AgentForceAccess
Request early access
AI for Salesforce access

Stop guessing why a user sees a record.

AgentForceAccess traces role hierarchy, sharing rules, manual shares, teams and territories — then explains the answer in plain English. Hours of debugging become a single question.

Request early access See how it works
  • Works with Sales Cloud, Service Cloud, custom objects
  • Read-only — no metadata or data ever modified
  • Audit-ready transcript for every explanation
Salesforce ISV Partner
  • Sales Cloud
  • Service Cloud
  • Experience Cloud
  • Financial Services Cloud
  • Health Cloud
  • Field Service
The problem

“Why can they see this record?” is the worst question in Salesforce admin life.

Sharing in Salesforce is the product of six different mechanisms stacked on top of OWD. Tracing the real reason a user has access takes the average admin 30–90 minutes per case — if they get there at all.

Role hierarchy

Inherited access from a manager three layers up.

Sharing rules

Criteria-based and ownership-based rules across orgs.

Manual shares

One-off grants that no one remembers giving.

Account teams

Implicit shares from related Account membership.

Territories

Enterprise Territory Management on Accounts/Opps.

Apex sharing

Custom share rows written by triggers or code.

Diagram showing six Salesforce share mechanisms converging into a single user-to-record decision

Six independent share mechanisms — one explanation.

How it works

From confused ticket to clear answer in under a minute.

  1. 01

    Connect your org

    OAuth into Salesforce with a read-only Connected App. We never write metadata or records — and we don't copy your data out.

  2. 02

    Ask in plain language

    "Why can Nina edit OPP-1042?" — or paste a record ID and a user. No SOQL, no permissions UI archaeology.

  3. 03

    Get a traceable answer

    The agent walks every share path: OWD → role → groups → manual share → team → territory → Apex. It explains in English and shows the trace.

  4. 04

    Export the audit trail

    Save the transcript as PDF or push it to Jira/ServiceNow. Every claim links to the metadata source it was derived from.

Features

Everything you need to answer access questions with confidence.

Natural-language queries

Ask in English. Or Polish. Or German. The agent translates intent into the exact metadata lookups it needs.

Full share-path tracing

OWD, role hierarchy, public groups, sharing rules, manual shares, account teams, opportunity teams, territories, Apex sharing — all in one trace.

Read-only by design

A least-privilege Connected App. AgentForceAccess can only describe — it can never alter permissions or data.

Audit-ready transcripts

Every explanation is signed, timestamped and exportable. Hand it to your auditor or paste it straight into a ticket.

Bulk review

Drop in a list of users or records. Get a side-by-side comparison of who has access to what — and why.

Drift alerts

Get notified when an unusual share path appears — like a manual share on a sensitive object or an Apex grant from a new trigger.

The dashboard

Beyond one record — see access patterns across the whole org.

Track unusual share grants over time, spot drift between sandbox and production, and surface the records with the most explicit access exceptions — all in one view.

AgentForceAccess dashboard showing access trends, anomalies and a list of records with the most share exceptions
Trust & security

Built read-only. Designed for the auditor in the room.

Read-only Connected App

OAuth into your org with least-privilege scopes. We can describe, never write.

No data egress

Record bodies stay in your VPC peering region. Only minimal metadata leaves to answer your question.

SOC 2 Type II in progress

Target: Q3 2026. Annual penetration testing today; full report available under NDA.

EU & US data residency

Pick the region your org runs in. GDPR DPA available on request.

Built for

Three teams. One painful question. One clean answer.

Salesforce admins

Before

Hours lost on sharing-rule archaeology every week.

After

Triage access tickets in minutes, with an audit trail attached.

Security & compliance

Before

Cannot prove who can see what across a 500k-record org.

After

Run bulk reviews for SOX / GDPR / HIPAA evidence on demand.

Revenue operations

Before

"Why does this AE see another rep's pipeline?" tickets pile up.

After

Self-serve answers — instantly explainable to managers.

Pricing

Pricing we're testing — tell us if we got it wrong.

Early-access pricing. We're collecting feedback before we set the meter — your input here goes straight into the model.

Starter

For solo admins testing the water.

Free forever, up to 100 SF users
  • Natural-language access explain
  • Single user / single record at a time
  • Read-only Connected App
  • 20 questions / month
Start free
Most interest so far

Pro

For working Salesforce teams.

$249 per org / month
  • Unlimited questions
  • Slack & Teams integrations
  • Bulk audit (CSV in, CSV out)
  • Drift & anomaly alerts
  • Audit-ready transcript exports
Request Pro pilot

Enterprise

For RegTech-grade orgs.

Custom multi-org, MSA
  • Everything in Pro
  • SOC 2 report + DPA
  • EU data residency
  • SSO / SCIM
  • Dedicated support engineer
Talk to us

Prices are indicative for the smoke-test phase. No card required during early access — you'll only be billed if we mutually decide the product is worth shipping to you.

FAQ

Common questions.

Is AgentForceAccess an official Salesforce product?

No. AgentForceAccess is an independent product built on top of the public Salesforce APIs. We are not affiliated with, endorsed by, or sponsored by Salesforce, Inc.

What data does the agent see?

Only the metadata and the specific record(s) you ask about. Connection is through a read-only OAuth Connected App. We never bulk-export your data, and we never write back to your org.

Where does the AI run?

On a frontier LLM hosted in a SOC-2 environment. Your record data is sent only when you ask a question, and is never used to train models.

Which sharing mechanisms are supported?

Org-wide defaults, role hierarchy, public groups, criteria-based and ownership-based sharing rules, manual shares, account/opportunity/case teams, Enterprise Territory Management, and Apex managed sharing.

Can I run it against a sandbox first?

Yes — sandbox is the recommended starting point during early access. Production connection is opt-in per org.

How is this different from Salesforce's "Sharing" button on a record?

The native button tells you the user can access the record. AgentForceAccess tells you why — across every share mechanism, in plain language, with a citation to the metadata that grants it.

Get in

Two ways to start — pick the one that matches your week.

Option A — waitlist

Request early access

Join the onboarding queue. We're letting a handful of orgs in each week — priority for teams with 1k+ Salesforce users.

We'll only email you about onboarding. No newsletter, no tracking pixels.

Option B — free deliverable

Free sandbox access audit

Point us at your sandbox and we'll send you a 10-page PDF in 48h: who can see what they shouldn't, which share paths are exotic, and three low-risk cleanups you can ship this sprint.

  • Read-only, sandbox only — never production
  • Findings prioritised, with the SOQL receipts
  • Yours to keep — no obligation, no upsell call

We'll reply with a scoping note and ask for sandbox details once you sign off.