Data Security Flashcards
What is determined by a profile? (select 2)
- Which tabs and apps are visible in the user interface
- What users can do with records of a particular object
What tasks can be performed by a user who is assigned to the standard System Administrator profile? (select 2)
- Create and assign custom profiles to users
- Reset user passwords
Support users at AW Computing can view, create, and edit accounts. However, the management team does not want support users to delete accounts in the organization. How can an administrator meet this requirement?
Create a custom profile that has the Delete permission disabled for the account object and assign the custom profile to support users.
When creating a new user, what information is captured on the user record? (select 2)
- Profile assigned to the user
- Name, email address, and username of the user
What does Salesforce authenticate before allowing a user to log in through the user interface? (select 2)
- Whether the organization has trusted IP addresses
- Whether the user’s profile has login hour restrictions
What feature sets the default level of access users have to records they do not own, in each object?
Organization-wide defaults
At AW Computing, the organization-wide default for cases is set to Private. The management team wants several product specialists to assist with all cases that have been escalated. Only these product specialists need the ability to view and update all escalated cases. How can an administrator meet this requirement?
Create a criteria-based sharing rule for cases that gives read/write access to a public group.
What does field-level security control?
Which fields users can view and edit based on their profile
In AW Computing, product managers do not have access to opportunities. How can a system administrator grant them access to opportunities if the product managers are assisting with a specific deal?
Add the product managers to the opportunity teams for specific opportunities
What is a profile?
A collection of settings and permissions that determine what users can see in the interface, and what they can do
What is a user?
An individual with access to your Salesforce organization who has a license and a user record containing personal, security, locale, and approver information.
Multi-factor Authentication (MFA)
password and authenticator on mobile app
My Domain
Single Sign On
What do Object Permissions do?
Determine the kinds of records users can view, edit, create, or delete not the individual records themselvesControl whether or not I have the button for “delete” “edit” “new” for each of my objects and each of my profiles. Kind of like your drivers license.
Permission Sets
Work with Profiles to grant additional access settings to individuals (to a button or a field) They only grant permission (cannot take away access to something)
Permission Set Groups
Allow you to combine multiple permission sets into a single permission set group for user assignment. Gives you the ability to mute a permission.
Record Ownership
Owners have special priviliges with their own records.Given the appropriate profile permissions, the user owning a record can always:
-View and Edit the record.
-Transfer the record to a different owner.
-Delete the record
Data Access Model
A high-level description of your data access requirements and is a useful starting point when determining the kinds of records different groups of users need access to.
-Public
-Hybrid
-Private
Org Wide Default level
Baseline restriction on records
Role Hierarchy
It rolls up my records to people above me in the org, and lets me see my subordinates records. They inherit the special ownership privileges on all records. It opens up access when its been locked down. Overrides OWD settings! Easiest systematic way to grant access to subordinates.
Sharing Rules
*Setup - Security - Sharing Settings
Used for granting access (override OWD) on an object-by-object basis.
Which Records?: * With users *Meeting certain criteria
Which users?: *Public groups *Roles *Roles & Subordinates
Which access?: *Read only * Read/Write
Public Group
Used to
Account Teams
Enable account teams to allow users to grant additional access to their accounts and related records. Opens up access to the whole quartet!
Opportunity Teams/Case Teams
Limited access to the deal only (opportunity only) Limited access to the Case only!
Manual Sharing
Manual sharing allows users to grant one-off access to their individual records
Field Level Security (2 different ways you can set this up - either through the profile or the field settings)
Lets you restrict what fields your users can view and edit, based on their profile and assigned permission sets.
- on record detail and edit pages
- in related lists
-in search results and reports
-in list views
-APIs
