Security Flashcards
What are the four levels of data access and primary controls?
- Organisation: controlled primarily by IP addresses and login hours
- Objects: controlled primarily by profiles
- Records: controlled primarily by roles and role hierarchy
- Fields: controlled by field level security
Where do you set password policies?
Globally:
Setup > Password policies
By profile:
Setup > Profiles > Pick a profile > Password Policies
How do you restrict login access by IP Address for the whole org?
Setup > Network Access
How do you restrict login access by IP Address per profile?
- Setup > Profiles > Pick and edit a profile
- Click New in the Login IP Range related list.
How do you restrict login access by time?
- Setup > Profiles > pick a profile
- Under Login Hours, click Edit.
How are profiles used to manage object permissions?
They are used to restrict access as much as possible.
Conversely, permission sets are used to grant access.
First, turn on the enhanced profile user interface:
- Setup > User Management Settings
- Enable Enhanced Profile User Interface
Then :
- create a profile
- edit its object settings
- assign profile to users
How are permission sets used to manage object permissions?
They are used to grant access, contrary to profiles that are used to restrict access
- create a permission settings
- edit its object settings
- assign users to permission sets
How to create a hierarchy of roles?
- Setup > Roles
- Create roles
- Set accesses (Private/Public)
- Assign users
How do you create a sharing rule?
Create a public group:
- Setup > Public groups
- Add users, roles or roles and subordinates
Create sharing rule:
- Setup > Sharing settings
- Create rule by owner or criteria
- Select level of access (Private / Public)
- Select public group or role or role and subordinates to share records with
Wnat are the four increasingly permissive ways of sharing records?
- Organisation wide defaults
- Role hierarchy
- Sharing rules
- Manual sharing
How to create a two-factor authentication permission set?
Make sure that two-factor authentication is in the High Assurance category:
Setup > Session Settings
Then create the permission set
Setup > Permission set > New > System Permissions > select Two-Factor Authentication for User Interface Logins.
Assign to users
How to set field tracking history?
- Go to the object settings
- Set History Tracking
- Select the relevant field(s)
How do you access the Sharing Settings screen and how does it look like?
Setup > Sharing Settings
It first lists the “Organization-Wide Defaults” values for all objects then has sub sections to create sharing rules for most objects
How do you set up who gets to see which field?
Setup > Field accessibility
How do you enable admins to log in as users?
Setup > Login Access Policies
What do the “Organization-Wide Defaults” do?
They set the baseline of all security controls. They are meant to be the most restrictive settings that will be expanded upon by other security controls.
What does the “Enable External Sharing Model” button do?
It enables sharing of the Salesforce records to external users:
- Authenticated website users
- Chatter external users
- Community users: customers, partners, high volume portal users, guest users, service cloud portal users
What are sharing rules used for?
The default sharing model in Salesforce follows the vertical role hierarchy. The sharing rules introduce the ability to horizontally share the records of public groups, roles or roles and their subordinates to other public groups, roles or roles and their subordinates.
How do you share records manually?
- Setup > Sharing settings > Other settings
- Check “Manual usesr records sharing”
If enabled in the pages layout, you can add a button fpor users to share their records regardless of other sharing rules
What is a quick explanation of the difference between sharing settings and rules, profiles and permission sets?
Sharing settings and rules determine who can see data whilst profiles and permission sets determines wjhat they can do with it.
Personal understanding
What level of data access does the organization give you?
At the highest level, you can secure access to your organization by:
- maintaining a list of authorized users
- setting password policies
- limiting login access to certain hours and certain locations
What happens if permission sets conflict with one another?
The more permissive one gets applied