to make the process more scalable.
Another use case where you can apply the PoLP is by adding visibility rules to dynamic pages. Since the concept of the PoLP dictates minimum access—which, in addition to the ability to make changes to fields and objects, also includes visibility—it can be applied to which types of users can see a field. For example, you can have a field or set of fields hidden until a person with a certain profile or permission visits the page by setting visibility filters on Field and Field Section components. You can also show a field only when another field is set to a specified value. By making certain things accessible only to specific users with specific permissions, you’re actually following the PoLP!
Another very important application of the PoLP is quickly deactivating users who have left your organization or changed roles. Once a user no longer requires access to certain data, or to Salesforce as a whole, you should remove their access as soon as possible. We’ve all heard about (or experienced) issues with salespeople downloading customer and prospect data after leaving the company—you can help prevent that by following the PoLP!
Remember, the data stored in your Salesforce org is precious and you should protect it in everything you do. It’s always recommended to think critically and limit access within the platform whenever possible, which in turn will help increase the security of your Salesforce instance.
Agentforce is transforming the way businesses manage customer interactions by automating conversations across channels like chat, email, and phone. With AI-powered agents capable of resolving issues, answering questions, and executing actions on behalf of customers, organizations can significantly boost productivity by streamlining tasks that once required considerable time and resources, such as customer support and […]
As I’m sitting here in Boston, Massachusetts writing this Spring ’25 release blog, it’s about 30 degrees Fahrenheit outside. I wear ski pants out while walking Mochi, and we had snow on the ground. I am most definitely wishing it was spring right now, where I can look forward to warmer weather and the idea […]
In today’s digital landscape, ensuring the security of customer data is one of the top priorities for Salesforce Admins. With the increasing frequency of security breaches, the need for robust protection of sensitive information is more critical than ever. Exposing services to the public internet inherently opens up vulnerabilities that can lead to unauthorized access, […]
