Definition
Profiles is a Setup page that lists all user profiles in the org and allows administrators to create, clone, edit, and manage them. Each profile defines a user's baseline permissions including object access, field visibility, app access, login hours, login IP ranges, and system permissions.
Real-World Example
The admin at Forge Dynamics opens the Profiles page and clones the "Standard User" profile to create a "Field Technician" profile. She removes access to the Opportunity and Campaign objects (not needed by technicians), restricts login hours to 6am-8pm, adds access to the Field Service app, and assigns the profile to all 30 field technician users.
Why Profiles Matters
The Profiles page in Salesforce Setup is the central hub where administrators view, create, clone, and manage user profiles. Each profile defines a user's baseline permission set — including which objects they can access, which fields they can see, which apps appear in their launcher, when they can log in, and from which IP addresses. Profiles are foundational to Salesforce security because every user must be assigned exactly one profile, making it the first layer of access control. Without properly configured profiles, organizations risk exposing sensitive data to unauthorized users or restricting legitimate users from doing their jobs.
As an org grows, profile management becomes one of the most impactful — and challenging — administrative responsibilities. Organizations with dozens of profiles often face 'profile sprawl' where small variations create maintenance nightmares during feature releases. Modern best practice recommends using minimum-access profiles combined with Permission Sets and Permission Set Groups to build modular, scalable access models. Orgs that rely solely on profiles for granular permissions end up with hundreds of profiles that are difficult to audit, slow to update, and prone to over-provisioning access.
How Organizations Use Profiles
- Forge Dynamics — The admin clones the 'Standard User' profile to create a 'Field Technician' profile, removing access to Opportunity and Campaign objects, restricting login hours to 6am-8pm, adding Field Service app access, and assigning it to all 30 field technicians — ensuring they see only what they need.
- Silvermark Insurance — Silvermark's security audit revealed that 14 of their 22 profiles had 'Modify All Data' enabled. The admin restructured their approach using a single minimum-access base profile paired with Permission Sets for each functional role, reducing their profile count from 22 to 4 while tightening data access.
- Redwood Analytics — Redwood uses profiles to enforce IP-range restrictions so that contractors can only log in from the company VPN. Combined with login hour restrictions on the contractor profile, this ensures that temporary workers can only access Salesforce during business hours and from approved network locations.