Trailhead Week 2 - Tuesday Flashcards
By combining ________ ________ at different levels, you can provide just the right level of data access to thousands of users
security controls
Access to _________ ________ is the simplest thing to control
object-level data
You can restrict access to certain________, even if a user has access to the object. For example, you can make the salary field in a position object invisible to interviewers but visible to hiring managers and recruiters.
fields
You can allow particular users to view an object, but then restrict the individual ______ _______ they’re allowed to see.
object records
You can restrict access to certain ______, even if a user has access to the object
fields
You can allow particular users to view an ______, but then restrict the individual object records they’re allowed to see.
(ex) an interviewer can see and edit her own reviews, but not the reviews of other interviewers.
object
You use _________ ________ ________ to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.
org-wide sharing settings
______ ________ give access for users higher in the hierarchy to all records owned by users below them in the hierarchy
Role hierarchies
________ ________ are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don’t own or can’t normally see.
Sharing rules
________ _______ allows owners of particular records to share them with other users.
(ex) when a recruiter going on vacation needs to temporarily assign ownership of a job application to someone else
Manual sharing
________ your system provides important information for diagnosing potential security issues or dealing with real ones.
Auditing
You can configure access to data at all of the following levels, except:
page layouts
Which of these is not a method for controlling record-level access?
profiles
A profile is a collection of __________ and ___________.
settings & permissions
The profiles functionality in an org depends on the user __________ type.
license
Users can have only one profile, but they can have multiple ________ ________.
Permission sets
You’ll be using permission sets for two general purposes:
- to grant access to objects or apps
- to grant permissions—temporarily or long term—to specific fields.
When object-level permissions conflict with record-level permissions, the most _________ settings win.
restrictive
Org-wide defaults specify the _______ level of access users have to each other’s records.
default
Role hierarchies ensure managers have access to the _____ records as their subordinates.
- Each role in the hierarchy represents a level of data access that a user or group of users needs.
same
Sharing rules are automatic exceptions to org-wide defaults for particular groups of users, to give them access to records they don’t own or can’t normally see.
Profile controls what?
Controls what users can see & what they can do.
Permission sets are
An extra level of access to settings for a user
Permission sets
Combine multiple permission sets into a single group
Permission sets group example
Multiple VPs… who do the same job throughout the world.
Ex - Able to create a survey but unable to delete.
Permission sets groups only ___ access
Grant.
- they don’t take away excess.
In any scenerio, __________ permissions will always win.
Profile.
ex) even if the user owns the contact record, if their profile permissions don’t allow… profile trumps.
When you’re the owner for a record or child record… you can
Edit
Share
Delete
* as long as profile permissions allow
For the records I don’t own… the _____________
Org wide setting control
Ex) public, private, and hybrid.
Ex) public read only
The permissions on a record are always evaluated according to a combination of object-level, field-level, and __________ permissions.
Record-level permissions
Record-level permissions offer layers of increasing access, so it’s important to know which ___________________ are observed to understand the level of access a user has.
record-level permissions
Org-wide defaults
specify the default level of access users have to each other’s records.
Role hierarchies ensure managers have access to the
same records as their subordinates.
- Each role in the hierarchy represents a level of data access that a user or group of users needs.
Sharing rules are automatic exceptions to _______________ for particular groups of users, to give them access to records they don’t own or can’t normally see.
org-wide defaults
Manual sharing lets record owners give ____________ permissions to users who might not have access to the record any other way.
read and edit
A user’s baseline permissions on any object are determined by their _________.
profile
If the user has any permission sets assigned, these also set the ___________ ____________ in conjunction with the profile.
baseline permissions
Access to records a user does not own are set first by the ______________.
org-wide defaults
If the org-wide defaults are anything less than ______________, you can open access back up for certain roles using the role hierarchy.
Public Read/Write
You can use sharing rules to _______ _______to additional groups of users.
expand access
Each record owner can manually share individual records with other users by using the _______ _________ on the record.
share button
Org-wide defaults specify the baseline level of access that the most _________ user should have.
restricted
Use org-wide defaults to ____ ______ your data
lock down
Use the other record-level security and sharing tools (role hierarchies, sharing rules, and manual sharing) to ____ _______ the data to users who need it.
open up
Org-wide defaults modify those permissions for records a user ________ own
doesn’t
Sharing rules work best when they’re defined for a particular group of users that you can _________ or ________ in advance, rather than a set of users that frequently changes
determine or predict
