Salesforce Org Management: Technical Debt and Optimization

Many Salesforce Orgs become more complex every day. The complexity might stem from corporate mergers and acquisitions, poor release management practices, failed development projects, or disruptive administrative turnover. Complexity can result in slow performance, reduced agility, reluctant adoption, and failed developer projects. This problem is the most severe in the oldest and largest Salesforce Orgs. Some customers end up starting an entire new Org or abandoning Salesforce altogether because of crippling technical debt. A successful Salesforce implementation is a little like a cruise ship. We want the ship to sail from port to port without incident. We want new passengers to board easily and existing passengers to be happy. But there are multiple systems on the ship that must operate properly, or progress becomes sluggish, onboarding is delayed, and existing passengers are frustrated. In the worst case, the ship can founder and sink, causing the ocean below to churn. Think of Snapshot as a collection of navigational tools and repair manuals that keep the ship running smoothly. Snapshot is a complete Org Management solution purpose built to identify and reduce technical debt in mature Salesforce Orgs. Snapshot provides Salesforce Administrators, Developers, and SI Partners the vital tools needed to manage the entire lifecycle of a Salesforce implementation. There are multiple enterprise systems in a Salesforce Org that can become unhealthy over time. This white paper examines common problems found in large Salesforce Orgs and details how Metazoa Snapshot can address these issues on a case-by-case basis.

Inactive User Cleanup Problem: Mature Salesforce Orgs often have more Inactive Users than Active Users. There are over 50 ways that a User can remain connected to a Salesforce Org after they have been Deactivated. These relic connections are difficult to find and remove. Inactive Users can manage Active Users, receive Emails, remain Team Members, consume Licenses, complicate Permissions, and cripple Dashboards. Solution: Snapshot provides detailed reports on every way that a group of Active or Inactive Users are connected to the Org. For Inactive Users, Snapshot can clean up all their connections to the Org by either deleting junction objects or replacing the Inactive User with an Active User. The cleanup process covers Usernames, Email Addresses, and User IDs in Records. Link: https://www.metazoa.com/blog/inactive-user-cleanup Example: American Tower

Massive Redundant Profiles

Problem: Mature Salesforce Orgs often have hundreds of Profiles and hundreds of millions of individual Field Security Permissions. The Profile Metadata in these Orgs can be many gigabytes in size. Massive Profiles complicate Release Management activities for Administrators. Developers will have difficulty working with Git Repositories, Salesforce DX, and Visual Studio Code. Profiles of this size are impossible to visualize and manage, leading to User security and permission errors. Solution: Snapshot can automatically merge similar Profiles and generate Permission Sets to make up the difference. Snapshot can automatically generate Permission Set Groups to help the customer transition away from Profiles. Lastly, Snapshot has powerful reporting capabilities to visualize and compare large arrays of Profiles and Permission Sets for security, governance, and compliance. Link: https://www.metazoa.com/best-practices-profile-permission-set/ Example: Bio-Rad

Data Migration Challenges Problem: Salesforce Objects are connected in intricate ways and governed by complex constraints. Examples include Master-Detail Relationships, Auto-Number Objects, Polymorphic Relationships, Nameless Junction Objects, and External IDs. Because of this, many common administrative tasks are challenging, including Data Backup and Restore, populating Sandboxes with Test Data, migrating Connected Data between Orgs, Merging Orgs, and Dividing Orgs. Solution: Snapshot has sophisticated Data Migration capabilities. Snapshot can Preserve All Relationships, Generate Prebuilt Templates, Select and Limit Records, Match Multiple Fields, Create Virtual IDs, Scramble Values, Transform Values, Create Retry Datasets, Truncate Field Length, Compare Different Datasets, and Deactivate Triggers, Rules, and Flows. This capability can be used for Backup and Restore, Sandbox Population, Data Migration, and Archive. Link: https://www.metazoa.com/snapshot-best-practices-dataset-migration/ Example: Ciena

