Security Flashcards
To review set up of user & system security
A privilege is…
a low-level permission to do or see something. The lowest level of the security hierarchy.
A security policy is…
a group of privileges. There are two types.
What are the two types of security policy?
- DSP or Data Security Policy
- FSP or Functional Security Policy
What is a DSP?
A DSP or Data Security Policy allows users to make changes to data.
Ex: read, update, delete
What is an FSP?
An FSP or Function Security Policy allow users to perform specific actions in the system.
Ex: approve a service request
A duty role is…
a group of security policies that defines access to an object.
A job role is…
A group of duty roles that describe a user’s job. Most users only have 1.
An abstract role is…
A job role for “not a real job” jobs. Users typically get one or more of these.
What do access groups do?
They grant groups of users access to records that match rules.
What do territories do?
Grant territory members access to records that have the territory assigned to them.
Authentication
A user becomes authenticated by providing a correct username/ password combination
Authorization
The system uses RBAC (Role based access control) to determine which pages a user can access, actions they can perform, and which CRUD (create, read, update, delete) operations they can use.
Visibility
Determines which records the user sees and the user’s level of access to those records
CRUD
Create, Read, Update, Delete
RBAC
Role Based Access Control
Two ways Sales manages visibility
- Territories
- Access Groups
Describe the click path for transferring ownership of records.
Tools >Mass Transfer
Resource Role
A user’s job title. It is not not the same a job role.
Shallow Copy
Copies only the selected role and associates existing inherited roles with it.
Deep Copy
Copies the selected role and all inherited roles to create a new section of the hierarchy
Reference Models are….
The set of seeded security roles, privileges and policies already provided in your pod.
Why do roles that are a part of the reference model need to be copied?
Most roles are read only and only copies can be edited to fit the new business need.
Are custom security roles subject to changes in updates?
Yes. So the out of the box roles are preferable. If a custom role must be created, try a shallow copy vs a deep copy where possible.
What should you use the Sales and Service Access Management tool for?
It is the recommended tool for modifying data security policies.
Which two roles have access to the Sales and Service Access Management tool?
IT security manager & customer relationship management application administrator
What is the Access Explorer?
The access Explorer allows you to select a user and expand access to an object or record.
What are attributes of Access Groups and when should I use them?
They grant create, read and update access to an object and its related objects.
Easy to set up & good performance
Use when ever you can, except when a prebuilt mechanism satisfies the business requirement.
Name two examples of prebuilt mechanisms
Objects that support territory access.
Service requests support queue access