Security Flashcards Preview

SFDC Sharing and Visibility Designer > Security > Flashcards

Flashcards in Security Deck (51)
Loading flashcards...
1

What is the bluntest way to prevent a user from seeing, creating, editing or deleting any instance of a particular type of object, such as a lead or opportunity?

Object-level security (also known as object permissions) via Permission sets and Profiles

2

How can you hide whole tabs and objects from particular users, so that they don't even know that type of data exists?

Use Object-level security (also known as object permissions) via Permission sets and Profiles

3

Describe Profiles as defined in Salesforce

Profiles are typically defined by a user's job function (ex, system administrator or sales representative). A profile can be assigned to many users, but a user can be assigned to only one profile

4

What do Permission Sets do?

Permission sets are used to grant additional permissions and access settings to users. It's easy to manage user's permissions and access with permission sets, because you can assign multiple permission sets to a single user

5

What are the 3 steps in setting up record-level security?

1. Determine the organization-wide sharing settings for each object,

2. Define a hierarchy for your users

3. Create sharing rules

6

What is the consequence if you disable a permission or remove an access setting in a profile and any permission sets that are assigned to a user?

The permission or access setting is disabled for all other users assigned to the profile or permission sets

7

What is the consequence if a permission or access setting is enabled in the user's profile and you assign them a different profile, or if you remove a permission set from the user?

The user may lose other permissions or access settings associated with the profile or permission sets

8

What are the following permissions used for:
- View All
- Modify All

it's used for delegation of object permissions

9

What are the following permissions used for:
- View All Data
- Modify All Data

It's used to manage all data in an organization; for example, data cleansing ,deduplication, mass deletion, mass transferring, and managing record approvals

10

What is the following permission use for:
- View All Users

It's used for viewing all users in the organization. Grants Read access to all users, so that you can see their user record details, see them in searches, list views, and so on.

11

Who would typically need the following permissions:
- View All
- Modify All

Delegated administrators who manage records for specific objects

12

Who would typically need the following permissions:
- View All Data
- Modify All Data

Administrators of an entire organization

13

Who would typically need the following permission:
- View All Users

Users who view all users in the organization, especially if the organization-wide default for the user object is Private. Administrators with the "Manage Users" permission are automatically granted the "View All Users" permission

14

There are 4 Salesforce Standard objects for which "View All" and "Modify All" are not available. Which 4 are those?

Ideas
Price books
Article Types
Products

15

Who is the target audience for permissions that respect sharing?

End-users

16

Who is the target audience for permissions that override sharing?

Delegated Data Administrators

17

Where are permissions that respect sharing managed?

CRED object permissions
and
Sharing Settings

18

Where are permissions that override sharing managed?

"View All" and "Modify All"

19

For permissions that respect sharing, do you have the ability to approve records, or edit and unlock records in an approval process?

No

20

For permissions that override sharing, do you have the ability to approve records, or edit and unlock records in an approval process?

It's available on all objects with "Modify All" access

21

For permissions that respect sharing, how can you report on all records

If you have a sharing rule that states: the records owned by the public group "Entire Organization" are shared with the specified group, with Read-Only access

22

Which permission that overrides sharing will provide you with the ability to report on all records?

If you have "View All" available on the object

23

Can you edit multiple profiles at the same time?

If enhanced profile list views are enabled for your organization, you can change permissions in up to 200 profiles directly from the list view, without accessing individual profile pages

24

Is it possible to edit all contacts associated with an account you own even if you don't own the contacts themselves?

Yes, you can set contact access so that users in a role can edit all contacts associated with accounts that they own

25

If a user does not have the "View Encrypted Data" permission, can they still edit the encrypted field?

Yes

26

How can you restrict edit access to an encrypted field?

Use validation rules, field-level security settings, or page layout settings to prevent users from editing encrypted fields

27

Can you create criteria-based sharing rules with Apex?

No. You also cannot test criteria-based sharing with Apex

28

Can high-volume portal users be included in sharing rules?

No, because they don't have roles and can't be in public groups

29

What is the limit of criteria-based sharing rules per object?

50

30

How can an admin prevent users outside of he Sales Department from accessing the Leads object?

A. Create, read, update, delete restrictions
B. Field level security restrictions
C. Sharing settings
D. All of the above

A. Create, read, update, delete restrictions