Sf Permissions

Name: Sf Permissions
Author: jaganpro

jaganpro/sf-skills

Trace Salesforce permission sets, groups, and object access via API-driven analysis without deploying Apex to the org.

Overview

sf-permissions is an agent skill for the Build phase that analyzes Salesforce permission sets, groups, and effective user access via Python API queries.

Install

npx skills add https://github.com/jaganpro/sf-skills --skill sf-permissions

What is this skill?

Permission hierarchy visualization for permission sets and permission set groups
SOQL-style detection patterns for who has access to objects, Apex, VF, and custom permissions
User permission analysis tracing effective access through PSG membership
Python plus simple-salesforce—no Apex deployment required
Cross-org comparison friendly CLI/TUI workflow for terminal-based agents
Four conceptual areas adapted from PSLab: hierarchy, detection queries, user analysis, and setup entity access

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 418 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need to know who has access to a Salesforce object or feature but deploying Apex analyzers or clicking through Setup does not fit your agent workflow.

Who is it for?

Solo developers and consultants auditing Salesforce orgs from the terminal with simple-salesforce credentials.

Skip if: Non-Salesforce stacks or teams that require in-org Apex-only tooling with no API access.

When should I use this skill?

You need Salesforce permission set, PSG, or user effective-access analysis via API from the agent terminal.

What do I get? / Deliverables

You get structured permission hierarchy and who-has-access answers from live org data using API credentials, ready for remediation or documentation.

Permission hierarchy report for PS/PSG relationships
Who-has-access findings for targeted entities
User-level effective permission trace summary

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Auth Basicsfirebase/agent-skills

firebase-auth-basics is a guided agent skill for solo builders implementing Firebase Authentication in web or mobile-bac…75.7k installs·345 stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Journey fit

Primary fit

BuildIntegrations & version control

Permission modeling is a Build integration task when wiring Salesforce-backed SaaS roles and least-privilege access. Integrations subphase is where external CRM identity and authorization surfaces are designed and audited.

How it compares

API-first Python analysis skill, not an in-org PSLab Apex deployment.

Common Questions / FAQ

Who is sf-permissions for?

Indie builders and integrators working on Salesforce-backed products who need permission visibility from the CLI without deploying analysis code into the org.

When should I use sf-permissions?

Use it during Build integrations when designing roles, before ship-security review of CRM access, or when debugging why a user lacks object or custom permission access.

Is sf-permissions safe to install?

Check the Security Audits panel on this page and scope API users to read-only permission metadata where possible; never paste production secrets into untrusted environments.

SKILL.md

READMESKILL.md - Sf Permissions

# Virtual environment
.venv/
venv/
env/

# Python cache
__pycache__/
*.py[cod]
*$py.class
*.so

# Distribution / packaging
dist/
build/
*.egg-info/

# IDE
.idea/
.vscode/
*.swp
*.swo

# OS files
.DS_Store
Thumbs.db

# Test / Coverage
.pytest_cache/
.coverage
htmlcov/

# Temporary files
*.tmp
*.log


# Credits & Attribution

## PSLab - Permission Set Lab

This skill was inspired by **PSLab**, an open-source Salesforce permission analysis tool created by **Oumaima Arbani**.

- **GitHub**: [github.com/OumArbani/PSLab](https://github.com/OumArbani/PSLab)
- **Author**: Oumaima Arbani
- **License**: MIT

### What We Learned from PSLab

PSLab's Apex implementation provided the conceptual foundation for this Python-based skill:

1. **Permission Hierarchy Visualization** - The tree structure approach for showing PS/PSG relationships
2. **Permission Detection Queries** - The SOQL patterns for finding "who has access to X"
3. **User Permission Analysis** - The approach to tracing permissions through PSG membership
4. **Setup Entity Access** - How to query Apex class, VF page, and Custom Permission access

### Why Python Instead of Apex?

While PSLab uses Apex deployed to the user's org, this skill uses Python with `simple-salesforce` for several reasons:

1. **No deployment required** - Works with any org via API
2. **Cross-org analysis** - Can compare permissions across multiple orgs
3. **CLI integration** - Fits the Claude Code terminal workflow
4. **Rich TUI output** - Better terminal visualization with the `rich` library

### License Compliance

This skill is a clean-room reimplementation of PSLab's concepts in Python. No code was directly copied. The SOQL query patterns are based on standard Salesforce APIs and are not copyrightable.

