4. Controlling Access to Records

Question 1

What are the levels of Record Access?

Answer 1

No Access
Read-Only - view
Read/Write - view, edit
Full Access - view, edit, transfer ownership, delete, share

Question 2

Profile vs Record Access

Answer 2

Profile & Permission Sets

• Control access to objects (positions)
• Control access to fields (min pay)

Ownership & Sharing
- Controls access to records (Joe)

profile might specify that a user can see a position, but the sharing model determines WHICH positions the user can see

Question 3

What is record ownership?

Answer 3

allows you to specify which users or types of users should be able to access specific records or types of records

owners have Full Access

Question 4

What is a Queue? Give an example of it.

Answer 4

A queue is a collection of users that can take ownership of a record.

example: ubereats where there are a queue of drivers and whoever claims your “order” first is the one that will be responsible for fulfilling it.

Question 5

What are the Organization-Wide Defaults (OWD)?

Answer 5

Security setting defining the baseline access to data records.

• Public read/write
• Public read-only
• Private

Question 6

What are some things to consider for OWD?

Answer 6

Need to consider who should be able to read/edit the data. If everyone is allowed to view X data, then X should be “public-read only”. However, if only HR should be able to see X than it should be “private”.

Question 7

What are Roles and Role Hierarchy?

Answer 7

Roles control the level of visibility to each data. Each User has at most one role.

Role Hierarchy controls data visibility through the sharing model. Sharing rolls up the hierarchy unless disabled in OWD.

Question 8

How does sharing roll up the Role Hierarchy?

Answer 8

Any subordinates will be inherited by their superiors so that each superior has at least the record access of their subordinates.

Question 9

How is data visible in the Role hierarchy?

Answer 9

Role Hierarchy controls data visibility through the sharing model. Sharing rolls up the hierarchy unless disabled in OWD.

Question 10

What are Public Groups?

Answer 10

Public groups are a way of grouping users together for access. Every organization has a default public group that includes all users.

• Can be used to give access to folders, share files and libraries, or provide access to a queue
• Public groups can be any combo of: users, roles, roles & subordinates, public groups

Question 11

What are Sharing rules?

Answer 11

• Exceptions to org-wide defaults
• Access granted via sharing rolls up through the hierarchy
• Irrelevant for public data access models

Question 12

Two types of Sharing Rules

Answer 12

Owner-based - opens access to records owned by certain users

example) need to see opportunities owned by sales managers in a different region.

Criteria-based - open access to records that fall under a certain criteria

example) just share data in which Position is manager

Question 13

What is Manual Sharing?

Answer 13

Allows users to decide record-by-record how they want to share (Read or Read/Write). To enable this the “Sharing” button must be on the Page Layout for the object.

Question 14

Who can implement manual sharing?

Answer 14

It can be implemented by any user with Full Access to the record.

Question 15

What is Team Sharing?

Answer 15

Only for Accounts, Opportunities, and Cases

Question 16

What is Flow Sharing?

Answer 16

Automates sharing declaratively when requirement goes beyond what you can do with a sharing rule

Question 17

What is Apex Sharing?

Answer 17

Automates sharing programmatically when requirement goes beyond what you can do with a sharing rule

Question 18

What are some ways you can access records you don’t own?

Answer 18

Role Hierarchy (vertical access)
Sharing Rules (horizontal access)
Manual & Team Sharing
Automated Sharing (Apex & Flow)