Monitor Changes to Permission Sets and Permission Set Groups (Pilot)

To protect your data and prevent unauthorized access, monitor permission changes made in permission sets and permission set groups using Real-Time Event Monitoring. Use PermissionSetEvent to monitor when permissions are added or removed from permission sets and permission set groups, or when user assignments for these features change. You can also create transaction security policies to block the assignment of critical permissions.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions where Event Monitoring is enabled.



This feature is not generally available and is being piloted with certain Customers subject to additional terms and conditions. It is not part of your purchased Services. This feature is subject to change, may be discontinued with no notice at any time in SFDC’s sole discretion, and SFDC may never make this feature generally available. Make your purchase decisions only on the basis of generally available products and features. This feature is made available on an AS IS basis and use of this feature is at your sole risk.

Who: Event Monitoring is available to customers who already purchased Salesforce Shield or Event Monitoring add-on subscriptions.

How: To be nominated for this pilot, contact Salesforce. After the pilot is enabled, from Setup, in the Quick Find box, enter Event Manager, then select Event Manager. For Permission Set Event (Pilot), use the action menu to enable storage and streaming.

The event data from PermissionSetEvent is stored in PermissionSetEventStore. You can use PermissionSetEventStore to create transaction security policies using Condition Builder or Apex that block View All Data, Modify All Data, and Customize Application user permissions assignments.