In order to crawl the identities (ACLs) for Salesforce objects, you have to include the queries for the following tables (in the queries file or each individual,
- User
- Profile
- PermissionSet
- Group
For example:
Profile=SELECT Id, Name, PermissionsEmailSingle, PermissionsEmailMass, PermissionsEditTask, PermissionsEditEvent, PermissionsExportReport, PermissionsImportPersonal, PermissionsManageUsers, PermissionsEditPublicTemplates, PermissionsModifyAllData, PermissionsManageCases, PermissionsManageCustomPermissions, PermissionsManageUnlistedGroups, UserLicenseId, UserType, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Description, LastViewedDate, LastReferencedDate, UserLicense.Name, CreatedBy.Name, LastModifiedBy.Name FROM Profile
User=SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, EmailPreferencesAutoBcc, EmailPreferencesAutoBccStayInTouch, EmailPreferencesStayInTouchReminder, SenderEmail, SenderName, Signature, StayInTouchSubject, StayInTouchSignature, StayInTouchNote, Phone, Fax, MobilePhone, Alias, CommunityNickname, IsActive, TimeZoneSidKey, UserRoleId, LocaleSidKey, ReceivesInfoEmails, ReceivesAdminInfoEmails, EmailEncodingKey, ProfileId, UserType, LanguageLocaleKey, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User
Group =SELECT Id, Name, DeveloperName, RelatedId, Type, Email, OwnerId, DoesSendEmailToMembers, DoesIncludeBosses, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Owner.Name, CreatedBy.Name, LastModifiedBy.Name, Related.Name FROM Group
User =SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, UserRoleId, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, LastPasswordChangeDate, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, OfflineTrialExpirationDate, OfflinePdaTrialExpirationDate, UserPermissionsMarketingUser, UserPermissionsOfflineUser, UserPermissionsCallCenterAutoLogin, UserPermissionsMobileUser, UserPermissionsSFContentUser, UserPermissionsKnowledgeUser, UserPermissionsInteractionUser, UserPermissionsSupportUser, UserPermissionsSiteforceContributorUser, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User