08 July 2013

Troubleshoot Profile and Permission Set Changes with the Setup Audit Trail

For many organizations, auditability is treated in a similar way to keeping tax records around for the past ten years;  you know that you need it, but you're not sure you'll ever use it unless you are audited.  As a result, it's not typically the first tool that admins will use when troubleshooting a user's access.  Many admins I talk to never even realize that this feature exists.  If you haven't seen it before, go to:
Setup | Administer | Security Controls | View Setup Audit Trail  

The setup audit trail is designed to capture many of the common changes that take place under Setup.

The advantages to the setup audit trail include:

  • Easy to determine who made a change to setup and when it was made
  • Easy to troubleshoot a granular change that was made to a profile since we now track both the old and new values of the change
  • Easy to download detail to a spreadsheet in order to filter and sort the data by user, time, or action
  • Easy to track Login-As Delegate User actions when users are logged in as another user

We track the last 20 changes on the screen and for any changes beyond that, you can download a CSV for the past 6 months of changes. I find it helpful to filter by time when troubleshooting a change, since I usually know about when the change took place.  Most recently, I helped with a customer case where I was able to recreate the timeline of events related to how the customer moved profile and tab changes between sandbox and production instances.

An audit is rarely fun, but having an audit trail can be more than just a way to protect yourself, it can be an invaluable tool for you to troubleshoot a user's access as well as changes to your profiles.