// salesforce developer toolkit

SOQL Reference

Curated queries for Salesforce admins & architects. Click any query to expand.

Security & Permissions 2 queries
+
Profiles & Perm Sets With Modify All Data

Finds every profile and standalone permission set in the org that carries the system-wide Modify All Data permission. Profile-owned rows show a Profile Name; custom perm sets leave it blank. One query, both types.

Swap PermissionsModifyAllData for any system permission flag (e.g. PermissionsViewAllData) to check a different privilege.
Every Profile has a shadow PermissionSet record behind it (IsOwnedByProfile = true) — so this single query covers both object types without a union. 
SELECT Id, Name, IsOwnedByProfile, Profile.Name
FROM PermissionSet
WHERE PermissionsModifyAllData = true
Object-Level View / Modify All — Scoped to a User

Shows which profiles and permission sets grant View All or Modify All on a specific object, filtered to only those actually assigned to a given user. Skips PSG component perm sets via the PermissionSetGroupId = null filter.

Replace YOUR_USER_ID with the target user's 15 or 18-char Salesforce ID. Find it via Setup → Users or query the User object.
Replace 'Account' with any SObject API name — e.g. 'Facility__c', 'Opportunity'.
Workbench requires Enable Query All Fields to resolve Parent.Profile.Name. Deep relationship traversals always go last in SELECT to minimize phantom column shifting in CSV exports.
User ID replace 
SELECT
    ParentId,
    PermissionsViewAllRecords,
    PermissionsModifyAllRecords,
    Parent.Name,
    Parent.IsOwnedByProfile,
    Parent.ProfileId,
    Parent.Profile.Name
FROM ObjectPermissions
WHERE SobjectType = 'Account'
AND (PermissionsModifyAllRecords = true
     OR PermissionsViewAllRecords = true)
AND ParentId IN (
    SELECT PermissionSetId
    FROM PermissionSetAssignment
    WHERE AssigneeId = 'YOUR_USER_ID'
    AND PermissionSetGroupId = null
)
ORDER BY Parent.IsOwnedByProfile DESC,
         Parent.Profile.Name
Data Cleanup & Integrity 2 queries
+
Accounts With No Contacts

Finds Accounts without related Contacts, often indicating incomplete or unused data.

SELECT Id, Name
FROM Account
WHERE Id NOT IN (
    SELECT AccountId
    FROM Contact
)
Duplicate-ish Accounts

Surfaces potential duplicates based on matching Account names.

SELECT Name, COUNT(Id)
FROM Account
GROUP BY Name
HAVING COUNT(Id) > 1
User Adoption & Activity 1 query
+
Users Who Haven't Logged In Recently

Helps identify inactive users for security reviews and license optimization.

Adjust LAST_N_DAYS:90 to change the inactivity window. Common values: 30, 60, 180. 
SELECT Id, Name, Username,
       Profile.Name, LastLoginDate
FROM User
WHERE IsActive = true
AND LastLoginDate < LAST_N_DAYS:90
Automation & Logic 2 queries
+
Objects With Triggers (non-managed)

Shows which objects contain Apex triggers, filtered to exclude managed package triggers.

SELECT Id, Name, TableEnumOrId
FROM ApexTrigger
WHERE NamespacePrefix = null
ORDER BY TableEnumOrId, Name
Active Flows by Object (non-managed)

Identifies objects with active record-triggered Flows, excluding managed package flows.

SELECT Id, DurableId, ApiName, Label,
       Description, ProcessType, TriggerType,
       NamespacePrefix, TriggerObjectOrEventLabel
FROM FlowDefinitionView
WHERE NamespacePrefix = null
AND IsActive = true
AND ProcessType = 'AutoLaunchedFlow'
ORDER BY TriggerObjectOrEventLabel
Tech Debt & Metadata Risk 1 query
+
Objects With High Field Counts

Objects with excessive field counts often signal over-customization or complexity risk.

Adjust the 200 threshold to fit your org's baseline. Standard objects often have 100–150 fields before customization. 
SELECT EntityDefinition.QualifiedApiName,
       COUNT(Id)
FROM FieldDefinition
GROUP BY EntityDefinition.QualifiedApiName
HAVING COUNT(Id) > 200