The User Connection Cleanup report is a very powerful report that not only lets you document user connections throughout an org, but actually lets you take action and remove those connections from those users.
On the initial Select Connections tab, you will bring in a list of users by clicking the Select Users button in the top left. In the new window you will be able to choose users by name, permission(like permission sets, profiles, licenses, and roles. You can also choose them with filters and SOQL queries. Additionally, you can choose active or inactive users, as well as a user type, like standard users, and partner, customer users, etc. Once you have the list of users you want to report on, click ok, and you will be brought back to the Select Connections tab.
If you want to use this report only to document user connections, select the users in the left panel, and the connections in the right panel. These connections are broken down into categories:
- User Permissions
- User Licenses
- Data Connections
- Metadata Links
- Email Addresses
- Team Members
- Folder Sharing
Once you make all of your selections, you can skip the User Cleanup and Owner Cleanup tabs and go to either the Preview Report tab or Display tab, depending on if you want to view only 1 user or multiple users, respectively.
The report will color code results based on problems we perceive as no problems(active users assigned to a permission set/profile), minor problems(inactive users assigned to a group/queue), or major problems(inactive users assigned package licenses).
Now, besides documenting these user connections, we also allow you to cleanup connections that users might have, or maybe a user leaves and you want to reassign things to someone else, or just remove connections to that user. We allow you to do that as well.
Navigate to the User Cleanup tab if you'd like to remove connections to metadata. For example, you want to remove permission sets, queue membership, emails, etc. Select the user in the left panel and any metadata connections in the middle panel.
If you'd like to replace that user with someone else, click the button above the left column for a replacement user. If you do want to transfer anything to that user, you will need to make sure the Transfer checkbox is checked next to that metadata type.
Once you are ready to make the changes official, you will need to choose if you want to deploy the changes, or if you'd like to run a test deployment first. We always recommend running a test first to ensure there are no errors you may run into. Once you have a clean test, you can officially deploy the changes. The Continue After Error option is only available if you are working in a lower environment as you cannot skip errors in a Production org, as per Salesforce. Then all you need to do is click the orange User Cleanup button in the top right, and it will get to work. You will see the results of the changes in the far right panel.
The second cleanup method has to do with data. Again, in the example that someone leaves, you may want to reassign records that were assigned to that user. We give you the ability to reassign everything to a different user. Navigate to the Owner Cleanup tab.
This interface does need a replacement user as records need an owner. So you'll choose your replacement user by clicking the button in the top left.
Then, in the middle column you will select all of the objects you'd like to reassign. For certain objects, like Case, Opportunity, Task, etc, we break these out to open, closed, or all, so you can decide if you'd like to keep closed cases with the old owner, for historical reporting purposes.
When you've made all of your selections, you have the same choice to test run, or officially deploy the changes in the org. Then all you need to do is click the orange Owner Cleanup button in the top right, and it will get to work. You will see the results of the changes in the far right panel.
Video
The User Connection Cleanup Report in Metazoa Snapshot allows you to monitor and manage how your users are connected to an organization, whether they are active or inactive. This tool is critical for maintaining security and compliance, as well as efficiently managing your Salesforce environment.
User Selection
-
Click on the "Select users" button. This will allow you to choose which users you wish to review or work with.
-
Users of different types, both active and inactive, can be selected. There are multiple ways to choose these users.
-
Once selected, these users can be moved to the list on the right to be worked with.
User Connection List
On the right side of the interface, you'll find a list of the different connections that a user might have with your organization. These include:
- User permissions: These might be permission set groups or permission sets that link the user to your organization.
- Data connections: These could include users who are delegated approvers or who have a package license.
- Group memberships: Users could be part of the role hierarchy.
- Metadata links: These reveal other ways that a user could be connected to the organization, providing them with various powers, regardless of whether they're active or inactive.
- Other assets: Users also have raw email addresses and other metadata assets that could cause problems if a user becomes deactivated.
- Team memberships: Users can be team members on various items, such as open opportunities.
Reporting
The User Connection Cleanup Report allows you to:
- Preview a user's connections to find potential issues.
- Generate a comprehensive display report showing all problematic connections in your organization due to inactive users or examining the connections of an active user.
- Schedule the report to be sent automatically when there's a new snapshot. You can set the system to send the report via email if minor or major problems are detected.
User Editing and Cloning
- Users can be edited or cloned by right-clicking on them. Multiple users can be edited at the same time.
- Editing is beneficial for deactivating users or updating their information.
- Cloning allows you to duplicate a selected user along with their permission sets, groups, licenses, and group and queue memberships.
- Editing multiple users allows you to make them active, inactive, or freeze them, which is helpful for decommissioning multiple users simultaneously.
User and Owner Cleanup
The User Cleanup and Owner Cleanup tabs facilitate comprehensive cleanup operations:
- User Cleanup: Lets you select a group of users and clean up all of their connections to the organization. A replacement user needs to be selected, who will replace the username and the user email in some cases for the users you're cleaning up. Before proceeding with a real run, you can conduct a test run to preview the cleanup operations.
- Owner Cleanup: Allows you to remove users as the owner ID of any objects in your organization. For example, you can change the owner of all open opportunities from one user to another. This tab also provides the option for a test run before proceeding with the actual cleanup operation.
The User Connection Cleanup Report is a comprehensive tool for managing and cleaning up user connections, providing unprecedented control over user connections in Salesforce.
Links
Snapshot Use Cases: Salesforce Org Cleanup and Optimization