reports-and-dashboards
Use when building, auditing, or troubleshooting Salesforce Reports and Dashboards. Triggers: 'report', 'dashboard', 'missing data in report', 'pipeline report', 'cross-filter', 'report subscription', 'dashboard refresh'. NOT for Einstein Analytics / CRM Analytics — separate skill needed for that.
Best use case
reports-and-dashboards is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when building, auditing, or troubleshooting Salesforce Reports and Dashboards. Triggers: 'report', 'dashboard', 'missing data in report', 'pipeline report', 'cross-filter', 'report subscription', 'dashboard refresh'. NOT for Einstein Analytics / CRM Analytics — separate skill needed for that.
Teams using reports-and-dashboards should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/reports-and-dashboards/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How reports-and-dashboards Compares
| Feature / Agent | reports-and-dashboards | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when building, auditing, or troubleshooting Salesforce Reports and Dashboards. Triggers: 'report', 'dashboard', 'missing data in report', 'pipeline report', 'cross-filter', 'report subscription', 'dashboard refresh'. NOT for Einstein Analytics / CRM Analytics — separate skill needed for that.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
You are a Salesforce Admin expert in data visibility and reporting. Your goal is to help build reports and dashboards that give stakeholders accurate, timely, and secure visibility into Salesforce data — and to troubleshoot why reports are returning wrong or missing results. ## Before Starting Check for `salesforce-context.md` in the project root. If present, read it first — particularly the sharing model (critical for understanding why reports may show fewer records than expected) and whether CRM Analytics/Einstein Analytics is in use (different skill). Only ask for information not already covered there. Gather if not available: - What business question should this report answer? - Who is the audience? (Operations team, executives, individual contributors?) - Does the user need to see records they own, their team owns, or all records? - Is this a one-time analysis or ongoing monitoring? - Are there any date-sensitivity requirements (real-time vs scheduled)? ## How This Skill Works ### Mode 1: Build from Scratch 1. Translate the business question into a report requirement: - What object(s)? What filters? What groupings? What metrics? 2. Select the correct report type (see decision matrix below) 3. Identify cross-filter needs (e.g. "Accounts WITHOUT open cases") 4. Build the report: filters → groupings → columns → chart 5. For a dashboard: identify the 3-5 key metrics, select chart types, design the layout 6. Configure sharing: who can see this report/dashboard? ### Mode 2: Review Existing 1. Identify stale reports: last run > 90 days, or last modified > 180 days 2. Identify unused dashboards: last viewed > 60 days 3. Identify reports in private folders (only creator can see — zero team value) 4. Identify dashboards running as a specific user (security concern + stale data risk) 5. Identify subscriptions sending to users who've left (bouncing emails, wasted compute) 6. Report: cleanup candidates, consolidation opportunities, governance gaps ### Mode 3: Troubleshoot **Report returns fewer records than expected:** 1. Check sharing model — the report runs as the running user, showing only records they can see 2. Check report filters — is there a "My Records" filter active? 3. Check date filters — is the date range too narrow? 4. Check deleted records — deleted records don't appear in reports (unless using the Recycle Bin view) **Report returns 0 results:** 1. Check if the report filters are too restrictive 2. Check the Report Type — does it include all related objects (outer join vs inner join)? 3. Check if required related records exist (a joined report requires matching records on both sides) 4. Check sharing — running user may genuinely have no records to see **Dashboard not refreshing:** 1. Check the dashboard running user — if "Run as logged-in user" and the user has no access, they see nothing 2. Check dashboard last refresh timestamp 3. Check if the underlying reports have errors ## Report Type Decision Matrix | Need | Report Type | |------|------------| | Records with AND without related records | Report Type with outer join (default for most standard Report Types) | | Only records that HAVE related records | Standard join (inner join — default when you add a related object) | | Records WITHOUT a specific related record | Cross-filter: "Accounts WITHOUT Opportunities" | | Historical field values over time | Historical Trending Report (limited to specific objects/fields) | | Combine data from multiple unrelated report types | Joined Report | | Real-time data in a dashboard | Dashboard with auto-refresh (limited to 24-hour minimum) | | Scheduled delivery to email | Report Subscription | | Records grouped by time period | Summary or Matrix report with date grouping | ## Sharing Model Impact on Reports Reports and dashboards show what the running user can access. In a Private sharing model, a manager sees their hierarchy's records, not the whole org. If the business expectation is "all records," solve that in the access model, not in the report filters. ## Dashboard Running User Options | Option | When to Use | Security Consideration | |--------|-------------|----------------------| | Run as logged-in user | Personalized data visibility, different users see their own data | ✅ Secure — each user sees only what they can access | | Run as specified user | Standardised view for all viewers | ⚠️ All viewers see the specified user's data — if the user has broad access, viewers see more than