@salesforce/plugin-user
★
★
★
★
★
3
reviews
Commands to interact with Users and Permission Sets
95
Security
42
Quality
53
Maintenance
67
Overall
v3.6.49
npm
JavaScript
Feb 8, 2026
by Salesforce
No Known Issues
This package has a good security score with no known vulnerabilities.
542
GitHub Stars
3.7/5
Avg Rating
Community Reviews
RECOMMENDED
Solid Salesforce user management CLI with good security defaults
As part of the official Salesforce CLI ecosystem, this plugin handles user and permission set operations with reasonable security practices. Authentication flows through the standard Salesforce OAuth mechanisms, leveraging the core CLI's session management which uses secure token storage. The commands properly validate required fields and org connections before executing operations, preventing common mistakes that could lead to misconfigurations.
The error handling is generally good - authentication failures and permission issues surface clearly without leaking sensitive session data. Input validation catches malformed usernames and invalid permission set assignments early. Commands like `org:create:user` and `org:assign:permset` follow secure-by-default patterns, requiring explicit confirmation for destructive operations.
Dependency hygiene is acceptable given it's part of the @salesforce ecosystem, though you inherit the full oclif framework stack. The plugin respects standard Salesforce API security boundaries and doesn't attempt to bypass platform controls. TLS is handled at the API client level with modern defaults.
The error handling is generally good - authentication failures and permission issues surface clearly without leaking sensitive session data. Input validation catches malformed usernames and invalid permission set assignments early. Commands like `org:create:user` and `org:assign:permset` follow secure-by-default patterns, requiring explicit confirmation for destructive operations.
Dependency hygiene is acceptable given it's part of the @salesforce ecosystem, though you inherit the full oclif framework stack. The plugin respects standard Salesforce API security boundaries and doesn't attempt to bypass platform controls. TLS is handled at the API client level with modern defaults.
Leverages Salesforce OAuth security model with encrypted token storage from core CLI
Clear input validation errors prevent malformed user/permission operations
Error messages appropriately sanitized - no credential leakage in stack traces
Commands require org authentication confirmation before executing state changes
Heavy dependency tree inherited from oclif framework increases supply chain surface
Limited granular RBAC - relies entirely on Salesforce org-level permissions
Best for: Teams needing secure, CLI-based Salesforce user and permission management within CI/CD pipelines or administrative workflows.
Avoid if: You need fine-grained access control beyond Salesforce's native permission model or want a minimal dependency footprint.
CAUTION
Functional CLI wrapper with limited production observability and control
This is a Salesforce CLI plugin that wraps user and permission set operations. In practice, it works reliably for common tasks like assigning permission sets and creating users in scratch orgs. The commands are straightforward and integrate cleanly with existing SFDX workflows. However, it's essentially a thin wrapper around Salesforce APIs with limited production-grade features.
From an operations perspective, the plugin lacks crucial observability. There's minimal logging control—you get what SFDX gives you, with no hooks for custom instrumentation or detailed error tracking. Timeout behavior is inherited from the underlying JSForce connection with little ability to tune per-operation. Retry logic is basic and not configurable for flaky network conditions or API rate limits.
Resource management is acceptable but opaque. Connection pooling happens at the SFDX layer, so you can't optimize for bulk operations. Performance is adequate for typical dev tasks but not tuned for high-volume automation. The JSON output format helps with parsing, but error messages can be vague when dealing with Salesforce permission issues or validation rules.
From an operations perspective, the plugin lacks crucial observability. There's minimal logging control—you get what SFDX gives you, with no hooks for custom instrumentation or detailed error tracking. Timeout behavior is inherited from the underlying JSForce connection with little ability to tune per-operation. Retry logic is basic and not configurable for flaky network conditions or API rate limits.
Resource management is acceptable but opaque. Connection pooling happens at the SFDX layer, so you can't optimize for bulk operations. Performance is adequate for typical dev tasks but not tuned for high-volume automation. The JSON output format helps with parsing, but error messages can be vague when dealing with Salesforce permission issues or validation rules.
Clean integration with SFDX auth and org management workflows
JSON output format makes parsing and automation straightforward
Stable API surface with infrequent breaking changes between versions
Handles common permission set assignment and user creation reliably
No configurable retry logic or timeout controls for production automation
Limited logging hooks and observability for debugging complex permission issues
No connection pooling optimization for bulk user operations
Best for: Development workflows and CI/CD scripts that need basic user and permission set management in Salesforce orgs.
Avoid if: You need high-volume user provisioning automation with detailed observability, custom retry behavior, or fine-grained resource control.
RECOMMENDED
Solid CLI plugin for Salesforce user management with good SFDX integration
This plugin integrates seamlessly into the Salesforce CLI ecosystem, providing straightforward commands for user and permission set operations. The `sf org create user` and `sf org assign permset` commands work exactly as you'd expect, with sensible defaults that make common tasks quick. The JSON output format is particularly helpful for scripting and CI/CD pipelines.
The learning curve is minimal if you're already familiar with Salesforce CLI patterns. Documentation follows the standard SFDX command structure with `--help` flags that provide clear examples. Error messages are generally actionable, pointing to missing required fields or authentication issues. The plugin handles scratch org user creation particularly well, which is crucial for automated testing workflows.
Debugging can occasionally be tricky when permission set assignments fail silently due to org limits or dependencies. The error messages could be more explicit about permission conflicts. However, the `--json` flag consistently provides enough detail to troubleshoot issues, and GitHub issues get responses from maintainers within days.
The learning curve is minimal if you're already familiar with Salesforce CLI patterns. Documentation follows the standard SFDX command structure with `--help` flags that provide clear examples. Error messages are generally actionable, pointing to missing required fields or authentication issues. The plugin handles scratch org user creation particularly well, which is crucial for automated testing workflows.
Debugging can occasionally be tricky when permission set assignments fail silently due to org limits or dependencies. The error messages could be more explicit about permission conflicts. However, the `--json` flag consistently provides enough detail to troubleshoot issues, and GitHub issues get responses from maintainers within days.
Excellent integration with Salesforce CLI workflows and scratch org automation
Clear command structure with helpful --help documentation and practical examples
JSON output format makes scripting and CI/CD integration straightforward
Responsive maintainers on GitHub with regular updates and bug fixes
Error messages for permission set conflicts could be more descriptive
Limited examples for complex scenarios like bulk user operations
Best for: Development teams automating Salesforce user provisioning and permission management in CI/CD pipelines or scratch org workflows.
Avoid if: You need a GUI-based user management tool or don't use the Salesforce CLI ecosystem.
Write a Review
Sign in to write a review
Sign In
Dependencies
Used By