During a working session on 2026-03-19, an AI-powered permission audit was conducted on the Quorra Salesforce org. The analysis produced two documents delivered to Lincoln Durham for review prior to the next client meeting:
Both documents were saved to the shared drive under Projects > Salesforce.
The permission audit pulled all permission-related data from the org via the Salesforce API, including:
The resulting document ran to approximately 11 pages.
Finding: Lincoln Durham, Director of Sales, holds full System Administrator access to the Quorra org.
Risk: A System Administrator can modify metadata, delete any record, change automation, install packages, and alter field mappings org-wide. For a non-technical sales leader, this represents a significant accidental-change risk — a single errant click in Setup could break flows, validation rules, or field mappings across the entire org.
Recommendation: Downgrade Lincoln Durham from the System Administrator profile to a more appropriate profile (e.g., a Core Executive profile) that provides the data access he needs without exposing destructive Setup capabilities.
Note for client communication: Frame these as AI-generated recommendations, not team opinions. Lincoln should feel free to accept, modify, or reject any suggestion. The goal is to start a conversation about access governance, not to prescribe a specific outcome.
During the audit, a test/legacy user (Jessica) was identified as still active in the org. This user should be deactivated.
The permission documents are intended as a conversation starter, not a final implementation plan. The recommended approach for the next client meeting:
This approach avoids manual note-taking errors and allows the AI to handle the bulk of the implementation work directly from the client's stated requirements.