Compare Salesforce Profiles, Permission Sets, & Users

Side-by-side comparison of profiles, permission sets, and user access — Field Permissions, System Permissions, Apex Access, and more.

Secure OAuth
Deep Comparison
No Data Stored

How it works

  1. 1

    Connect to Salesforce

    Log in with OAuth 2.0 (PKCE) — Production or Sandbox. Your password is never shared, and the session token stays in your browser.

  2. 2

    Select what to compare

    Pick up to 20 profiles, permission sets, or users from your org.

  3. 3

    Compare side by side

    See field, object, system, and Apex permissions in a single grid with every difference highlighted.

What you can compare

  • Object permissions (Create, Read, Edit, Delete, View All, Modify All)
  • Field-level security (read / edit)
  • System & user permissions
  • Apex class & Visualforce page access
  • Tab visibility & assigned apps
  • Record type visibilities & layout assignments
  • Permission set groups & license assignments
  • Login IP ranges & login hours

Frequently asked questions

What is Compare SF Permissions?

A free web tool for Salesforce administrators to compare Profiles, Permission Sets, and Users side by side — including field, object, system, and Apex permissions — without installing a managed package.

Is it safe to connect my Salesforce org?

Yes. You authenticate directly with Salesforce using OAuth 2.0 with PKCE. We never see or store your password, and the access token stays only in your browser session — it is cleared when you close the tab or log out.

Do you store my Salesforce data?

No. Org metadata is fetched on demand during your session and rendered in your browser. Nothing about your org is stored, cached, or shared with third parties.

Is it free?

Yes — completely free for the Salesforce community. No managed package, no paywall, and no account to create.

What can I compare?

Object and field-level permissions, system and user permissions, Apex class and Visualforce access, tab and app visibility, record type visibilities, permission set groups and licenses, login IP ranges, login hours, and more.

Does it work with sandboxes?

Yes. Toggle Production or Sandbox on the login screen before you connect.

Do I need to install anything in my org?

No. The tool connects via OAuth and reads metadata through the Salesforce APIs — there is nothing to install or deploy.

What access does it need?

Read-only metadata access (the api, refresh_token, and openid scopes). The tool only reads permission metadata; it never modifies your org.