Sharing and Visibility Wi22 Fullset Flashcards
After testing and deploying a new trigger that creates a related order when an opportunity is closed, the Architect begins receiving complaints of permission error messages appearing when closing an opportunity.
How did this error occur?
A. Trigger is using IsCreateable() Apex method and the user doesn’t have Create permission on the Order object.
B. The trigger handlers class does not use any sharing keywords and the user does not have access to the orders related to the opportunity.
C. The trigger should be using RunAs() when creating the order.
D. The trigger handler class is using “with sharing” and the user does not have access to the orders related to the opportunity.
D. The trigger handler class is using “with sharing” and the user does not have access to the orders related to the opportunity.
Susan posts a file to the Chatter feed for a record of an object which OWD is private.
Which two statements accurately describe who can view the file by default?
Choose 2 answers.
A. Susan and users with the View All Data permission.
B. Susan and users with access to the record.
C. Susan and users with a shared chatter post link to the file.
D. Susan only.
A. Susan and users with the View All Data permission.
B. Susan and users with access to the record.
Universal Containers (UC) has 600 sales reps. UC has a rollout plan to deploy Salesforce in 3 weeks. At the end of the second week, they received a “User Role Limit Exceeded” error. After investigation, they discovered that during the user provisioning process, a new role was generated for every new user.
Which two recommendations could solve this problem?
Choose 2 answers.
A. Review the user provisioning process to not automatically create a user role for any new user.
B. Remove role hierarchy from salesforce org and control the record access using apex managed sharing.
C. Contact Salesforce support and request to increase the number of user roles allowed.
D. Create an Apex class to replace the User Roles by generic one as soon as they are created.
A. Review the user provisioning process to not automatically create a user role for any new user.
C. Contact Salesforce support and request to increase the number of user roles allowed.
The architect at Universal Containers is trying to ensure that security vulnerabilities are not present within the Salesforce organization. What two tests should the architect verify?
Choose 2 answers
A. Test for SOQL Injection.
B. Test Cross-Site Scripting on Apex queries.
C. Test Cross-Site Scripting on custom pages.
D. Test for invalid user access attempts.
A. Test for SOQL Injection.
C. Test Cross-Site Scripting on custom pages.
Universal Containers has a large network of partners, who each have seasonal workers that need short-term access to the community.
How might the Architect design the solution to federate user setup to the partners?
Choose 2 answers
A. Allow external users to self register.
B. Create a permission set giving Read/Write to the user object to Partner manager.
C. Grant the Modify users permission to the partner managers.
D. Assign delegated external administrators at each partner.
A. Allow external users to self register.
D. Assign delegated external administrators at each partner.
Sales Operations at Universal Containers (UC) has created Public Report and Dashboard folders for sales managers that report to the VP of Sales. Sales Operations currently spends a few hours each month updating users that should have access to edit items in these folders.
In which two ways can UC grant access to sales managers to automate access to these Reports and Dashboards folders?
Choose 2 answers
A. Share the folders lowest roles in the Role Hierarchy, superiors will get access automatically.
B. Share the folders with the “VP of Sales” Role and Subordinates.
C. Share the folders with the “Sales Managers” Queue.
D. Share the folders with a “Sales Managers” Public Group.
B. Share the folders with the “VP of Sales” Role and Subordinates.
D. Share the folders with a “Sales Managers” Public Group.
Universal Containers is planning to pilot a new application to a small set of Sales Reps.
What is the optimal way to grant only those Sales Reps access to the new functionality, while hiding the legacy functionality?
A. Create a permission set to grant access to the new functionality and hide the old functionality.
B. Clone the Sales Rep profile, adjust settings, and assign the pilot users the new profile.
C. Revoke access to legacy functions in the Sales Rep profile and create a permission set for the new functionality.
D. Create new user records for the pilot user that they will use for the pilot.
B. Clone the Sales Rep profile, adjust settings, and assign the pilot users the new profile.
Universal Containers (UC) stores basic employee information in a custom Employee object (OWD - Public Read Only). There are a few sensitive fields that need restricted access (salary, grade level, last performance rating).
Other than field level security, what other options are available to make these fields accessible to the Human Resource team?
