Org Health

Org Health is the regular checkup your org never gets. It runs a battery of automated checks and rolls the results into a risk dashboard, so cleanup opportunities and emerging risks surface before they turn into incidents.

The risk dashboard

Instead of a wall of raw findings, Org Health presents a dashboard organized by risk, so you can triage. Each item links to where you would fix it, turning "your org has issues" into a concrete worklist.

Permission debt

Permissions accumulate; they rarely get cleaned up. Org Health surfaces that permission debt specifically:

• Stale permission sets — permission sets with no active assignees, or assigned to deactivated users. Dead weight that widens your audit surface for no benefit.
• Role and permission mismatches — users whose access no longer matches their role, a common side effect of reorganizations and lateral moves.

Permission debt is the technical debt of your security model. Like code debt, it compounds quietly until an audit (or a breach) forces a reckoning.

Security posture scoring

Org Health includes a posture score that summarizes how exposed the org is — a quick signal you can track over time. A score that drifts downward after a project is a prompt to look at what changed. (For the deep security view — god-mode users, toxic combinations, blast radius — see Security Insights.)

How to use it

Run a health scan against your org.

Review the risk dashboard, highest risk first.

Clear permission debt — remove stale permission sets, reconcile role mismatches.

Re-run periodically (after big projects, before audits) and watch the trend.

Org Health is meant to be run regularly, not once. The value is in the trend line: an org that gets a checkup every quarter stays clean; one that never does accumulates debt until it is painful to unwind.

Related reading

• Security Insights — deep permission risk analysis.
• Permission Chain — trace a specific permission to its source.