Salesforce Orgs can become unmanageably complex over time. The complexity might stem from corporate mergers and acquisitions, poor change and release management practices, failed development projects, or disruptive administrative turnover. This problem tends to be the most severe in the oldest and largest Salesforce Orgs. Complexity can result in slow performance, reduced agility, sluggish adoption, and IT/business misalignment.

Consider an Org where Profiles, Page Layouts, and Custom Objects are being created with the Setup Menu at a linear rate. The number of total user permissions in the Org will increase at an exponential rate. But when you consider the impact of other entangled assets like Custom Fields, Record Types, Custom Tabs, and Apex Classes, the overall complexity of the Org will increase at an even higher rate than in this simple example. Many Salesforce Orgs become more complex every day.


This blog discusses vital reports and new technologies that can help you reduce the technical debt in your Salesforce Org. Deleting unnecessary assets is a great first step in simplifying your Org and reducing complexity. In most cases, these reports can be assembled with information available from the Salesforce Data, Metadata, and Tooling API. Once you understand where the problems are, you will be on the right track to reducing the complexity of your Salesforce Org.

Field Usage

Some of the Custom Fields in your Salesforce account are more important than others. Some are rarely used, others not at all. Some may be forgotten, others are perhaps no longer required. One way to measure usefulness is to look at fields that are empty. Another technique is to look for fields and picklists that contain default values. Fields that do not appear on any Page Layout should also attract suspicion. Lastly, the SOQL API provides powerful grouping and filtering services that can measure how distinct field values are. The more distinct the field values, the more the field is being used, versus fields with more uniform values, which contain lots of duplicate information.

Once this information has been gathered, judgement is required on a field by field basis to determine their usefulness. You may need to drill down and see why a field is more or less distinct. For example, Account Name, Phone, and Website will be almost 100% distinct, but Account Zip Code and State will be more uniform. Often you will discover that more uniform fields are mainly populated by empty or default values. That might point to a field that needs to be deleted, or perhaps that should be a required field. If most of the fields are no longer needed, then the entire object can go.

Picklist Usage

The only thing more complex than fields are picklists. First off, picklists are multiplexed by Record Types, and further complicated by controlling versus dependent picklists. Picklists will have a defined list of values, but they will likely have many other values that have been entered by hand over the years. What values should be on the defined list? What other values need to be remapped to one of the defined values? Which picklist items should be eliminated from the list entirely? Once again, looking at distinct versus uniform values will give you lots of information about how your Org is using picklists and which ones require cleanup.

The Tooling API can be used to determine when a Custom Field or Picklist was created and last modified. You can also retrieve the Salesforce username of the administrator that made these changes. This information should be factored into any decisions about the importance of the field. Perhaps field usage is low because the field was recently created. Fields and Picklists that were created long ago and have not been modified should be looked at carefully and perhaps slated for deletion.

Forgotten Assets

There are over 200 asset types currently handled by the Metadata API. These metadata assets describe all the customizations in your Org. But this information can also be used to discover forgotten, hidden, and inactive assets. In some cases, an asset will not be enabled by any of the Profiles or Permission Sets in the Org. In other cases, there will be no metadata references to the asset. Many metadata assets have an “active” or “visible” flag that can be checked. The Data API can also be used to find assets that have no assigned users. Here is a list of common problems that can be discovered:

  • Groups not referenced by Custom Objects or Assignment Rules
  • Roles, Profiles, and Permission Sets with no assigned users
  • Custom Objects and Fields not referenced by other metadata assets
  • Record Types, Custom Tabs, and Custom Applications that are not visible
  • Web Links not referenced by Page Layouts or Home Page Components
  • Inactive Rules: Workflow, Approval, Assignment, Moderation, Escalation…

Stale Reports and Dashboards

Stale assets are properly connected to your Salesforce account, but they have not been used in a long time. Email Templates have a Times Used and Last Used Date field available from the Data API. Likewise, Reports have a Last Run Date. The Refresh Date for Dashboards can be calculated from the connected Reports. You will likely find Reports and Email Templates that have never been used, but be careful, because sometimes these objects are simply new, so be sure to also check the Created and Last Modified Dates.

