Security and access Flashcards
What checks are done when users try to access a salesforce organization?
Profile level: -Login hours, - IP ranges, Company level: -Trusted IP ranges, Activation code validation
What are examples of standard profiles?
Standard user, marketing user, solution manager, contract manager, read only, system administrator
Why and how are custom profiles created?
There are restrictions on what can be changed on a standard profile. Custom profiles are created by cloning a standard profile to be able to customize profile settings.
How is object access controlled?
Object access is controlled at the profile level, including permission sets and visibility to the tab.
What are permission sets?
A group of permissions and settings that can be assigned to one or more users that Grant additional privileges beyond the profile.
What do profile permission to Grant?
Permissions to app specific actions, customized actions built, or system wide actions
How is the role Hierarchy related to record access?
Users will have access to other users records if they have a role above the record Owner in the role hierarchy and “Grant access through hierarchies” is enabled.
What should be considered when changing organization wide default (OWD) settings?
If increasing default access, changes will take affect immediately.
If decreasing default access, changes may take significant time depending on data volumes.
How do sharing rules work?
Rules can be created to grant access to groups of users for certain records based on record owner or criteria.
What does field level security control?
Controls if the field is visible or read only at the profile level
What is manual sharing?
Manual sharing allows the user to use the sharing button to grant access to a specific record to other users, roles, roles & subordinates, territories and public groups.
What is the purpose of a public group?
It’s a way of grouping users, roles and territories so that sharing settings and permissions can be granted effectively.
When is identity verification invoked?
When a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range
What can be in abled that helps the administrator spot suspicious login activity?
Login forensics
How can folder access be controlled?
Folders can be private or shared.
Permissions and visibility can be set for users, roles, territories and/or public groups.
What are two methods to find a folder quickly in the salesforce org?
Folders can be favorited (push pin icon) or searched for in global search
What are the different access levels that can be granted to a folder?
Viewer,
Editor (edit, move, save and delete)
Manager (Share and rename folder)
Which sharing setting allows the user to manually share their own user record with other users of an organization?
Manual user record sharing - checkbox on the “sharing settings” page in Setup
What password requirements can an administrator set?
Minimum password length, Complexity, Password history enforcement, Expiration period, Minimum password lifetime
What are folders used for?
To store and organize reports, documents, dashboard and email templates.
How can reports and dashboards be organized in lightning experience?
A subfolder hierarchy can be created to organize reports and dashboards in a logical structure.
What are the different risk categories associated with a security health check in Salesforce?
High
medium
low and
informational
Which organization by default (0WD) sharing settings can be used for the campaign member object to allow all users to see only the campaign members associated with the campaigns they have access to?
Controlled by campaign setting
