Permissions & field-level security
Compare profiles and permission sets, and see who can view or edit any field.
The permissions analyzer makes field-level security legible. Compare two grantors side by side, audit everything a single grantor grants, or open any field and see exactly who can view and edit it. Open it from the Permissions page.
Configured access, not records
The analyzer reflects your org's configured field-level security — the permission metadata — not per-user assignments and never record data. Fields with no explicit FLS follow the org's defaults.
Grantor types
A grantor is anything that grants access. SchemaForce works with three:
- Profiles
- Permission sets
- Permission-set groups — a group's effective access is its component permission sets' access minus any muting permission sets, computed live.
What you can do
Pick any two grantors — a profile, a permission set, or a permission-set group — and see a side-by-side diff across three categories:
- Object access — Create, Read, Edit, Delete, View All, Modify All.
- Field access — Read and Edit.
- System permissions.
A Show only differences toggle is on by default, hiding rows where both grantors match so only the deltas remain.
Cross-org comparison is a Business feature
Comparing grantors within one org is not plan-gated. Comparing across two connected orgs is a Business feature. See Plans & billing for the breakdown.
Where the data comes from
The analyzer is built from a full sync of your org's FieldPermissions, ObjectPermissions, PermissionSet, and PermissionSetGroup metadata. Group access is resolved live from a group's component and muting permission sets, so what you see reflects the org's configuration as last synced.