Security And Access Flashcards
What does Manager Group Sharing allow?
It allows records to be shared up and down the management chain using the Manager field on the user record.
How is field access controlled?
Field-level security is set at the profile or permission set level and can set fields to be read-only or not visible.
How is record access controlled?
By using Object Permissions, Role Hierarchy, Manager Group Sharing, Sharing Settings (OWD), and Sharing Rules
What does manual sharing allow?
It allows records to be manually shared with other users, roles, territories, and public groups. The access level can be set to read/write or read only.
What are the high level steps to use Enterprise Territory Management?
Build a Territory, Assign Users to Territories, Create Territory Account Assignment Rules, Preview the Model, Activate the Model
What does Enterprise Territory Management do?
It allows accounts to be assigned to territories automatically using territory assignment rules, and users to be assigned to territories.
Why are custom profiles created?
If the permissions defined in a standard profile do not meet requirements. There are restrictions on what can be changed in a standard profile. A custom profile is fully customizable.
What can a Delegated Administrator do?
Certain Admin functions, including unlocking users, resetting passwords, creating users, assigning profiles and public groups and managing custom objects
What is a permission set?
A set of permissions that can be assigned to one or more users that gives additional permissions to what is defined in their profile. It can include almost all permissions in a profile, including object, field and system.
Which territory access levels are available when organization-wide default sharing settings for Contacts is set to ‘Private’?
‘No Access’, ‘View’, and ‘View and Edit’
What is used as an identifier for a particular kind of territory in a territory hierarchy?
Territory Type
What represents a complete territory management system that includes a
territory hierarchy, assignment rules and assigned users?
Territory Model
What is a graphical representation of the entire territory structure in a territory model?
Territory Hierarchy
Which organization-wide default sharing setting can be used for the Campaign Member object to allow all users to see only the campaign members associated with the campaigns they have access to?
Controlled by Campaign
Which sharing setting allow a user to manual share their own user record with other users of an organization?
‘Manual User Record Sharing’ checkbox on the ‘Sharing Settings’ page in Set up
Which organization-wide default sharing setting can be used for the Campaign Member object to allow all users to see only the campaign members associated with the campaigns they have access to?
Controlled by Parent
With regard to record access, with capability is available when using the original territory management functionality?
Access can be granted to accounts and related opportunities and cases based on custom criteria, regardless of who owns the records.
What are some of the customizations that are possible when managing a custom object as a delegated administrator?
Adding a picklist value to a field, creating a custom tab, modifying the page layout, etc.
Which term is used in salesforce for a contact that does not have an associated account record?
Private Contact
What can be done to allow a user to view all data in an organization?
Create and assign a permission set with ‘View All Data’ permission.
When are sharing rules re-evaluated automatically?
When changes are made to groups, roles, and territories, sharing rules are re-evaluated to add or remove access as necessary.
Which least-privilege profile allows users to access activities and Chatter features?
‘Minimum Access - Salesforce’ profile
When managing a custom object, what cannot be modified by a delegated administrator?
Relationships on the object and organization-wide default sharing setting
What protocol does social sign-on use?
OpenID Connect
When Enterprise Territory Management is enabled, how can records by users in a territory be shared with users in another territory?
By setting up a sharing rule based on users assigned to a territory
What password requirements can an administrator set?
Minimum password length, complexity, password history enforcement, expiration period, minimum password lifetime
In Salesforce Classic, how can a user manually share a record with members of a territory?
By using the ‘Sharing’ button on the record and searching for & adding the territory in the ‘Share With’ column
What does social sign-on enable?
Lets users login using credentials from a social network such as LinkedIn.
When is identity verification invoked?
When a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range.
Which form of social sign on is enabled by default for all users?
Federated authentication
Which authentication method lets users login with typing a password?
Lightning Login
When configuring Login Discovery for My Domain, which interface should a Login Discovery Handler class implement?
MyDomainLoginDiscoveryHandler
How can a 2-factor authentication code be provided?
Text message, email or an authenticator app
What should be deployed to enable certificate-based authentication in an org?
My Domain
