Data Security Flashcards
____—provide the bluntest way to control data access. You can prevent a user from seeing, creating, editing, or deleting any instance of a particular object type, such as a lead or opportunity, by using ______. You can hide tabs and objects from selected users, so that they don’t even know that type of data exists.
Object-level security—or object permissions
object permissions
____ are collections of settings and permissions that determine what a user can do in the application
Permission sets and profiles
____ are defined by a user’s job function, such as Salesforce admin or sales representative. You can assign one _____ to many users, but you can assign only one _____ per user.
(same word all 3)
profiles
You can use ______ to grant more ____ and access settings to users. Now it’s easier to manage users’ _____ and access because you can assign multiple ______ to a single user.
permission sets
permissions
control whether a user can see, edit, and delete the value for a particular field on an object. You can protect sensitive fields without hiding the entire object.
Field-level security—or field permissions
____ control the visibility of fields in any part of the app, including related lists, list views, reports, and search results.
Field permissions
____ lets you give users access to some object records, but not others.
Record-level security
In a hierarchy, users higher in the hierarchy always have the same access to users below them in the hierarchy. T/F
T
To specify record-level security, set your organization-wide sharing settings, define a hierarchy, and create sharing rules
Organization-wide
Role hierarchy
Sharing rules
Manual sharing
User sharing
Apex managed sharing
Restriction rules
Scoping rules
With ____ rules you can set criteria to help your users see only records that are relevant to them. ____ rules don’t restrict the record access that your users already have. They ____ the records that your users see. Your users can still open and report on all records that they have access to per your sharing settings.
scoping
When a ____ rule is applied to a user, the data that they had read access to via your sharing settings is further scoped to only records matching the record criteria that you set. This behavior is similar to how you can filter results in a list view or report, except that it’s permanent
restriction
If sharing rules and manual sharing don’t provide the required control, you can use ____ ____ ____. ____ allows developers to programmatically share custom objects. When you use ____ on a custom object, only users with the Modify All Data permission can add or change the sharing on the custom object’s record. The sharing access is maintained across record owner changes.
Apex managed sharing
With _____, you can show or hide an internal or external user from another user in your organization. ______ rules are based on membership to a public group, role, or territory, so you must create the appropriate public groups, roles, or territories before creating ______. Each _____ shares members of a source group with members of the target group. Users inherit the same access as users below them in the role hierarchy.
User sharing
Sometimes it’s impossible to define a consistent group of users who need access to a particular set of records. Record owners can use _____ to give read and edit permissions to users who don’t have access any other way. _____ isn’t automated like organization-wide sharing settings, role hierarchies, or sharing rules. But it gives record owners the flexibility to share records with users that must see them.
Manual sharing
With _____ you can make automatic exceptions to organization-wide sharing settings for sets of users. Use _____ to give these users access to records they don’t own or can’t normally see. _____, like role hierarchies, are only used to give more users access to records—they can’t be stricter than your organization-wide default settings.
sharing rules
After you specify organization-wide sharing settings, the first way to give wider access to records is with a ______. Similar to an organization chart, a _______ is the level of data access that a user or group of users needs. The _______ ensures that users higher in the hierarchy can always access the same data as users who are lower, regardless of the organization-wide default settings. Each role in the hierarchy can represent a level of data access that a user or group of users needs rather than matching your organization chart
role hierarchy
The first step in record-level security is to determine the _____ for each object. ______ specify the default level of access that users have to each others’ records.
Organization-wide sharing settings
You use ____ to lock your data to the most restrictive level. Use the other record-level security and sharing tools to selectively give access to other users.
organization-wide sharing settings
For example, users have object-level permissions to read and edit opportunities, and the organization-wide sharing setting is Read-Only. By default, those users can read all opportunity records, but can’t edit any unless they own the record or are granted other permissions.
