Security

Question 1

What controls access to applications and objects (including fields and record types)?

Answer 1

Profiles and Permission sets

Question 2

What are the 4 capabilities available on an object via a profile?

Answer 2

Create
Read
Edit
Delete

Question 3

What controls access to specific records?

Answer 3

OWD, sharing rules

Question 4

What level of access can be granted at the record level?

Answer 4

Read or Read/Write

Question 5

Do profile object permissions override the org’s sharing model or role hierarchy?

Answer 5

No, even with full CRED access – an object could not be edited/deleted if OWD is Read Only

Question 6

What two settings are the exception when it comes to profile not being able to override sharing settings?

Answer 6

View All
Modify All
*these will override sharing settings and grant full access

Question 7

What determines access to tabs and apps?

Answer 7

Profiles

Question 8

What does ‘Default On’ mean for a tab?

Answer 8

It will be visible in the selected app

Question 9

What does ‘Default Off’ mean for a tab?

Answer 9

It will be available to choose by user while they are customizing tabs

Question 10

What does ‘Default Hidden’ mean?

Answer 10

Tab will not be visible for the object

Question 11

What are six standard profiles?

Answer 11

Standard User
Read Only
System Administrator
Marketing User
Solution Manager
Contract Manager

Question 12

Can you assign permission sets via a user list view?

Answer 12

Yes

Question 13

What is the purpose of permission sets?

Answer 13

To grant additional access to specific users so that profiles do not need to be altered/created

Question 14

Can the OWD grant more access than object access defined in a user’s profile?

Answer 14

No

Question 15

What two objects does the ‘Public/Read /Write/Transfer’ default apply to?

Answer 15

Leads and Cases

Question 16

What is the purpose of OWD?

Answer 16

• The only mechanism that restricts access

- establishes default access to records NOT owned by the user

Question 17

What does ‘Controlled by Parent’ mean?

Answer 17

Users can perform an action on a contact or order based on access on the parent object.

Question 18

What does ‘Price Book: Use’ mean?

Answer 18

All users can view price books, add price books to opps, and add products in the price books to opps

Question 19

What does ‘Price Book: View Only’ mean?

Answer 19

users can view price books – but only users with ‘Edit’ permission on opps or users that have been manually granted access can add price books to opps.

Question 20

What does ‘Price Book: No Access’ mean?

Answer 20

Users do not have visibility to price books and cannot add them to opps unless it has been manually shared with them

Question 21

What does ‘Activity: Private’ mean?

Answer 21

Only the owner of the activity and users above them in role hierarchy can edit and delete activity. Users that have read access to the record that is related to the activity can view it.

Question 22

What does ‘Activity: Controlled by Parent’ mean?

Answer 22

Activity permissions are determined by the access the user has on the record related to the activity

Question 23

What does ‘Campaign: Public Full Access’ mean?

Answer 23

Users can view, edit, transfer, delete, and report on all Campaign records

Question 24

What does ‘Campaign Member: Controlled by Campaign’

Answer 24

Only users who access to the campaign are able to see the details of the campaign members related to the campaign

Question 25

What does ‘Campaign Member: Controlled by Lead or Contact’ mean?

Answer 25

Only users have access to the lead or contact records of campaign members are able to see the campaign members.

Question 26

What does ‘User: Private’ mean?

Answer 26

All users have read access to their own user record and those below them in the hierarchy

Question 27

What does ‘User: Public Read Only’ mean?

Answer 27

All users can see one another’s user detail pages. They can also see all users in the lookups, list views, ownership changes, user operations, and search.

Question 28

What access setting is applied to custom objects on the detail side of a master-detail relationship with a standard object (and cannot be changed)?

Answer 28

‘Controlled by Parent’

Question 29

Can the role hierarchy provide additional access than what is granted by OWD (when setting is more restrictive than Public Read/Write)

Answer 29

Yes, it would allow a manager above a user to edit a record when OWD is set to Private or Public Read Only

Question 30

Does role hierarchy override object access?

Answer 30

No, even if should be able to edit via the role hierarchy, this could be prohibited by profile

Question 31

What objects can have exact access specified during Role setup/edit? What are the levels? Under what condition are they displayed?

Answer 31

• Contact, Opportunity, and Case
• No Access, View Access, or Edit Access
• These options will NOT appear if OWD is Public Read/Write (because it wouldn’t matter anymore)

Question 32

What do Manager Groups do?

Answer 32

• allows users to share access up or down the management chain
• uses the ‘Manager’ field on the user’s detail page
• user can choose to share records with Manager Groups or Manager Subordinate Groups
• users can also share records with a manager group manually, sharing rule, or apex managed sharing.
• can be enabled in Setup > Sharing Settings

Question 33

What objects can use a queue?

Answer 33

1. Cases
2. Contact Requests
3. Leads
4. Orders
5. Service Contracts
6. Knowledge Article Versions
7. Custom objects

Question 34

What can groups and queues consist of?

