Stop Assigning Permissions at the Profile Level!

Permissions blog image
March 13, 2025
Salesforce Consulting | Salesforce News | Salesforce Resources | The CRM Firm

Written By:

The CRM Firm

Avoiding the Data Access Trap Door You Didn’t Know Existed

Salesforce Admins, listen up! If you thought you dodged a bullet when Salesforce delayed the End of Life for Permissions on Profiles until Spring ’26—think again. This isn’t the time to celebrate; it’s time to rethink how you manage permissions before you accidentally open a Pandora’s box of data exposure that’s quite painful to close.

At The CRM Firm, we want to make sure you stay ahead of the curve (and avoid unnecessary panic attacks). So, let’s talk about why Permission Sets should be your new best friend and why relying on Profiles for permissions is like balancing a house of cards—one wrong move, and everything comes crashing down.

 

The Sneaky Domino Effect of Profile-Based Permissions

Ever assigned Query All Files to a Profile? If so, congratulations—you also just assigned View All Data whether you meant to or not. That’s right, Salesforce loves a good cascade effect—and not the good kind, like waterfalls or cascading stylesheets. In a non-public sharing model, this is the kind of cascade that opens up data access in ways you never intended.

The horror doesn’t stop there. Imagine you suddenly realize that users in a Profile shouldn’t have View All Data (cue dramatic realization music). Easy fix, right? Just remove the permission!

– WRONG –

Once a Profile is granted View All Data, Salesforce automatically assigns View All Records permissions to every single object in the system. And guess what? Removing View All Data doesn’t clean up the mess. You’ll have to manually remove those rogue permissions one by one. Now multiply that across every affected object, and you’ve got yourself a full-blown data security nightmare.

Potentially more disastrous, Modify All Data behaves the same way AND opens data access to edit and DELETE!!! It’s like giving someone access to your house keys, then realizing they also have keys to every house on the block—and now you have to track down and change every single lock.

 

Permission Sets: The Hero You Didn’t Know You Needed

Now imagine that same mistake happening with a Permission Set instead of a Profile. All it takes to fix the issue? Remove the Permission Set. Boom. Crisis averted. No frantically clicking through objects, no panicked calls to IT, no sleepless nights spent manually undoing permissions.

Still not convinced? Here’s why Permission Sets & Permission Set Groups are the way to go:

    • Granular Control – Assign only what’s needed, nothing more.
    • Easy Cleanup – Mistakes? Fix them in seconds, not hours.
    • Seamless Change Management – Easily deploy permissions across environments.
    • Muting Capabilities – Disable specific permissions within a Permission Set Group without affecting others.

The Bottom Line

If you’re setting up permissions in a new Salesforce org, take it from those who’ve been through the pain: start with Permission Sets. And if you’re still using Profiles for permissions in your existing org, it’s time to make the switch before you find yourself in an irreversible data mess.

Trust us—your future self will thank you. If you need a little help or have questions, contact us HERE.

RELATED POSTS