Comprehensive Metadata Documentation Problem: Providing comprehensive Org Documentation is a challenge that requires multiple report types for effective visualization. There are over 250 Metadata Types that can be viewed through different channels provided by the Data, Metadata, and Tooling API. Other asset types like Profiles and Permission Sets benefit from matrix display. Effective documentation is required for compliance, backup and recovery, and tracking changes over time. Solution: Snapshot has sophisticated Org Documentation capabilities. Reports include the Data Dictionary, Fields Vs. Page Layouts, Record Types Vs. Picklists, and Controlling Vs. Dependent Picklists. The Org Dictionary can display any of the 250 Metadata Types in a customizable and color-coded report. All reports can be exported as PDF, CSV, HTML, and XLSX. All reports can be branded with corporate identity and scheduled for delivery with Email, Content, and Chatter. Link: https://www.metazoa.com/blog/the-new-org-dictionary-report/ Example: Mitsubishi

Forgotten Metadata Removal Problem: Over time, Metadata Assets can become inactive, hidden, or disconnected. Custom Objects and Fields can become underutilized. Reports, Dashboards, and Email Templates can become stale. These assets clog up the Org and may be an indication of other problems. Why aren't we using this Picklist Value? When was that asset deactivated? Solution: Snapshot provides Field Usage, Picklist Usage, Forgotten Asset, and Last Activity Date reports. In particular, the Forgotten Assets report covers 100 different Metadata Types and implements individual algorithms to evaluate usage. Once problems are identified, you can instantly transition to the deployment interface and decommission any unused assets. Link: https://www.metazoa.com/best-practices-reducing-technical-debt/ Example: Dart Containers

License Expense Management Problem: Salesforce customers have difficulty visualizing their total spend on Org, Feature, Package, and Permission Set Licenses. They need to understand the cost and benefit of each License Type by User. They may be spending money on Licenses that are not being used or Licenses that cannot be used. Solutions: Snapshot generates a detailed report that shows License Cost Vs. Actual Usage for any group of Users by License Type. Additional reports document Users that have the Permission to do something but not the License, as well as Users that have the License to do something but not the Permission. This report can pinpoint wasted license expenditures and other User permission problems. Link: https://www.metazoa.com/blog/license-expense-management-with-snapshot/ Example: Central Bank

User Permission Assignments Problem: Many companies are moving away from Profiles and adopting Permission Sets and Permission Set Groups. But now they are faced with the need to create and maintain potentially millions of junction objects between the Users and their assigned permissions. Using the Salesforce Setup Menu to make all of these assignments is slow and error prone. Solution: Snapshot provides a User Permission Assignment interface that can report on all the connections between Users and Profiles, Permission Sets, and Permission Set Groups. All of the connections can be rapidly edited by selecting checkboxes and clicking the Save Assignments button. Assignments can also be migrated between Orgs. Example: Traeger Grills

Bulk Profile Editing

Problem: Administrators often need to make bulk edits to Profiles and Permission Sets when they are working on a New Org or during the process of Merging Orgs. An additional complication is that editing permissions can require other changes for validation. For example, the Approve Contract User permission requires the Read Contract object permission. Solution: Snapshot provides powerful tools for editing bulk Profiles and Permission Sets. The Repair button will automatically make any changes required for validation. Once changes are made, you can instantly transition to the deployment interface in context. Snapshot can automatically revoke sparse permissions during the deployment process. Link: https://www.metazoa.com/blog/introducing-metazoa-smart-deploy/ Example: Metlife

Combined Security Permissions Problem: The Permissions for a given User depend on their Profile, as well as the assigned Permission Sets, Permission Set Groups, and Permission Set Licenses. There is no good way to see the Combined Security of all these different permissions for an individual User. Some Users may have unintended permissions, and other Permission Set assignments may be unnecessary. Solution: Snapshot generates a Combined Security Report that details the true security for any group of Users by Apex Class, Apex Page, Custom Application, Custom Tab, Custom Object, Custom Field, Flow, Layout, Record Type, Custom Metadata, and User Permission. Each step from Profile through assigned Permission Sets is documented. When permissions change, they are color coded in green. Redundant permissions are shown in red. Example: John Hancock