_____ lets you give the right people the right access to the right resources at the right time.
Salesforce Identity
_____ lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app
Single sign-on (SSO)
And what are those “authorized resources” that your signed-on users have access to?
connected apps
With ______ users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google. You can set up any of these providers with a few clicks. With a little bit of work, you can set up other providers, like PayPal and Amazon.
social sign-on
Social sign-on is especially useful when you want customers to be able to log in to an _____ site without having to create (and remember) a new username and password. Customers can log in to an ______ site using their Facebook or LinkedIn account
same word
Experience Cloud
users have to provide two or more pieces of evidence—or factors—when they log in. One factor is the user’s username and password combination. The requirement for additional factors is satisfied through the use of a verification method that the user has in their possession, such as an authenticator app or a Universal Second Factor (U2F) security key.
multi-factor authentication
authentication helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm.
multi-factor authentication
With the _____, you can customize your Salesforce URL to include your company or brand name. With the ______ feature, you can customize your login page to reflect your company’s design scheme and messaging—your brand.
My Domain Identity feature
____ user account management means that admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.
Centralized
_____ provides greater control over security, helps reduce access-related risk, and makes life easier for end users.
centralized management
Many people with Salesforce accounts also have accounts in other clouds, such as Google Apps, Office365, Concur, or Box. ____ ______ provides a single location where admins can create, update, delete, and manage those user accounts.
Salesforce user provisioning
The ______ presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org
App Launcher
How do admins and businesses benefit from Salesforce Identity?
Convenient one-click access to all apps so users can be more productive
What’s the difference between single sign-on (SSO) and social sign-on?
With Single Sign On (SSO) users can access services without logging in to each one. With social sign on users can access a service using their social account credentials
And if you’re up for a bit of coding, you can create a custom authentication provider plug-in to authenticate users with any provider that uses ____.
OAuth
Identity solutions benefit only employees
My Domain
Identity Connect
User Provisioning
Identity solutions benefit only customers
Communities
Self-Registration
Identity solutions benefit both customers and employees
Connected Apps
App Launcher
Single Sign On
Profiles and permission sets
Two factor Authentication
Auth Providers (Social Sign on)
How do users benefit from Salesforce Identity?
They can use one username and password to access everything they need.
Which of the following is a benefit for customers and partners but not employees
Communities & Self-Registration
What is important to consider when customizing user registration for your org or site?
Launching other business processes to support registration
_____ provides important information for diagnosing potential security issues or dealing with real ones. Someone in your organization should _____ regularly to detect potential abuse
Auditing, audit
All objects include fields to store the name of the user who created the record and who last modified the record. This provides some basic auditing information.
Record Modification Fields
You can review a list of successful and failed login attempts for the past six months
Login History
You can turn on auditing to automatically track changes in the values of individual fields.
Field History Tracking
Although field-level auditing is available for all custom objects, only some standard objects allow it
_____ logs when modifications are made to your organization’s configuration.
Setup Audit Trail
What are the methods for controlling record-level access
Organization-wide
Role hierarchies
Sharing rules
Manual sharing
You can configure access to data at all of the following levels
Organization, Objects & Records
Each user is assigned one ___. Users can be assigned one or more ____ sets.
one profile
permission sets
A user’s ____ determines the objects they can access and the things they can do with any object record (such as create, read, edit, or delete).
profile
_____ sets grant additional permissions and access settings to a user.
Permission
The ____ in a user’s profile determine whether the user can see a particular app, tab, field, or record type.
The permissions in a user’s ____ determine whether the user can create or edit records of a given type, run reports, and customize the app
settings
profile
There are permissions in a profile and then there are other permissions that give extra access. Profiles are the lowest of access while permissions give extra access to certain things T/F
T
____ User can create and edit records
Standard
_____ Access - Salesforce user can view records, but not create or edit them
Minimum
The ______ profile has the widest access to data and the greatest ability to configure and customize Salesforce.
System Administrator
The System Administrator profile also includes two special permissions:
____
_____
View All Data
Modify All Data