A. Create a new custom object controlled by parent and a Master-Detail relationship to Employee to store new restricted information.
B. Change OWD of Employee custom object to private and a Lookup self-relationship to store only new restricted information.
C. Create a new custom object with private OWD and Lookup relationship to Employee to store new restricted information.
D. There are no other options besides using field level security.
C. Create a new custom object with private OWD and Lookup relationship to Employee to store new restricted information.
Sales managers at Universal Containers (UC) have requested viewing customer invoices in Salesforce. Invoice data is mastered in the ERP system. The architect at UC decided to surface the customer invoices in salesforce using external objects and did the following:
- Configured an external object called Invoice.
- Created a lookup relationship between the account and the invoice.
How can the architect grant the sales managers access to the customer invoices data?
A. By creating sharing rules to share the invoices records with users in sales managers roles.
B. By creating manual sharing to share invoices with relevant sales managers.
C. By controlling the invoices object permissions on the sales manager’s profile.
D. By creating a sharing set to share invoices with users in sales manager role.
C. By controlling the invoices object permissions on the sales manager’s profile.
Sales managers want their team members to help each other close Opportunities. The Opportunity and Account organization-wide defaults are private. To grant Opportunity access to sales reps on the same team, ownership-based sharing rules were created for each team.
What is the side effect of this approach?
A. All sales reps will have Read access to Accounts for all Opportunities
B. Sales Reps on the same team will have Edit access to the Accounts for Opportunities owned by their team members.
C. All sales reps will have Read access to all Accounts.
D. Sales reps on the same team will have Read access to the Accounts for Opportunities owned by their team members.
D. Sales reps on the same team will have Read access to the Accounts for Opportunities owned by their team members.
Universal Containers (UC) has a custom object to track the internal net promoter score (NPS) for all its employees.
How can UC ensure that NPS records cannot be accessed by an individual employee’s manager?
A. Use Apex sharing to remove NPS object share records for Manager Profiles
B. Remove Create, Read, Edit and Delete from Manager Profiles and Permission sets.
C. Set organization-wide default to Private and uncheck the Access Using Hierarchies option for the NPS object
D. Create a criteria-based sharing rule to remove access to Manager role and above in the Role Hierarchy
C. Set organization-wide default to Private and uncheck the Access Using Hierarchies option for the NPS object
Sales Operations at Universal Containers (UC) wants to create list views to filter opportunities for certain geographies. In which two ways can UC hide list views that are not relevant to an individual user since there will be over 50 list views?
Choose 2 answers
A. Share the list views with the appropriate queue.
B. Share the list views with the appropriate role in the role hierarchy.
C. Share the list views with the appropriate individual users.
D. Share the list views with the appropriate public group.
B. Share the list views with the appropriate role in the role hierarchy.
D. Share the list views with the appropriate public group.
Universal Containers uses Person Accounts to represent retail customers and business accounts to represent commercial customers. The Retail Sales team should not have access to commercial customers but have access to ALL retail customers.
With organization-wide default on Account set to Private, how might the architect meet these
requirements?
A. Update Retail Sales profile to grant access to Person Account record type.
B. Create an owner-based sharing rule on AccountContactRelation to grant access to all account contact roles records owned by retail sales reps.
C. Create a criteria-based sharing rule giving Retail Sales role access to Accounts of type Person Account.
D. Give View All access for Accounts to the Retail Sales profile.
C. Create a criteria-based sharing rule giving Retail Sales role access to Accounts of type Person Account.
Universal Containers (UC) operates worldwide with offices in more than 100 regions in 10 different countries and has established a complex role hierarchy to control data visibility. In the new fiscal year, UC is planning to reorganize the roles and reassign accounts owners.
Which two points should an architect consider in this situation?
Choose 2 answers
A. Replacing Account records ownership massively can cause data skew.
B. Using a temporary parking lot account to improve performance.
C. Changing complex role hierarchy can cause a high level of sharing recalculation.
D. Restricting the organization-sharing configurations to private.
A. Replacing Account records ownership massively can cause data skew.
C. Changing complex role hierarchy can cause a high level of sharing recalculation.
Universal Containers (UC) has implemented Customer Community with customer community plus licenses for their distributors. Some distributors requested granting specific community users (agents) to view cases submitted by other agents of the same distributor.
