Declarative Sharing 1 of 3

Question 1

List declarative settings found to control object and field level security

Answer 1

profiled and permsets to grant CRUD permissions to users

using profiles - defines how users access objects and data, what they can do w/in applications. One profile is assigned to each user in SF

FLS - specified in profiles or permsets allowing view or edit to standard or custom fields

PermSets - collection of settings and permissions that extend users functional access w/out changing their profiles

Access Restrictions - profile can be use to restrict users access to object and fields FLS used to restrict user access to fields

Limitations - permission in standard profiles cannot be edited. A permset can not be used to restrict users access.

Question 2

Declarative Platform Security Features include:

Answer 2

Explicit Sharing:

OWD
Sharing Rules
Manual Sharing
Administrative settings in Roles and Profiles

Implicit Sharing:

between accounts and child records and for various groups of portal users

Data Encryption: Classic and Shield Platform are the 2 declarative options available for data encryption

Question 3

Explicit Sharing includes

Answer 3

OWD
Sharing Rules
Manual Sharing
Administrative settings in Roles and Profiles

Question 4

Implicit Sharing includes

Answer 4

between accounts and child records and for various groups of portal users

Data Encryption: Classic and Shield Platform are the 2 declarative options available for data encryption

Question 5

List all Platform Security Features

Answer 5

OWD
Role Hierarchy
Sharing Rules
Manual Sharing
Profiles
Permission Sets
Implicit Sharing
user & Admin Permissions
Field level security
shield platform encryption
external data source
custom permission

Question 6

An Account Team …

Answer 6

allows a group of users to access and work together on an account record, make it easy to track collaboration on the record

Question 7

An opportunity team …

Answer 7

allows user access to work together on an opp. give user access and makes it easier to track their roles

Question 8

Team setup includes

Answer 8

team roles and access levels

Question 9

What can be used to limit a users access who should not be able to delete the records of a particular object?

Answer 9

Profile

hint: Key work ‘delete’ ie ‘D’ in CRUD

Question 10

What can be used to restrict users access to view and edit specific field?

Answer 10

Field Level Security

Question 11

How does Salesforce provide implicit sharing between accounts and child records?

Answer 11

Access to an accounts child record grants implicit read only access to that account. Access to an account grants access to the child records, but the access level depends on the account’s owners role

Question 12

Which type of team allows a group of sales users to work together on a particular opportunity record?

Answer 12

Opportunity Team

Question 13

Which action allows account team members to view other members access level

Answer 13

team member access

Question 14

What should a solution architect recommend if only one user in an organization requires access to a visualforce page?

Answer 14

permset can be created allowing access to the page and assigned to the user

Question 15

Which declarative options are available to grant explicit record access to users with a specific role who are unable to access records due to OWD setting

Answer 15

Role hierarchy and sharing rules

Question 16

While defining an account team, which access levels will be available for an account if the OWD default sharing setting for the object has been set to “private’?

Answer 16

Read Only and Read/Write

Question 17

In order to allow a group of support reps and support manager to work together on certain cases, what should be created?

Answer 17

case team

Question 18

Which object can be customized to allow users to specify custom information about account team members?

Answer 18

Account team member

Question 19

Explain the difference between a Profile and a permission set?

Answer 19

Profiles can be used to allow or limit access to DATA, permission sets only grant additional access and do not restrict access access to specific users

Question 20

Object and field-level security settings can be implemented in Salesforce through the use of ?

Answer 20

profiles and permission sets

Question 21

Declarative feature used to assign multiple permission sets to a user?

Answer 21

Permission set group

Question 22

Permission set groups provide the these additional features.

Answer 22

1. ) multiple groups can be assigned to a user
2. ) permissions can be disabled or muted via a muting permission set (only 1 allowed per permset group)
3. ) within a user setting page on the object level settings there is Enable and Muted check boxes to set each CRUD setting to muted.
4. ) Updates in a permission set propagate to all permission set groups that include the permission set.

Question 23

What defines how users access objects and data, and what they can do within the application. When you create users, you assign a profile to each one.

Answer 23

Profiles

salesforce article on profiles:
https://help.salesforce.com/articleView?id=admin_userprofiles.htm&type=5

Question 24

collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles.