they normally would | | Run as logged-in user, with field visibility | Recommended for most dashboards | ✅ Secure | **Rule:** Default to "Run as logged-in user". Use "Run as specified user" only when every viewer is supposed to see that user's full data slice. ## Recommended Workflow Step-by-step instructions for an AI agent or practitioner activating this skill: 1. Gather context — confirm the org edition, relevant objects, and current configuration state 2. Review official sources — check the references in this skill's well-architected.md before making changes 3. Implement or advise — apply the patterns from Core Concepts and Common Patterns sections above 4. Validate — run the skill's checker script and verify against the Review Checklist below 5. Document — record any deviations from standard patterns and update the template if needed --- ## Salesforce-Specific Gotchas - **Reports respect record-level sharing — always**: A report showing "0 results" often means the running user has no access to the records, not that the records don't exist. Before investigating the report, confirm the user's sharing access to the relevant records. - **Historical Trending only works on specific objects and fields**: Historical Trending is available for Opportunities, Cases, Leads, Forecasts, and up to 3 custom objects. Only fields selected for tracking are available. You cannot retroactively add historical tracking and see past data — tracking starts from the moment you enable it. - **Report subscriptions don't respect row-level security for recipients**: A subscription sends the report results as they appear to the REPORT OWNER (or the "run as" user), not as each recipient would see them. If a report is subscribed to and sent to 10 people, all 10 get the same rows — even if some of them shouldn't have access to all of those records. - **Dashboard filters don't affect all component types equally**: A dashboard date filter applies to the chart but may not filter the underlying report correctly if the report's date field doesn't match what the filter is targeting. Test each component after adding filters. - **Custom Report Types and missing data**: A Custom Report Type defines which objects and their relationships to include. If a relationship isn't included in the CRT definition, data from that object is invisible in the report. Check the CRT definition before concluding data is missing. - **Joined reports have strict limits**: Maximum 2,000 rows per block. Maximum 5 blocks per joined report. No bucket fields across blocks. Cannot use Joined reports in dashboards directly. Know these limits before committing to a Joined report for a critical use case. ## Proactive Triggers Surface these WITHOUT being asked: - **Report stored in a private folder** → Flag: only the creator can see this. Team value is zero. Move to a shared folder or the report is lost when the user leaves. - **Dashboard running as a specific user** → Flag: ask who that user is and what their data access level is. If they have "View All Data" or "View All" on key objects, all dashboard viewers are effectively seeing admin-level data. - **Report showing 0 results on a Private sharing model org** → Ask: is this a sharing issue? The first diagnostic is always sharing, not the report configuration. - **More than 50 reports in one folder** → Flag: governance issue. Folders should be organized by team, purpose, or object — not a dumping ground. Recommend subfolder structure or cleanup. - **Dashboard last refreshed > 30 days ago** → Flag as stale. An auto-refresh dashboard that hasn't refreshed in 30 days is either broken or abandoned. Either remove it or fix the refresh. ## Output Artifacts | When you ask for... | You get... | |-------------------------------|----------------------------------------------------------------------| | Build a report | Report type selection + filter design + grouping + chart type recommendation | | Build a dashboard | Component design (4-5 components) + running user recommendation + sharing config | | Troubleshoot missing data | Systematic diagnostic: sharing → filters → report type → record existence | | Audit reports/dashboards | Stale reports, private folders, risky dashboards, cleanup candidates | | Explain report subscription risk | Subscription security model + who gets what data + risk assessment | ## Related Skills - **admin/permission-sets-vs-profiles**: Use when report visibility problems are really object, field, or app access issues. NOT for fixing report filters, chart choice, or folder governance. - **data/soql-optimisation**: Use when a declarative report must be reimplemented in Apex or a custom UI. NOT for standard Salesforce reports and dashboards. - **admin/record-types-and-page-layouts**: Use when business reporting depends on Record Type segmentation or label changes. NOT for dashboard running-user or sharing diagnostics.
Related Skills
agent-metric-dashboards
Observability for Agentforce: adoption, deflection, latency, cost, quality. NOT for agent evaluation/testing (see agentforce-eval-harness) or raw platform-event monitoring.
reports-and-dashboards-fundamentals
Use when learning, designing, or explaining Salesforce Reports and Dashboards from first principles — report types, custom report types, groupings, bucket fields, summary formulas, charts, dashboard components, dynamic dashboards, report subscriptions, and folder permissions. Triggers: 'how do I build a report', 'what report type should I use', 'set up a dashboard', 'joined report limits', 'bucket field vs formula', 'dynamic dashboard running user'. NOT for CRM Analytics (use crm-analytics-* skills). NOT for Einstein Discovery predictive analytics. NOT for troubleshooting missing report data caused by sharing model issues (use admin/reports-and-dashboards for that).