Profiles and Permission Sets

Every user has a Profile that defines what they can see and do. Profile permissions include Application and Tab Visibility, Apex Class and Page Access, Object and Field Permissions, User and Custom Permissions, and Layout Assignments. An administrator can also assign any number of Permission Sets to a user. Permission Sets are similar to Profiles. They are used to grant additional permissions for special situations. Profiles and Permission Sets are the key junction object that manage complexity at the heart of your Salesforce account.

The first thing to look at is which Profiles and Permission Sets are assigned to the most users. Perhaps some Profiles and Permission Sets can be consolidated. Another interesting report that can be generated with the Metadata API shows the extent to which various child types are used by each Profile or Permission Set. For example, which Profiles enable the most Apex Classes, or User Permissions? Which Profiles show the most Custom Tabs and Applications? This information will help identify duplicate and underutilized Profiles and Permission Sets that can be removed, refactored, and consolidated.

Permission Set Groups

A great new feature called Permission Set Groups will be included in the Spring 48 Version of Salesforce. Permission Set Groups allow any number of Permission Sets to be grouped together and assigned to a User. This new feature will allow enterprise customers to move away from monolithic Profiles and increase the adoption of Permission Sets, which are more agile and atomic. Permission Set Groups can be used to reduce Org complexity and increase compliance and security.

Consider the illustration below. Bob has been assigned the Marketing Profile. This profile only includes the basic permissions needed for any Marketing User. Other more specific permissions have been removed. Bob is a member of the Advertising Team, and so he has been assigned the Permission Set Group for Advertising. And by the way, Bob runs analytics for the Marketing department, so he has been assigned the Permission Set for Einstein Analytics to cover this special case.

What is really important about this diagram is that an Admin or Security Officer can look at the structure and see by inspection that Bob’s permissions are correct. The names and descriptions of the Profiles, Permission Set Groups, and Permission Sets are human readable. These names should flow from the corporate priorities for User roles and their top-down security design. The end result should be a permission architecture that emphasizes clarity, context, and meaning.

Unlocked Packages

Unlocked Packages are a great new technology for reducing Org complexity. Unlocked Packages can be used by developer teams that are building new applications, and they can be used to convert legacy applications as well. There are many advantages to adopting Unlocked Packages. Bugs and problems are isolated to the package instead of being spread across the entire Org. When a project needs to be upgraded or replaced, the package makes entangled assets easier to identify. Packages are the foundation for agile development, enabling smaller groups of developers to focus on more isolated sections of code. Packages can be individually tested in a Scratch Org or developer account. Moving to Unlocked Packages can help lower cost, increase flexibility, reduce complexity, and improve time to production.

Change and Release Management

So far, this blog has focused on techniques to identify assets that need to be cleaned up or optimized. After that, the best practices moving forward are:

    • Identify problematic assets that need to be cleaned up or optimized
    • Test what happens when these customizations are deleted in a Sandbox
    • Communicate to other users what customizations are being removed
    • Restrict access to the assets with user Profiles or by disabling the assets
    • Monitor the impact of the changes before actually deleting the assets
    • Decommission the assets with change and release management software

The adoption of an effective change and release management practice will ensure that your Salesforce Org remains healthy. In fact, Org cleanup and optimization should become a regular priority in the release cycle. This will ensure that your Salesforce Org grows with new capabilities and robust user adoption but not with crippling complexity.

Reducing Technical Debt

Companies can use the Salesforce Data, Metadata, and Tooling API to generate powerful reports that help you understand and visualize the complexity of your Salesforce Org. Most Salesforce accounts get more complex every day. Cleanup and optimization should become a regular part of your change and release management practice. Our Snapshot product can create many of the reports described above and provides additional tools for Change and Release Management. Let us know if we can help you reduce the technical debt in your Salesforce account.

Bill Appleton

CTO Metazoa

Toll Free: 1-833-638-2962