(Security and Access 13%) Apply appropriate security controls for certain scenarios

Question 1

What are profiles

Answer 1

Determine which objects a user can access and what actions they can take on those objects.

Question 2

What is Record Level Access

Answer 2

Determines what a user can do with records of a particular object.

Question 3

What is an Object responsible for in Record Access

Answer 3

Profile object permissions and permission sets determine access to records owned

Question 4

What is OWD Settings responsible for in Record Access

Answer 4

Determine access to Records Not Owned.

Question 5

what is the most and least restrictive form of record access

Answer 5

Most Restrictive: PROFILE: OBJECT

Least Restrictive: MANUAL SHARING

Question 6

field-level security

Answer 6

controls visibility to data within records at the field level

Question 7

Role Hierarchy

Answer 7

grants access to records to users that have a role above the record owner in role hierarchy

Question 8

Manager group access

Answer 8

manager groups allow users to share records up or down their management chain

Question 9

Manual sharing

Answer 9

allows for manual sharing on a one off basis.

Question 10

Everyone should be able to see all opportunities, but only Managers should be able to see the Opportunity value

Answer 10

Set OWD for opportunities to Public read.

Set the field level security for Opportunity Value to visible only for users with the Manager profile.

Question 11

Users work competitively and do not want to let other users see the information of their contacts.

Answer 11

Set the OWD for contacts to Private.

Question 12

Typically, no one should be able to see each other’s contracts, but users share on a record by record basis when needing help with re-negotiation.

Answer 12

Set OWD to Private for contracts.

Put the “Share” button on the contract page layout, and show users how to manually share the records.

Question 13

The sales team should not see other’s opportunities, but their managers need to see everyone on their team’s opportunities. At the same time, Finance and the company president should have access to all opportunities.

Answer 13

Set OWD for Opportunity to private.
Establish a role hierarchy.
Have sales at the bottom, with managers in a role above them.
Put finance above managers, and the president above all other roles.

Question 14

A company has many branches. Each of the branch’s employees are in a variety of roles, but need access to all customers owned by users from their branch. They should not be able to see customers from other branches

Answer 14

Set OWD to private for customers.
Create public groups for each branch.
Create a sharing rule to share with that branch’s public group, if the owner is from that branch.

Question 15

An organization would like to allow its marketing department to be able to see only the details of the campaign members whose contact or lead records they have access to

Answer 15

Set the organization-wide default sharing setting for the Campaign Member object to ‘Controlled by Lead or Contact’. It would allow all users to see only the campaign members whose contact or lead records they have access to in Salesforce

Question 16

Users of an organization are currently only able to see campaign members whose lead or contact records they have access to in Salesforce. However, the Marketing Director would like them to access campaign member records only if they have access to the related campaign. Also, users belong to a certain public group require access to all campaign members regardless of the default access.

Answer 16

Set the organization-wide default sharing setting for the Campaign Member object to ‘Controlled by Campaign’. It can be used to allow users to only be able to see campaign members if they have access to the campaign associated with them. Since the Campaign Member object would inherit sharing rules from the Campaign object, a campaign sharing rule can be created to give the public group access to all the campaigns, which would automatically give access to the related campaign member records.

Question 17

A company uses a custom object to order supplies. Employees create order records in this custom object. The supply manager then manages the orders and maintains some fields that other employees should not have visibility to when they create the order records

Answer 17

Field level security can be used to restrict access to these fields by users with a certain profile.
If field level security is not used, creating different page layouts is feasible. One page layout that contains all the fields can be assigned to the profile of the supply manager and the other page layout without the fields can be assigned to the profile of the employees. However, these fields can still be visible in reports, search results, or list views

Question 18

Sharing rules give what access

Answer 18

Extend access to users in roles, public groups, and territories regardless of where they are in the hierarchy. Allows for horizontal sharing in role hierarchy.

Question 19

Layers of Record access

Answer 19

build on top of profile object settings. Access to Records a user DOES NOT OWN are set first by org defaults(base level). If defaults are anything less than public read/write open up access to certain roles using role hierarchy(vertical sharing)>further open up access using: sharing rules(lateral sharing)>more access: manual sharing(flexible)

Question 20

Users baseline permissions for each object is determined by the

Answer 20

profile