Excessive data access permissions

Detects the use of "ViewAllData" and "ViewAllRecords" in profiles.

Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Profiles define how users access objects and data, and what they can do within the application. Granting "ViewAllData" or "ViewAllRecords" permissions at the profile level overrides any other record-level access mechanism and may give users excessive data access privileges.

Rationale

Stay on top of profiles with "ViewAllData" and "ViewAllRecords" permissions to make sure your users' data access configurations are always properly managed.

Configuration

  • Set a list of profile names (comma separated) to be excluded from this check

Did this answer your question?