AgentForceAccess
Sign in Request early access
AI for Salesforce access

Stop guessing why a user sees a record.

AgentForceAccess traces role hierarchy, sharing rules, manual shares, teams and territories — then explains the answer in plain English. Hours of debugging become a single question.

Request early access See how it works
  • Works with Sales Cloud, Service Cloud, custom objects
  • Read-only — no metadata or data ever modified
  • Audit-ready transcript for every explanation
The problem

“Why can they see this record?” is the worst question in Salesforce admin life.

Sharing in Salesforce is the product of six different mechanisms stacked on top of OWD. Tracing the real reason a user has access takes the average admin 30–90 minutes per case — if they get there at all.

Role hierarchy

Inherited access from a manager three layers up.

Sharing rules

Criteria-based and ownership-based rules across orgs.

Manual shares

One-off grants that no one remembers giving.

Account teams

Implicit shares from related Account membership.

Territories

Enterprise Territory Management on Accounts/Opps.

Apex sharing

Custom share rows written by triggers or code.

Diagram showing six Salesforce share mechanisms converging into a single user-to-record decision

Six independent share mechanisms — one explanation.

How it works

From confused ticket to clear answer in under a minute.

  1. 01

    Connect your org

    OAuth into Salesforce with a read-only Connected App. We never write metadata or records — and we don't copy your data out.

  2. 02

    Ask in plain language

    "Why can Nina edit OPP-1042?" — or paste a record ID and a user. No SOQL, no permissions UI archaeology.

  3. 03

    Get a traceable answer

    The agent walks every share path: OWD → role → groups → manual share → team → territory → Apex. It explains in English and shows the trace.

  4. 04

    Export the audit trail

    Save the transcript as PDF or push it to Jira/ServiceNow. Every claim links to the metadata source it was derived from.

Features

Everything you need to answer access questions with confidence.

Natural-language queries

Ask in English. Or Polish. Or German. The agent translates intent into the exact metadata lookups it needs.

Full share-path tracing

OWD, role hierarchy, public groups, sharing rules, manual shares, account teams, opportunity teams, territories, Apex sharing — all in one trace.

Read-only by design

A least-privilege Connected App. AgentForceAccess can only describe — it can never alter permissions or data.

Audit-ready transcripts

Every explanation is signed, timestamped and exportable. Hand it to your auditor or paste it straight into a ticket.

Bulk review

Drop in a list of users or records. Get a side-by-side comparison of who has access to what — and why.

Drift alerts

Get notified when an unusual share path appears — like a manual share on a sensitive object or an Apex grant from a new trigger.

The dashboard

Beyond one record — see access patterns across the whole org.

Track unusual share grants over time, spot drift between sandbox and production, and surface the records with the most explicit access exceptions — all in one view.

AgentForceAccess dashboard showing access trends, anomalies and a list of records with the most share exceptions
Built for

Three teams. One painful question. One clean answer.

Salesforce admins

Before

Hours lost on sharing-rule archaeology every week.

After

Triage access tickets in minutes, with an audit trail attached.

Security & compliance

Before

Cannot prove who can see what across a 500k-record org.

After

Run bulk reviews for SOX / GDPR / HIPAA evidence on demand.

Revenue operations

Before

"Why does this AE see another rep's pipeline?" tickets pile up.

After

Self-serve answers — instantly explainable to managers.

FAQ

Common questions.

Is AgentForceAccess an official Salesforce product?

No. AgentForceAccess is an independent product built on top of the public Salesforce APIs. We are not affiliated with, endorsed by, or sponsored by Salesforce, Inc.

What data does the agent see?

Only the metadata and the specific record(s) you ask about. Connection is through a read-only OAuth Connected App. We never bulk-export your data, and we never write back to your org.

Where does the AI run?

On a frontier LLM hosted in a SOC-2 environment. Your record data is sent only when you ask a question, and is never used to train models.

Which sharing mechanisms are supported?

Org-wide defaults, role hierarchy, public groups, criteria-based and ownership-based sharing rules, manual shares, account/opportunity/case teams, Enterprise Territory Management, and Apex managed sharing.

Can I run it against a sandbox first?

Yes — sandbox is the recommended starting point during early access. Production connection is opt-in per org.

How is this different from Salesforce's "Sharing" button on a record?

The native button tells you the user can access the record. AgentForceAccess tells you why — across every share mechanism, in plain language, with a citation to the metadata that grants it.

Early access

Ship the answer to your next access ticket in 30 seconds.

Join the early-access list. We're onboarding a handful of orgs per week — priority for teams with 1k+ Salesforce users.

We'll only email you about onboarding. No newsletter, no tracking pixels.