Salesforce sharing & visibility troubleshooting
Support tickets like "why can't this user see this record?" need more than generic advice. sf-intelligence traces the visibility cascade - Profiles, Permission Sets, OWD, sharing rules, restriction rules - from metadata retrieved from your org.
Questions admins and support ask
- "Why can't User X see this Contact record?"
- "Who can edit the SSN field on Account?"
- "Who can access the Case object?"
- "What permission sets grant delete on Opportunity?"
- "Does this Profile have View All Data?"
How sf-intelligence answers
The permissions plane models object access, field-level security, and the sharing stack from retrieved Profiles, Permission Sets, Permission Set Groups, and sharing metadata. Tools like who_can_access_object, why_cant, and field_access_audit return structured results with caveats when restriction rules or scoping rules apply.
Every answer carries provenance (offline_snapshot by default) and flags blind spots - for example, when a RestrictionRule was not retrieved and visibility cannot be fully determined.
Not the same as asking a chatbot
A general model knows how Salesforce sharing works in theory. sf-intelligence knows which Profiles and Permission Sets exist in your org, which fields they expose, and whether a restriction rule blocks access. When it cannot determine an outcome, it says unknown rather than guessing visible.
What it cannot do
- No record-level data - it analyzes permission containers, not "does User X own this specific record?" (that needs the opt-in live plane or direct SOQL)
- Static metadata only - manual shares and team membership changes since the last refresh may be stale
- Restriction rules require retrieval - if the rule metadata was not pulled, the answer includes an explicit blind spot
Stop guessing about access.
Read-only, offline, free. Ask permission questions in plain language from any MCP client.