--- title: Quarra Salesforce Permission Analysis & Recommendations type: article created: '2026-03-19' updated: '2026-03-19' source_docs: - raw/2026-03-19-impromptu-zoom-meeting-131352470.md tags: - salesforce - quorra - permissions - field-level-security - lincoln-durham - security layer: 2 client_source: null industry_context: null transferable: true --- # Quarra Salesforce Permission Analysis & Recommendations ## Overview During a working session on 2026-03-19, an AI-powered permission audit was conducted on the Quorra Salesforce org. The analysis produced two documents delivered to Lincoln Durham for review prior to the next client meeting: 1. **Quorra Stone Salesforce Permissions** — a full summary of the current permission setup, including profiles, permission sets, and validation rules 2. **Quorra Stone QR Permissions Recommendate** — a set of AI-generated recommendations for improving the org's security posture Both documents were saved to the shared drive under `Projects > Salesforce`. --- ## Current State Summary The permission audit pulled all permission-related data from the org via the Salesforce API, including: - Profiles and their assigned users - Permission sets and assignments - Validation rules (included for completeness, as they represent org-wide restrictions) The resulting document ran to approximately 11 pages. --- ## Key Findings & Recommendations ### Lincoln Durham — Admin Profile Risk **Finding:** Lincoln Durham, Director of Sales, holds full **System Administrator** access to the Quorra org. **Risk:** A System Administrator can modify metadata, delete any record, change automation, install packages, and alter field mappings org-wide. For a non-technical sales leader, this represents a significant accidental-change risk — a single errant click in Setup could break flows, validation rules, or field mappings across the entire org. **Recommendation:** Downgrade Lincoln Durham from the System Administrator profile to a more appropriate profile (e.g., a Core Executive profile) that provides the data access he needs without exposing destructive Setup capabilities. > **Note for client communication:** Frame these as AI-generated recommendations, not team opinions. Lincoln should feel free to accept, modify, or reject any suggestion. The goal is to start a conversation about access governance, not to prescribe a specific outcome. --- ## Inactive Users During the audit, a test/legacy user (Jessica) was identified as still active in the org. This user should be deactivated. - **Action item:** Deactivate Jessica's user record in the Quorra Salesforce org. See [[clients/quorra/_index]] for org access details. --- ## Strategy for Next Meeting The permission documents are intended as a **conversation starter**, not a final implementation plan. The recommended approach for the next client meeting: 1. Walk Lincoln Durham through both documents together 2. Ask him to indicate what he wants to keep, change, or add for each user/role 3. Record the meeting with [[tools/fathom]] to capture all decisions 4. Feed the Fathom transcript to [[tools/claude]] to automate implementation of the agreed-upon permission set changes via the Salesforce API This approach avoids manual note-taking errors and allows the AI to handle the bulk of the implementation work directly from the client's stated requirements. --- ## Related - [[clients/quorra/_index]] - [[meetings/2026-03-19-quorra-prep-eydn-kickoff]] - [[knowledge/salesforce/field-level-security-troubleshooting]] - [[knowledge/salesforce/compact-layouts]]