---

## Other Resources

### Salesforce Documentation

- [Permission Sets Developer Guide](https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/perm_sets_overview.htm)
- [Permission Set Groups](https://help.salesforce.com/s/articleView?id=sf.perm_set_groups.htm)
- [SetupEntityAccess Object](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_setupentityaccess.htm)

### Libraries Used

- **[simple-salesforce](https://github.com/simple-salesforce/simple-salesforce)** - Salesforce API client for Python (Apache 2.0)
- **[Rich](https://github.com/Textualize/rich)** - Terminal formatting library (MIT)


MIT License

Copyright (c) 2026 Jag Valaiyapathy

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.


# sf-permissions

Salesforce Permission Set analysis, visualization, and auditing tool.

## Quick Start

```bash
# 1. Create virtual environment
python3 -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# 2. Install dependencies
pip install -r requirements.txt

# 3. Ensure you're authenticated via sf CLI
sf org login web --set-default

# 4. Run commands
python scripts/cli.py hierarchy                              # View org hierarchy

What is this skill?

Permission hierarchy visualization for permission sets and permission set groups

SOQL-style detection patterns for who has access to objects, Apex, VF, and custom permissions

User permission analysis tracing effective access through PSG membership

Python plus simple-salesforce—no Apex deployment required

Cross-org comparison friendly CLI/TUI workflow for terminal-based agents

Four conceptual areas adapted from PSLab: hierarchy, detection queries, user analysis, and setup entity access

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 418 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

SKILL.md

READMESKILL.md - Sf Permissions

# Virtual environment
.venv/
venv/
env/

# Python cache
__pycache__/
*.py[cod]
*$py.class
*.so

# Distribution / packaging
dist/
build/
*.egg-info/

# IDE
.idea/
.vscode/
*.swp
*.swo

# OS files
.DS_Store
Thumbs.db

# Test / Coverage
.pytest_cache/
.coverage
htmlcov/

# Temporary files
*.tmp
*.log


# Credits & Attribution

## PSLab - Permission Set Lab

This skill was inspired by **PSLab**, an open-source Salesforce permission analysis tool created by **Oumaima Arbani**.

- **GitHub**: [github.com/OumArbani/PSLab](https://github.com/OumArbani/PSLab)
- **Author**: Oumaima Arbani
- **License**: MIT

### What We Learned from PSLab

PSLab's Apex implementation provided the conceptual foundation for this Python-based skill:

1. **Permission Hierarchy Visualization** - The tree structure approach for showing PS/PSG relationships
2. **Permission Detection Queries** - The SOQL patterns for finding "who has access to X"
3. **User Permission Analysis** - The approach to tracing permissions through PSG membership
4. **Setup Entity Access** - How to query Apex class, VF page, and Custom Permission access

### Why Python Instead of Apex?

While PSLab uses Apex deployed to the user's org, this skill uses Python with `simple-salesforce` for several reasons:

1. **No deployment required** - Works with any org via API
2. **Cross-org analysis** - Can compare permissions across multiple orgs
3. **CLI integration** - Fits the Claude Code terminal workflow
4. **Rich TUI output** - Better terminal visualization with the `rich` library

### License Compliance

This skill is a clean-room reimplementation of PSLab's concepts in Python. No code was directly copied. The SOQL query patterns are based on standard Salesforce APIs and are not copyrightable.

---

## Other Resources

### Salesforce Documentation

- [Permission Sets Developer Guide](https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/perm_sets_overview.htm)
- [Permission Set Groups](https://help.salesforce.com/s/articleView?id=sf.perm_set_groups.htm)
- [SetupEntityAccess Object](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_setupentityaccess.htm)

### Libraries Used

- **[simple-salesforce](https://github.com/simple-salesforce/simple-salesforce)** - Salesforce API client for Python (Apache 2.0)
- **[Rich](https://github.com/Textualize/rich)** - Terminal formatting library (MIT)


MIT License

Copyright (c) 2026 Jag Valaiyapathy

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.


# sf-permissions

Salesforce Permission Set analysis, visualization, and auditing tool.

## Quick Start

```bash
# 1. Create virtual environment
python3 -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# 2. Install dependencies
pip install -r requirements.txt

# 3. Ensure you're authenticated via sf CLI
sf org login web --set-default

# 4. Run commands
python scripts/cli.py hierarchy                              # View org hierarchy

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is sf-permissions for?

When should I use sf-permissions?

Is sf-permissions safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is sf-permissions for?

When should I use sf-permissions?

Is sf-permissions safe to install?

SKILL.md