Which feature only supports these requirements?
A. Partner community admin
B. Partner super user
C. Permission set to grant community admin permission.
D. Delegate external user
B. Partner super user
Super users can access data owned by other partner users who have the same role or a role below them. Super user access applies to cases, leads, custom objects, and opportunities only.
Universal Containers (UC) wants all full-time internal employees to be able to view all leads. A subset of Contractors and temporary employees should also be able to see leads.
Which organization-wide default (OWD) approach should an architect recommend that will help UC implement these requirements?
A. Implement a Public Read Only OWD on Lead.
B. Implement a Public Read/Write/Transfer OWD on Lead.
C. Implement a Private OWD on Lead.
D. Implement a Public Read/Write OWD on Lead.
C. Implement a Private OWD on Lead.
Universal Containers (UC) uses a custom lightning component with an Apex class to display shipment information (custom object, private OWD). UC sales managers are complaining about two important points:
- Shipment records that belong to their teams can be seen by other users.
- Shipment amount should be visible only by managers, but sales reps are able to view it.
Which two features did the development team miss that is causing the problems?
Choose 2 answers.
A. Use runAs in test class to enforce user permissions and field-level permissions.
B. Use With Sharing keyword in Apex classes to enforce sharing rules evaluation.
C. Use isSharable keyword in Apex classes to assure record visibility.
D. Use isAccessible() method in Apex classes to check field accessibility.
B. Use With Sharing keyword in Apex classes to enforce sharing rules evaluation.
D. Use isAccessible() method in Apex classes to check field accessibility.
By default, how many roles are created when the first external user is created on a partner account?
A. 0
B. 3
C. 2
D. 1
D. 1
Universal Containers (UC) service reps are assigned to a profile which has “View All” in Case object (Private OWD).
To make sure service reps have access to all relevant information to attend to customer requests, which two details should a salesforce Architect consider?
Choose 2 answers:
A. Service reps will be able to access all UC contact records if they are controlled by parent.
B. Service reps will NOT be able to access all UC contact records if they are controlled by parent.
C. Service reps will be able to access all the UC Account records due to Implicit Sharing.
D. Service reps will NOT be able to access all the UC Accounts records because Account OWD is private.
B. Service reps will NOT be able to access all UC contact records if they are controlled by parent.
C. Service reps will be able to access all the UC Account records due to Implicit Sharing.
B&D? Dificil de comprobar
- Implicit sharing not used when sharing on the child is controlled by its parent.*
- If you have access to an account’s child record, you have implicit read only access to the account.*
Universal Containers has developed a custom Visualforce page that will accept user input and must perform a dynamic SOQL query returning the results to the users.
Which two techniques should be used to ensure the users cannot perform a SOQL injection attack?
Choose 2 answers
A. Use the With Sharing keyword on the controller.
B. Use bind variables in the SOQL query.
C. Use the escapesinglequotes() method to sanitize user input.
D. Escape double quotes in the user input.
B. Use bind variables in the SOQL query.
C. Use the esacapesinglequotes() method to sanitize user input.
A sales rep at Universal Containers (UC) is a member of the Default Opportunity team for an account manager. The account manager created an opportunity and the sales rep is added to that Opportunity team.
The sales rep is complaining about no longer having access to an opportunity record that the sales rep was helping with.
What is the cause of this problem?
A. The Account team was changed and consequently the Opportunity team members were replaced by the Account team members.
B. The Sales rep was manually removed from the Opportunity team.
C. The Sales rep was removed from the Opportunity team in another opportunity record of the same account.
D. The opportunity owner can enable/disable if the “Default Opportunity team” is able to access the record.
B. The Sales rep was manually removed from the Opportunity team.
To grant Universal Containers sales managers access to shipment records properly, it was necessary to leverage Apex managed sharing. The IT team is worried about improper access to records.
Which two features and best practices should a Salesforce architect recommend to mitigate this risk?
