User management - controlling users access Flashcards
What are the four levels of data access ?
org(highest level of data access)
objects
field
records
how can you manage record level data access?
roles(hierarchies)
manual sharing
sharing rules
org wide default
what the highest level, you can SECURE DATA access to your organization
by maintaining a list of authorized users,
setting password policies,
and limiting login access to certain hours and certain locations.
Before configuring record access, what consideration should you take?
Should your users have open access to every record, or just a subset?
If it’s a subset, what rules should determine whether the user can access them?
The permissions on a record are always evaluated according to a combination of what 3 levels of permissions?
object–,
field–,
record–level permissions.
When object– versus record–level permissions conflict, ——————- win.
the most restrictive settings
organization–wide defaults are the defaults that specify the baseline level of access that users have to _____________that they don’t own
records
Configure your organization–wide defaults for most restricted USER is allowed to access. Then use other _________________ (role hierarchies, sharing rules, and manual sharing) to open up the data to other users who need to access it.
other record–level security and sharing tools
You can specify the default level of access to records for each type of __________ or _______object.
standard or custom
You can never use organization–wide defaults to grant users __________ access than they have through their object permission.
MORE
To determine the organization–wide defaults for each object. consider…
Who is the most restricted user of this object?
Is there ever going to be an instance of this object that this user shouldn’t be allowed to see?
Is there ever going to be an instance of this object that this user shouldn’t be allowed to edit?
the sharing model for an object can be set to one of four settings for the field
Private
Public Read Only
Public Read/Write
Controlled by Parent
when a sharing model field of an object is set to Private what actions can an non record owner do?
Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.
when a sharing model field of an object is set to Public Read Only what actions can an non record owner do?
All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.
when a sharing model field of an object is set to Public Read/Write what actions can an non record owner do?
All users can view, edit, and report on all records.