For years, Salesforce teams have leaned on profiles to manage user permissions.
It worked when orgs were smaller, less complex, and releases moved at a slower pace. But as enterprises scale, the cracks in that model are showing: over-permissioned users, tangled security settings, and compliance headaches.
The shift is now clear. Salesforce is moving toward a modern delivery model built on DevOps Center, CI/CD pipelines, automated testing, and—crucially—permission sets and User Access Policies (UAPs). Profiles aren’t gone yet, but least-privilege access is fast becoming the standard.
Here’s a straightforward guide to the dos and don’ts executives should keep in mind as they steer their organizations into this new era.
Do: Adopt permission sets as your new baseline
Permission sets let you give users the exact access they need without granting unnecessary privileges. Instead of building one-size-fits-all profiles, you can layer permissions that match specific roles or temporary projects.
This modular approach makes it easier to scale, improves governance, and reduces the risk of accidental overexposure. For leaders, it means stronger compliance and a more flexible workforce.
The technology is only part of the story, though. Mason Frank provides Salesforce talent who specialize in DevOps and security, ensuring permission sets and access policies are implemented in line with enterprise standards.
Don’t: Keep relying on change sets
Change sets were once the go-to for moving configurations between environments, but they lack the transparency and control that enterprises now demand. They make auditing harder, slow down deployments, and increase the risk of errors.
Modern Salesforce delivery relies on source-driven workflows through DevOps Center, where every change is tracked, tested, and auditable. If your teams are still leaning heavily on change sets, you’re not just behind on efficiency—you’re behind on compliance.
Do: Embed automated testing into every release
Automated testing isn’t just a developer concern. It’s a business safeguard. By embedding tests into your CI/CD pipelines, you create a permanent record of compliance evidence while catching issues before they reach production.
This reduces risk and speeds up releases, helping business leaders see faster ROI on their Salesforce investments.
Enterprises that want to build this kind of capability need the right skills. Mason Frank connects you with Salesforce professionals experienced in CI/CD and automated testing, helping you modernize delivery without sacrificing control.
Don’t: Treat environment strategy as an afterthought
With Salesforce Hyperforce, organizations can spin up scalable, compliant environments across regions. But that flexibility only works if you plan strategically. Treating environments as disposable or failing to align them with data residency requirements puts your business at risk.
A smarter environment strategy means mapping your release process to regional compliance obligations and ensuring your org can scale securely as the business grows.
Do: Embrace least-privilege access as a culture shift
Moving away from profiles isn’t just a technical change. It’s a governance transformation. Leaders should see permission-set–based access as a way to build a culture of “least privilege,” where security and compliance are baked into daily operations.
That cultural shift requires buy-in from admins, developers, compliance officers, and executives alike. Done well, it creates a Salesforce environment that is not only more secure but also more agile.
A decisive moment for Salesforce leaders
The end of profile-centric models signals more than just a shift in tools. It reflects a broader trend toward enterprise-grade Salesforce DevOps: faster releases, stronger compliance, and a foundation built to scale.
The businesses that adapt quickly will find themselves ahead of the curve, equipped with governance models that satisfy auditors while giving teams the flexibility to innovate. Those that hesitate risk falling behind, tangled in outdated practices that can’t keep pace with enterprise needs.