Choose 2 answers
A. Use runAs system method in test classes to test different users and profiles.
B. Use With Sharing keyword in Apex classes to assure record visibility will be followed.
C. Use isShareable keyword in Apex classes to assure record visibility will be followed.
D. Use isAccessible keyword in Apex classes to assure record visibility will be followed.
A. Use runAs system method in test classes to test different users and profiles.
B. Use With Sharing keyword in Apex classes to assure record visibility will be followed.
Universal Containers (UC) has implemented Customer Community with customer community licenses for their customers. UC requested that any record owned by its customers should be accessible by UC users in the customer support role.
How can an Architect configure the system to support the requirements?
A. Share Group
B. Apex Sharing
C. Sharing Set
D. Sharing Rule
A. Share Group
Universal Containers (UC) is implementing Sales Cloud. During the last quarter of the financial year, Sales agents help each other close deals. They requested a solution in Salesforce to allow them to specify an assistant agent on the opportunity record. When the sales agent changes the assistant field, the system should automatically remove access from the previous assistant and grant access to the new assistant.
What is the optimum solution to meet the requirements?
A. Use apex sharing to share and unshare opportunities with the assistant agent.
B. Use sharing rule to share opportunities with the assistant agent.
C. Use opportunity team and create an assistant field, use apex to share opportunities with the assistant agent.
D. Use share group to share opportunities with the assistant agent.
A. Use apex sharing to share and unshare opportunities with the assistant agent.
Besides their own team accounts, sales managers at Universal Containers need to have READ access to all accounts of the same segment in other countries. Role hierarchy was implemented accordingly (based on countries), but a sales manager in the US is complaining that he cannot view account records of the same segment in Canada. What should be done to grant access in a proper way?
A. Create owner-based sharing rule to grant access to account records that have the same segment to all sales manager roles.
B. Change the role hierarchy and put all of the sales managers in the US and Canada in the same role.
C. Create criteria-based sharing rules to grant access to account records that have the same segment to all sales manager roles.
D. Create a public group and include all accounts of the same segment and grant access through a permission set.
A. Create owner-based sharing rule to grant access to account records that have the same segment to all sales manager roles.
C?
Universal Containers (UC) is a non-profit organization and has over 20,000,000 members (donors). The company decided to assign those accounts to Donations Reps based on their regions. Donations Reps ended up owning over 50,000 donors each. The donation reps started to see significant degradation of the system performance. What could be the reason for this problem?
A. The Donations Reps access to the assigned accounts.
B. Salesforce sharing recalculation kicked off.
C. There is an Account ownership data skew problem.
D. The Account (donor) object OWD is Private.
C. There is an Account ownership data skew problem.
Universal Containers keeps product brochures in Salesforce as files. Sarah shares a public link to a product brochure with potential customers during a meeting. She wants to ensure they do not have access to the file after the meeting. How should Sarah accomplish this?
A. Rename the file.
B. Move the file to another folder.
C. Delete the file.
D. Delete the public link.
D. Delete the public link.
Universal Containers (UC) has Affiliates who sell containers in countries where UC does not have a local office. UC has leveraged the Partner Community to manage the sales cycle. One of their affiliates has exponentially grown in the last years and restructured its internal sales team with the following structure:
Sales VP -> Director of Sales -> Sales Manager -> Sales Reps
UC would like to have the ability to open up access to the sales opportunities according to the above structure.
What is the main problem a Salesforce Architect will face to provide a solution?
A. Super User does not work in Partner Community.
B. The Channel Manager Role cannot be shared with Partner Community.
C. Partner Community does not support Role Hierarchy.
D. Partner User Roles are limited to three levels.
D. Partner User Roles are limited to three levels.
Universal Containers (UC) has implemented Service Cloud. There is a flag field on the case object that marks a case as (Sensitive). UC requested that this flag can be viewed by all users who have access to the case but only be edited by the assigned case assessor. The case assessor is a lookup field on the case object. How can an architect achieve this requirement?
A. Permission Set.
B. Object Permissions.
C. Custom Lightning Component.
D. Field-level security.
C. Custom Lightning Component.
After setting up Customer Community and enabling collaboration, the architect realizes that customers are only seeing Chatter posts from other customers in their account.