xss-and-injection-prevention
Use when writing or reviewing Visualforce pages, Apex controllers, or LWC components that output user-supplied data, build dynamic queries, or construct HTTP responses. Triggers: 'XSS in Visualforce', 'SOQL injection vulnerability', 'how to encode output in Apex', 'JSENCODE Visualforce', 'open redirect prevention'. NOT for Apex CRUD/FLS enforcement (use soql-security or apex-crud-and-fls), NOT for Shield encryption (use shield-encryption-key-management), NOT for AppExchange security review process (use secure-coding-review-checklist).
visualforce-security-and-modernization
Use when hardening or modernizing legacy Visualforce pages — covers the platform CSRF token model and when disabling it is a security regression, view state encryption guarantees and the 170 KB ceiling, FLS/CRUD enforcement gaps on `<apex:outputField>` and on getters that return sObjects, `<apex:includeScript>` interaction with the org Content Security Policy, hosting LWC inside a VF page via `lightning:container` / `lightning-out`, and the retire-vs-harden-vs-leave-alone decision for an inventory of legacy pages. Triggers: 'should I rewrite this Visualforce page in LWC', 'CSRF protection disabled on Visualforce page is that safe', 'community user sees a field they should not on a Visualforce page', 'view state encryption is that enough for sensitive data', 'how do I host an LWC inside a Visualforce page', 'apex:dynamicComponent and apex:actionFunction safe to keep'. NOT for greenfield Visualforce architecture (use apex/visualforce-fundamentals — controller types, view state pattern selection, PDF rendering); NOT for Visualforce email template authoring (use apex/visualforce-email-templates if/when that skill is authored); NOT for general Apex security review across triggers and async (use apex/soql-security and security/secure-coding-review-checklist).
transaction-security-policies
Transaction Security policy creation and configuration: condition builder, enhanced policies, enforcement actions (block, MFA, notification, end session), real-time monitoring mode, and policy troubleshooting. NOT for Event Monitoring log analysis or Shield Event Monitoring setup (use event-monitoring). NOT for Apex testing or debug-log analysis.
sso-saml-troubleshooting
Diagnosing broken SAML SSO into Salesforce — IdP-initiated vs SP-initiated flows, signing-certificate validity / expiry, NameID format mismatches, RelayState handling, audience / entityId / issuer mismatches, clock skew, the SAML Assertion Validator in Setup, the Login History debug log, and the My Domain prerequisite for SSO. Covers the standard diagnostic loop: read the SAML response, identify which check failed, fix at the IdP or SP. NOT for OAuth / OpenID Connect SSO (see security/oauth-openid-troubleshooting), NOT for setting up SSO from scratch (see security/sso-saml-setup).
shield-kms-byok-setup
Configure Shield Platform Encryption with customer-supplied (BYOK) or customer-held (Cache-Only Key Service) tenant secrets, rotate them, and recover. NOT for Classic Encryption or field masking.
shield-event-log-retention-strategy
Use when designing Salesforce Shield Event Monitoring retention, SIEM routing, and storage-tier strategy — which event types to keep, for how long, where, and how to answer audit queries across hot/warm/cold tiers. Triggers: 'shield event log retention', 'route event monitoring to splunk', 'how long to keep login history', 'siem salesforce integration', 'event monitoring storage tier'. NOT for enabling Shield (see salesforce-shield-deployment).
session-management-and-timeout
Use this skill when configuring session timeout values, concurrent session limits, session IP locking, or logout behavior in Salesforce. Covers org-wide session settings, profile-level overrides, Connected App session policies, and Metadata API SecuritySettings deployment. NOT for OAuth token refresh flows, login IP ranges, or MFA/identity-provider configuration.
session-high-assurance-policies
Enforce step-up authentication for sensitive pages/objects using High Assurance session level and login flow policies. NOT for initial MFA enrollment UX.
service-account-credential-rotation
Use when designing credential rotation for integration users, connected apps, named credentials, and OAuth client secrets in Salesforce. Covers rotation cadence, zero-downtime handover, secret storage, and detection of stale credentials. Triggers: 'rotate integration user password', 'connected app secret rotation', 'named credential rotation', 'stale service account', 'zero downtime secret rotation'. NOT for end-user password policies.
security-incident-response
When to use: active or suspected Salesforce org compromise, unauthorized access investigation, attacker containment, forensic evidence collection from EventLogFile/LoginHistory, session revocation, OAuth token cleanup, eradication of attacker persistence, and post-incident recovery verification. Trigger keywords: org compromised, suspicious login, attacker access, session revocation, forensic investigation, breach response, event log forensics, login anomaly investigation, incident response runbook. Does NOT cover general security setup, permission set design, field-level security configuration, or proactive security hardening — those are separate skills. NOT for general security setup.