Answer 34

1. (other) Public Groups
2. Users
3. Roles
4. Roles and Subs
5. Territories
6. Territories and Subs

Question 35

Who can be specified in sharing rules?

Answer 35

1. Role
2. Public Group
3. Territory membership
4. Manager Group

Question 36

What are the two ways to evaluate in how a sharing rule is evaluated?

Answer 36

1. Record Ownership

2. Record Criteria

Question 37

How are records shared using manual sharing?

Answer 37

using the ‘Sharing’ button

Question 38

Can records be manually shared in LE?

Answer 38

No, only Classic

Question 39

What objects can be manually shared?

Answer 39

Accounts, Contacts, Leads, Users, Cases, and custom objects

Question 40

What are the different groups you can manually share with?

Answer 40

1. Users
2. Roles
3. Roles and Subs
4. Territories
5. Territories and Subs
6. Public Groups
7. Manager Groups

Question 41

Can someone who is not the record owner manually share a record?

Answer 41

yes, can also be above the owner in role hierarchy, have full access, or be an admin

Question 42

How do you ensure that a User record is not manually shared?

Answer 42

Uncheck ‘Manual User Record Sharing’ on the Sharing Settings page

Question 43

Where is Field-Level Security set?

Answer 43

Profiles or Permission sets

Question 44

Does Field-Level Security override the ‘Modify All Data’ or ‘View All Data’ permissions?

Answer 44

Yes

Question 45

Where will the user not see a field they are making not visible?

Answer 45

• record detail/edit pages
• related lists
• list views
• reports
• email and merge templates

Question 46

Due to field visibility consisting of page layout and FLS, how are contradictions handled?

Answer 46

The most restrictive setting always wins

Question 47

Does FLS prevent searching on values?

Answer 47

No, but the record will be returned in the search results WITHOUT the protected field(s)

Question 48

What are the two fields for FLS

Answer 48

Visible checkbox

Read only checkbox

Question 49

Where do you specify which Apex classes and Visualforce pages a user can access?

Answer 49

Profile

Question 50

An organization uses private sharing model. Marcus is a sales representative of the organization who needs to share an account record owned by him with his co-worker Sam.

Answer 50

Marcus can simply share the account record with Sam by manually using the ‘Sharing’ button on the record.

Question 51

Rachel is a Salesforce admin who needs to ensure that all users with the sales rep role are able to edit opportunities in the org that uses a ‘Public Read Only’ model.

Answer 51

A sharing rule can be created for this requirement. A sharing rule can be used to share an object’s records with users belonging to a certain role. Records can be shared based on ownership or criteria.

Question 52

Users of an organization should not be able to view account records owned by others. A public group of managers should be able to view all account records.

Answer 52

The OWD for Account can be set to Private. A sharing rule can be used to grant access to a public group.

Question 53

Records of a custom object named ‘Vehicle’ should only be accessed by support users and their supervisors. Supports users should be able to view and edit all ‘Vehicle’ records

Answer 53

Access to the ‘Vehicle’ custom object can be enabled only for the profiles of support users and their supervisors. The OWD can be set to ‘Public Read/Write’ to ensure that users are able to view/edit each other’s records.

Question 54

The OWD setting for a custom object has been as private. An admin needs to ensure that users above others in the role hierarchy are able to access records owned by them.

Answer 54

Ensure ‘Grant Access Using Hierarchies’ option has been enabled for the object

Question 55

A single user requires the permission to view and edit records of a certain custom object.

Answer 55

A permission set can be used to grant additional access to a user. A new custom profile would be unnecessary for this use case.

Question 56

An org would like to allow its marketing department to be able to see only the details of the campaign members whose contact or lead records they have access to.

Answer 56

The OWD setting of ‘Controlled by Lead or Contact’ on the Campaign Member object would allow all users to see only the campaign members whose contact or lead records they have access to in SF.

Question 57

Users of an org are currently only able to see campaign members whose lead or contact records they have access to. However, the Marketing Director would like them to access campaign member records only if they have access to the related campaign. Also, users who belong to a certain public group require access to all campaign members regardless of the default access.

Answer 57

The OWD setting of ‘Controlled by Campaign’ can be used for the Campaign Member object to allow users to only be able to see cm’s if they have access to the campaign associated with them. Since the CM object would inherit sharing rules from the Campaign object, a campaign sharing rule can be created to give the public group access to all the campaigns, which would give access to all the related cm records.

Question 58

What are permission sets?

Answer 58

A group of permissions and settings that can be assigned to one or more users. They are used to grant additional access.

Question 59

What does field-level security control?

Answer 59

Controls if a field is visible or read only at the profile level

Question 60

What takes longer opening up access or restricting it via OWD?

Answer 60

Opening happens immediately

Restricting takes time to calculate

Question 61

What should be used to grant a single user additional access to an object in salesforce?

Answer 61

permission set

Question 62

What OWD would be used to ensure that users cannot access account records not owned by them

Answer 62

Private