Internal Security Threats Problem: When an employee leaves the company or is terminated, management needs to know every single activity that they have conducted with respect to the Salesforce Org. In other cases, management may need to monitor the activities of an employee and generate alerts if suspicious activities are discovered. Solution: Snapshot generates a User Activity Timeline that details every activity that a User has conducted with respect to a Salesforce Org. Activities include viewing reports, downloading attachments, bulk data download, logging in to the Org, administrative changes, and many more. This report can be run forensically or proactively with alerts. Link: https://www.metazoa.com/snapshot-use-cases-compliance-and-security-reporting/ Example: Follett

Record Level Security

Problem: Given a set of Salesforce Records, who has access to them? What is the access? Why do they have access? These simple questions can be surprisingly difficult to answer. Record Level Security depends on Organization-wide Defaults, Role Hierarchy, Territory Hierarchy, Sharing Rules, Teams, Manual Sharing, and Programmatic Sharing. Solution: Snapshot provides a Record Level Security report that shows who has access to what and why. This report is useful for compliance and for answering the question why some specific User can see some specific Record. All access methods are reported because in some cases there can be redundant means of access. Example: Union Bank

Avoiding Metadata Conflicts Problem: Teams of developers and Administrators working on an Org can overwrite each other’s Metadata changes inadvertently, or they can create Metadata Assets that require manual merging to reconcile. This problem frustrates Release Management and leads to errors in Production Environments. Solution: The Snapshot Metadata deployment tools can remove bad references in order to clean up Page Layout, Custom Objects, Profiles, and Permission Sets. Our Sprint Management and User Story tools coordinate multiple deployments with Overlap Awareness. Lastly, the Metadata Differences report can scan a section of Metadata and generate alerts when the something changes. This report can help coordinate group activities. Link: https://www.metazoa.com/best-practices-sprints-and-user-stories/ Example: Hach Company

Profile Action Overrides Problem: The Lightning Experience introduced new capabilities to override elements of the Salesforce User Interface with Lightning Pages and Visualforce Pages. These Action Overrides and Profile Action Overrides depend on Custom Applications, Custom Tabs, Custom Objects, Profiles, and Record Types. Administrators do not have any way to visualize all the Action Overrides in a complex Org. Custom Objects require manual editing to deploy Flexipage security between Orgs. Solution: Snapshot provides the Profile Action Override report to visualize the complex pattern of Action Overrides and Profile Action Overrides in any Org. This interface simplifies the ability to deploy Flexipages and Custom Objects between Orgs without manual editing. Example: Axalta

Enabling Gigantic Deployments

Problem: The Metadata API has hard limits on the number of assets that can be retrieved and the size of the payload. There are similar limits on deployment. These limits cause many headaches for large Orgs. Profiles are a special problem, because they must be downloaded with other assets for completeness, and these bundles can be very large in size. Solution: Snapshot has a unique architecture as a 64-Bit desktop application written in C. Because of the long history of development and use, Snapshot is optimized to handle very large transactions and gigantic XML documents. For example, Snapshot retrieves multiple smaller payloads simultaneously to avoid the Metadata limits. Profiles and the other dynamic objects are reassembled on the client. Snapshot is uniquely capable of dealing with very large Orgs and handling demanding tasks like Org Mergers and Org Divisions. Link: https://www.metazoa.com/best-practices-salesforce-change-release-management/ Example: Illumina

Second-Generation Packaging Problem: Mature Salesforce Orgs have thousands of Custom Objects and other related assets that exists in a vast sea of unpackaged Metadata. These assets are connected in many different ways and have complex dependencies. Customers need a rational way to organize these assets into Second-Generation Packages in order to reduce complexity, increase flexibility, lower cost, and simplify deployment. Solution: Snapshot has deep support for Salesforce DX with Push/Pull Source, Scratch Orgs, Dev Hubs, and Second-Generation Packages. The Deployment Tools can seamlessly move assets between packaged and unpackaged namespaces. The Metadata Search palette and the Relationship Matrix report can identify dependencies between related assets that should be packaged together. Link: https://www.metazoa.com/best-practices-breaking-your-org-into-packages/ Example: Propel PLM