Security Model Flashcards
True or False?
The role hierarchy can not grant a user more access than they have through their profile permissions
True
True or False?
The role hierarchy can only open up access to records. It cannot restrict record access to less than what is granted through the Org Wide Defaults (OWD).
True
Do you need role hierarchy if you have full profile CRED and teh OWD is Public Read/Write?
No. With having CRED and the OWD at Public Read/Write, you have full access to view and edit all records. The Role Hierarchy can not give you any more access…you already have complete access.
True or False?
Neither the role heirachy, nor the field level security can grant a user more access than they have through their baseline persmissions.
True.
Review Profile, OWD, Access via Role Hierarchy and Field Level Security Work
True or False?
Sharing Rules let us extend access to users in roles, public groups or territories regardless of their place in the role heirarchy.
True.
Where do you find the sharing Settings?
(hint: same as OWD’s)
Setup>Security Controls>Sharing Settings
True or False?
Permission Sets take you above and beyond profile settings so you can grant permissions and access to only the users who need it
True.
Permission Sets give you flexibility and control over user permissions and access settings.
How do you naviagate to permission sets?
Setup>Manager Users>Permission Sets
After you create a permission set label and select the type of user license that will use the permission set, you are brought to the Permission Set Overview page. Here you will find Apps & System Permission Sets to assign connect to your label. Once added to your label, you then assign to a user or group of users, by either the Manage Assigment button at the top of the PS Overview page, or through each user’s detail profile page.
User Sharing let’s you control Who sees Who.
User Visibility Settings allow you to overwrite the OWD for user records specifically for external users in your portal or community.
Setup>Security Controls>Sharing Settings>scroll down…User Sharing Rules>New
OR
Setup>Manage Users>Users>Select a User>Click the Sharing Button at the top>Add Sharing
Record Types Control Three Things.
- Business Processes
- Page layouts
- Picklist values
What are Business Processes?
Are special picklist fields that capture the lifecycle of Opportunities, Cases, Solutions or Leads
What are page layouts?
Let you select and organize groups of fields related to an object.
What are Picklists?
Picklist values are the lists of choices that you define when you create picklist field.
Things to watch out for using Record Types
- Edit record type assignments in the Mangage Users | Profiles
- Any records createed before record types must have a record type assigned retroactively. (you can use Data Loader to Assign Record Types)
Describe the capabilities of the User Sharing feature.
Who sees Who.
User Sharing allows an administrator to set the user object org-wide default (OWD) to private. This feature is enabled by default for orgs created after the Winter 14 Release. To enable this feature in an existing org, contact Salesforce.com suppor
**Organization Security **
Org-level permissions determines under what conditions a user can login to Salesforce.
What are A few key settings?
- When users can login (Login Hours)
- Where users can login from (Login IP Ranges)
- How users can login (API, UI, etc.)
Object Security
Object-level permissions determines what actions a user can perform on records of each object.
What is CRED?
(Create, Read, Edit, Delete)
In order to create a record of that object type, the user only needs the “Create” object-level permission.
In order to perform an action on an existing record, the user needs the corresponding object-level permissions and record-level permissions (see below).