Answer 24

Permission sets

Salesforce article on permsets:
https://help.salesforce.com/articleView?id=perm_sets_overview.htm&type=5

Question 25

streamlines permissions assignment and management by bundling permission sets together based on user job functions. Users assigned the permission set group receive the combined permissions of all the permission sets in the group

Answer 25

permission set group

Salesforce article on permission set groups:
https://help.salesforce.com/articleView?id=perm_set_groups.htm&type=5

Question 26

How can you remove individual permissions form a group

Answer 26

muting feature

Question 27

Settings let you restrict users’ access to view and edit specific fields.

Answer 27

Field-level security

page layouts can be added to determine which fields a user sees, the most restrictive always applies.

salesforce article on Field level security:
https://help.salesforce.com/articleView?id=admin_fls.htm&type=5

Question 28

Access can be restrict access to …

Answer 28

Detail and edit pages
Related lists
List views
Reports
Connect Offline
Email and mail merge templates
Custom links
The partner portal
The Salesforce Customer Portal
Synchronized data
Imported data

Question 29

Field level security can be applied two ways

Answer 29

multiple fields on a single permisison set or profile

single field on all profiles

Question 30

What approach reduces the number of page layouts for you to maintain.

Answer 30

use field level security to restrict users access to fields then use page layouts to organize detail and edit pages within tabs.

Question 31

Modify All Data and View All data

Answer 31

allows the user to make changes to all data within the SF Organization or view all the data. View all data adheres to the OWD settings.

Question 32

Reference Article:

User profile permission descriptions:
https://help.salesforce.com/articleView?id=000332385&type=1&mode=1

Answer 32

Admin Permissions
Security Admin Permissions
User Management Permissions
Data Permissions
Import and Export Permissions
Report and Dashboard Permissions
Developer Permissions
Chatter and Communities Permissions
User Interface Permissions
Object Permissions

Question 33

This permission allows the user to view the reports tab, run reports and view dashboards based on reports

Answer 33

User permissions section = ‘Run Reports’

Question 34

This permission allow for the creations, updating and deletion of reports.

Answer 34

System permissions in the Enhanced profile user interface
Administrative permission in the standard interface

Create and Customize Reports

Question 35

Use Case:

user should be able to edit a custom field A on a custom object record during their login session on the first day of each month

Answer 35

custom object should FLS should be set as:

• No Access of custom field A
• Temporary edit access to custom field A
• Create a flow to be used by an employees manger to activate the permission set for the employees session on the first day of each month

Question 36

What type of sharing automatically grantes ‘Read Only’ access to parent account associated with the case which is manually shared with a user.

Answer 36

implicit sharing

Case is manually shared which
automatically extends ‘Read Only’ access to its related account.

Question 37

What type of sharing automatically grants ‘Read Only’ access to parent account associated with the case which is manually shared with a user.

Answer 37

implicit sharing

Case is manually shared which
automatically extends ‘Read Only’ access to its related account.

Question 38

Implicit Sharing - Child defined

Answer 38

allows record owners access to view and edit contacts and cases related to account records owned by them.

If a user has access to a parent account, they also have access to the associated child records.

Question 39

Permission assigned on the user record or within a profile which provide access to all the data in the organization

Answer 39

View All Data

Question 40

Sharing type which is lost when the owner of a record changes

Answer 40

Manual Sharing

Question 41

How can user gain access to a record owned by a user higher in the role hierarchy

Answer 41

Criteria-Based Sharing Rule

Question 42

What setting prevents users from selecting a record type upon creation of a record

Answer 42

On Profile set the record type to - Master -

when this record type is assigned, users can’t set a record type while creating a record

As opposed, when any custom record type(s) is selected on the profile the user can selected only those type set on the profile.

Question 43

Page layouts can only be assigned through _____ and are not able to be set through permission sets

Answer 43

page layouts

Question 44

Security on encrypted fields can be accomplished through

Answer 44

Field Level security or

a combination of validation rules and page layout settings can be used to prevent users form editing encrypted fields

Question 45

What permissions bypass field level security on encrypted fields

Answer 45

combination of Modify All Data, Customize Application and Deploy Apex.

