sf-agent-framework/sf-core/tasks/access-model-design.md

AI Agent Orchestration Framework for Salesforce Development - Two-phase architecture with 70% context reduction

# Access Model Design

## Purpose

Design and implement comprehensive access control models for Salesforce
implementations, ensuring security while maintaining usability.

## Instructions

1. **Analyze Access Requirements**
   - Document user personas and their data access needs
   - Identify sensitive data elements requiring protection
   - Map organizational hierarchy and reporting structure
   - Define data visibility requirements by role

2. **Design Access Control Structure**
   - Create role hierarchy aligned with org structure
   - Design profile configurations for each user type
   - Plan permission sets for modular access control
   - Define sharing rules and criteria-based sharing

3. **Implement Security Layers**
   - Configure Organization-Wide Defaults (OWD)
   - Set up role hierarchy with proper inheritance
   - Create profiles with appropriate object/field permissions
   - Design permission sets for flexible access management

4. **Data Security Configuration**
   - Implement field-level security for sensitive data
   - Configure record-level security through sharing
   - Set up manual sharing where needed
   - Design teams for collaborative access

5. **Validation and Testing**
   - Test access model with different user scenarios
   - Verify positive and negative test cases
   - Document security matrix for review
   - Perform security health check

## Input Requirements

- Organization structure and hierarchy
- User roles and responsibilities matrix
- Data classification and sensitivity levels
- Compliance and regulatory requirements
- Business process documentation

## Output Format

- Access Model Design Document
- Security Matrix (Profiles, Permission Sets, Roles)
- Implementation Guide with step-by-step instructions
- Test scenarios and validation checklist
- Security audit report

## Best Practices

- Follow principle of least privilege
- Use permission sets over profile customization
- Leverage permission set groups for complex scenarios
- Document all security decisions and rationale
- Plan for scalability and future growth
- Consider performance impact of sharing rules
- Implement regular security reviews