sf-permissions

sf-permissions Use this skill when the user needs permission analysis and access auditing: Permission Set / Permission Set Group hierarchy views, “who has access to X?” investigations, user-permission analysis, or permission-set metadata review. When This Skill Owns the Task Use sf-permissions when the work involves: permission set / permission set group analysis user access investigation finding which permission grants object / field / Apex / flow / tab / custom-permission access auditing or exporting permission configuration reviewing permission metadata impacts Delegate elsewhere when the user is: creating new metadata definitions → sf-metadata deploying permission sets → sf-deploy analyzing Apex-managed sharing logic → sf-apex Required Context to Gather First Ask for or infer: target org alias whether the question is about an object, field, Apex class, flow, tab, custom permission, or specific user whether the goal is hierarchy visualization, access detection, export, or metadata generation whether the output should be terminal-focused or documentation-friendly Recommended Workflow 1. Classify the request Request shape Default capability “who has access to X?” permission detector “what does this user have?” user analyzer “show me the hierarchy” hierarchy viewer “export this permset” exporter “generate metadata from analysis” generator or handoff 2. Connect to the correct org Verify sf auth before running permission analysis. 3. Use the narrowest useful query Prefer focused analysis over broad org-wide scans unless the user explicitly wants a full audit. 4. Render findings clearly Use: ASCII tree or table output for terminal work Mermaid only when documentation benefit is clear concise summaries of which permission source grants access 5. Hand off creation or deployment work Use: sf-metadata for richer metadata generation sf-deploy for deployment High-Signal Rules distinguish direct Permission Set grants from grants via Permission Set Groups be explicit about whether access is object-level, field-level, class-level, flow-level, or custom-permission-based use Tooling API where required for setup entities and advanced visibility questions for agent access questions, verify exact agent-name matching in permission metadata Output Format When finishing, report in this order: What was analyzed Org / subject scope Which permissions grant access Whether access is direct or inherited Recommended follow-up Suggested shape: Permission analysis: <hierarchy / detect / user / export> Scope: <org, user, permission target> Findings: <permsets / groups / access level> Source: Next step: <export, generate metadata, or deploy changes> Cross-Skill Integration Need Delegate to Reason generate or modify permission metadata sf-metadata metadata authoring deploy permission changes sf-deploy rollout identify Apex classes needing grants sf-apex implementation context bulk user assignment analysis sf-data larger data operations Reference Map Start here references/permission-model.md references/soql-reference.md references/workflow-examples.md Specialized analysis references/agent-access-guide.md references/usage-examples.md Score Guide Score Meaning 90+ strong permission analysis with clear access sourcing 75–89 useful audit with minor gaps 60–74 partial visibility only < 60 insufficient evidence; expand analysis Weekly Installs198Repositoryjaganpro/sf-skillsGitHub Stars191First SeenJan 24, 2026Security AuditsGen Agent Trust HubPassSocketPassSnykPassInstalled oncodex194opencode194gemini-cli193github-copilot190cursor190amp188