Question 46

What security setting will allow the body of attachments that are uploaded

Answer 46

Shield platform encryption

Only users with read access can search and view the body content

Question 47

What security setting will allow the body of attachments that are uploaded

Answer 47

Shield platform encryption

Only users with read access can search and view the body content

https://shieldlearningmap.com/

Question 48

Which setting restrict the times a certain user can log in and login from certain locations

Answer 48

Login Hours and Login IP Ranges set on the profile

Question 49

Which security permission is used to set CRUD access to external objects

Answer 49

Writable External objects setting on profiles

Question 50

Allows the ability to define access checks that can be assigned to users via permission sets and profiles (i.e. provides access to custom processes or apps)

Answer 50

Custom Permissions.

Access to a button on a VF pages
validation rule bypass by using the custom permission name ($Permission.ExampleCustomPermName = False && rest of the validation rule

Question 51

Key Points about File sharing

Answer 51

Sharing Settings
Private / Files home, publish to your private library, Make private, delete posts that includes the file
Privately Shared / specific ppl or group, posted to private group, shared via link, posted to feed on record, published in shared libarary
Company / feed all users can see, to a profile, to a record, to a public group

Actions which can be performed on a file
View/Preview (owner, Collaborator, viewer)
Download  (owner, Collaborator, viewer)
Share  (owner, Collaborator, viewer)
Attach to Post (owner, Collaborator, viewer)
New Version (owner, Collaborator)
Edit Details (owner, Collaborator)
Change Permissions (owner, Collaborator)
Make private  (owner)
restrict access  (owner)
delete  (owner)

Question 52

determine which actions a user can perform on any of the object’s
records to which they have access.

Answer 52

Read, Create, Edit and Delete (CRUD)

Question 53

prevent certain users from seeing sensitive or confidential

information contained in records they can see

Answer 53

Field level security

Question 54

determines which records a user can see for a particular object

Answer 54

Record-level access (i.e. Sharing)

 can be accomplished through
OWD
Role Hierarchy
territory hierarchy
sharing rules
teams
manual sharing
programmatic sharing

Question 55

Record access calculations only when configuration changes occur so that

Answer 55

the calculated results persist to facilitate rapid scanning and minimize the number of database table joins necessary to determine record access at run time.

Question 56

What are the four types of access grants in salesforce

Answer 56

Explicit grants
group membership grants
inherited grants
implicit grants

Question 57

Salesforce uses explicit grants when

Answer 57

user/queue becomes an owner
sharing rule shares record to user/queue
assignment rule shared record to user/queue
territory assignment rule shares to a territory
manual share record to user/personal or public group/ queue/ role or territory
user becomes part of team for account, oppty, or case
programmatic customization shares to user/ personal or public group. queue, role or territory

Question 58

Grant which occur when a user , personal or public group, queue, role or territory is a member of a group that has explicit access to a record.

Answer 58

Group membership grants

example: explicit grants example group access to Acme record, and a user is a member of the example group, user’s membership in the example group grants the user access to the Acme record

Question 59

Grants which occur when a user/ personal or public group, queue, role, or territory inherits access through a role or territory hierarchy, or is a member of a group that inherits access through a group hierarchy

Answer 59

Inherited grants

Question 60

Grants which occur when non-configurable record-sharing behaviors are built in to Salesforce grant access to certain parent and child records

Answer 60

Implicit Grants

Example
Default logic (or built in sharing , users cna view a parent account record if they have access to its child oppty, case or contact record and if a user has access to a parent account record, they also have access to its child oppty, case and contact records

Question 61

What are the three type of tables which store access grants

Answer 61

Object record tables
Object sharing tables
Group Maintenance table

Question 62

Table that store the records of a specific object and indicate which user, group, or queue owns each record

Answer 62

Object record tables

Question 63

Tables that store the data that supports explicit an implicit grants (most object in SF)

Answer 63

Object Sharing tables

Question 64

In what instances do object not have their own sharing table

Answer 64

1. master-detail relationship. master object controls access to the detail object
2. Both OWD settings (internal and external) are public read/write
3. Object is a type that doesn’t support object sharing tables, such as activities or files. They have own access control mechanism

Question 65

Tables that store the data supporting group membership and inherited access grants.

Answer 65

Group maintenance tables

grants are established in advance when you crate or change the group (or role, or territory) membership information

Question 66

Which grant tables determine a users access to data when they are searching, querying, or pulling up report or list views

Answer 66

Object Sharing tables - access grants to individuals and groups

Group Maintenance tables - list of users or groups that belong to each group