SF Security Auditor

About

SF Security Auditor is a privacy-first Chrome Extension designed for Salesforce administrators, consultants, architects, security teams, and compliance professionals. It helps you audit Profiles, Permission Sets, object access, system permissions, and compliance-related security settings directly from your browser.

Unlike traditional audit tools that require package installations, external servers, or complex setup processes, SF Security Auditor works using your existing Salesforce session and performs analysis locally within your browser.

Why install SF Security Auditor?

Salesforce security reviews often require manually reviewing profiles, permission sets, object permissions, system permissions, metadata configuration, and compliance-related settings across multiple screens and reports. SF Security Auditor automates this process and presents the information in a clear, organized, and exportable format.

With SF Security Auditor, you can:

• Review Profiles and Permission Sets in a unified workspace
• Analyze critical system permissions and security exposure
• Audit object-level access across your Salesforce org
• Identify high-risk permissions and compliance concerns
• Generate professional audit-ready Excel reports
• Support internal security reviews and compliance assessments
• Save hours of manual analysis and documentation effort

Key Features

Salesforce Org Detection

Automatically detects and connects to your active Salesforce org using your existing browser session.

Supports:
• Production Orgs
• Sandbox Orgs
• Developer Edition Orgs
• Scratch Orgs

No additional login required.
No credentials stored.

Profiles & Permission Sets Inventory

View Profiles and Permission Sets side-by-side in a single inventory.

Analyze:
• Profile names
• Permission Set names
• Assigned user counts
• License information
• Security settings
• Access configurations

Quickly identify heavily assigned profiles and permission sets that may require additional review.

System Permissions Audit

Review critical Salesforce system permissions across Profiles and Permission Sets, including:

• Modify All Data
• View All Data
• API Enabled
• Customize Application
• Manage Users
• Manage Sharing
• View Setup and Configuration
• Export Reports
• View All Users
• Bulk API Hard Delete
• View Encrypted Data

Built-in severity indicators help surface permissions that may require additional governance and review.

Compliance Permissions Review

Evaluate permissions commonly reviewed during security and compliance assessments, including:

• Password Never Expires
• Manage Sharing
• Manage IP Addresses
• Bulk API Hard Delete
• View All Users

Designed to help organizations better understand permission exposure and support compliance initiatives.

Object Access Matrix

Generate detailed object access matrices across Profiles, Permission Sets, and Permission Set Groups.

Review:
• Read Access
• Create Access
• Edit Access
• Delete Access
• View All Records
• Modify All Records

Supports:
• Standard Objects
• Custom Objects
• Managed Package Objects

Permission Set Group Support

Automatically evaluates Permission Set Groups and inherited permissions, helping administrators understand effective access configurations that are often difficult to review manually.

Metadata Surface Analysis

Analyze key Salesforce metadata components, including:

• Apex Classes
• Custom Objects
• Profiles
• Permission Sets
• Metadata Types

Useful for governance reviews and understanding overall org complexity.

Excel Report Export

Generate fully formatted audit workbooks directly from your browser.

Exports include:
• Overview Sheet
• Profiles & Permission Sets Inventory
• System Permissions Matrix
• Object Access Matrix
• Metadata Summary

Reports are formatted for audit reviews, stakeholder reporting, and compliance documentation.

Modern Audit Workspace

Designed with a clean and professional user experience.

Features include:
• Light Mode
• Dark Mode
• Search and Filtering
• Severity-Based Sorting
• Responsive Layout
• Fast Local Processing

Privacy First

Privacy and security are core principles of SF Security Auditor.

This extension is designed to operate locally whenever possible.

We do not:
• Store Salesforce credentials
• Require external accounts
• Upload metadata to third-party servers
• Collect customer data for analytics
• Track Salesforce records

Your audit data remains under your control.

Who Is It For?

SF Security Auditor is built for:
• Salesforce Administrators
• Salesforce Consultants
• Salesforce Architects
• Security Teams
• Compliance Teams
• Internal Auditors
• Managed Service Providers
• Implementation Partners

Common Use Cases

• Salesforce Security Reviews
• Compliance Assessments
• User Access Reviews
• Permission Cleanup Projects
• Profile Rationalization Initiatives
• Permission Set Migration Projects
• Internal Audit Preparation
• Client Security Assessments
• Governance Reviews
• Access Risk Analysis

Why SF Security Auditor?

✓ Works directly with your Salesforce session
✓ No package installation required
✓ No external servers
✓ No credential storage
✓ Privacy-first design
✓ Fast local processing
✓ Professional Excel exports
✓ Designed specifically for Salesforce security audits

Upcoming enhancements may include Security Scoring, Sharing & Visibility Analysis, Guest User Security Audits, Org Comparison Reports, Executive PDF Summaries, Compliance Templates, Advanced Risk Detection, and Historical Audit Snapshots.

Audit Salesforce security with confidence. Understand access, identify risks, and generate audit-ready reports directly from your browser.