What should the architect do to allow viewing Chatter posts from all customers?
A. Enable Community User Visibility.
B. Enable Chatter Super User.
C. Enable Internal Users Visibility.
D. Set View All for Chatter posts.
A. Enable Community User Visibility.
La A o la D?
For Community User Visibility, deselect the checkbox to allow users to be seen only by themselves and their superiors. Select the checkbox to allow community users to be seen by all other users in their communities.
Which two objects support creating queues?
Choose 2 answers.
A. Account.
B. Opportunity.
C. Lead.
D. Case.
C. Lead.
D. Case.
The Corporate Identity and Access Team needs to audit User setup in the Salesforce org. What two permissions should be granted to this team so they can perform their audit?
Choose 2 answers
A. View All Data
B. View permission on the User object
C. View Setup and Configuration
D. View All Users
C. View Setup and Configuration
D. View All Users
Universal Containers (UC) provides shipment tracking for its customers on a custom Shipment object. The total number of shipments made yearly by the customers should be available on the Account record to the Marketing team, but the Marketing team should not have access to Shipment records.
What recommendation should an Architect provide to accomplish this?
A. Private organization-wide default on Shipment, rollup summary, and Master-Detail relationship to Account.
B. Controlled by Parent (Account) on Shipment, trigger, and Master-Detail relationship to Account.
C. Private organization-wide default on Shipment, trigger, and Lookup relationship to Account.
D. Public organization-wide default on Shipment, process builder, and Lookup relationship to Account.
C. Private organization-wide default on Shipment, trigger, and Lookup relationship to Account.
What vulnerability can exist when controllers use dynamic rather than static queries and bind variables?
A. Record Access Override
B. Buffer Overflow Attacks
C. Cross-site scripting
D. SOQL Injection
D. SOQL Injection
Universal Containers (UC) is in legal dispute regarding several orders. UC has found out these records were removed from the system. The VP of Sales has asked to ensure this cannot happen in the future. What approach would meet this requirement?
A. Remove the delete button from the Order page layout.
B. Change the record type/page layout assignment for Orders to be read-only.
C. Remove Order Delete Permission from Profiles and Permission sets.
D. Implement a Sharing Rule that changes access for Orders to Read.
C. Remove Order Delete Permission from Profiles and Permission sets.
Universal Containers has a customer that meets criteria for two Enterprise Territory Management territories (Portugal and Southern Europe).
What is necessary to assign opportunities to a territory for this account?
A. The territory with the highest TerritoryType Priority is automatically assigned to the Opportunity.
B. Create a Process Builder Process that updates the Territory field on the Opportunity.
C. Create an Apex class that implements Filter-Based Opportunity Territory Assignment.
D. Create a criteria-based sharing rule on the Opportunity to assign it to a territory.
C. Create an Apex class that implements Filter-Based Opportunity Territory Assignment.
Universal Containers (UC) has 200 distributors that use Partner Community licenses. Partners cannot see each other’s data, but UC is also trying to give more visibility to data for certain individuals at a distributor.
How can an Architect give users in the partner user role access to all Case and Container records owned by any user, regardless of role, at the same distributor?
A. Create an ownership-based sharing rule.
B. Create sharing sets.
C. Create a Permission Set granting “View All” permission to Case and Container records.
D. Give Super User permission to the individual partner users.
B. Create sharing sets.
- Super users can get insights into the records of other partner users who are at their role level or below them in the role hierarchy*
- Within the same partner - Sharing sets*
- Between partners - Sharing rules*
A custom invoice object has been created with a Master-detail relationship to Account. The Account receivable (AR) team needs access to Invoices. AR users do not own nor have access to Account records. Account OWD is set to Private. The AR team is unable to find Invoices in List views, Reports, nor in Global Search. The Architect has been asked to help troubleshoot.
What could be the issue preventing AR team members from seeing invoices?
A. A sharing rule is missing to share Invoices to the AR team.
B. The AR team profile needs to be assigned an Invoice Page layout.
C. A sharing rule is missing to share Accounts to the AR team.
D. The Accounts receivable profile does not have read Permission to the Invoice Object.
C. A sharing rule is missing to share Accounts to the AR team.