Sharing Architecture Flashcards Preview

SFDC Sharing and Visibility Designer > Sharing Architecture > Flashcards

Flashcards in Sharing Architecture Deck (76)
Loading flashcards...
1

Name the 7 layers of the Sharing Architecture

1. Profiles and Permission Sets

2. Org-Wide Defaults

3. Role Hierarchy

4. Sharing Rules

5. Manual Sharing

6. Team Access

7. Territory Hierarchy Access

2

Which security components provide object-level security (and determines what types of data users see and whether they can edit, create, or delete records?)

Profiles and Permission Sets

3

What do the "View All" and "Modify All" object permissions do?

Ignore sharing rules and settings, allowing administrators to quickly grant access associated with a given object across the organization.

4

What is the preferable alternatives to the "View All Data" and "Modify All Data" administrative permissions?

The object permission of "View All" and "Modify All" which can be set via permission set or on the profile

5

Which security components provide field-level security?

Profiles and Permission Sets

6

What access does a user higher in a hierarchy (role or territory) have?

Users higher in a hierarchy (role or territory) inherit the same data access as their subordinates for standard objects. Managers gain as much access as their subordinates. If the subordinate has read-only access, so will the manager. This access applies to records owned by users, as well as records shared with them

7

What is a best practice if a single user owns more than 10,000 records?

- The user record of the owner should not hold a role in the role hierarchy

- If the owner's user record must hold a role, the role should be at the top of the hierarchy in its own branch of the role hierarchy

8

What is the purpose of Organization-Wide defaults?

Specifies the default level of access users have to each other's records.

9

What is the only way to restrict user access to a record?

Organization-wide defaults

10

What are the setting options for Organization-wide defaults?

- Private
- Controlled by parent
- Public Read Only
- Public Read/Write
- Public Full Access

11

Which setting on Organization-wide defaults can only be set for custom objects?

Grant Access Using Hierarchies (defaulted to checked)

12

What is an option that will prevent managers from inheriting access?

Do not set the Grant Access Using Hierarchies (which can be found in the organization-wide default settings).

13

What is typically the max number of allowed roles per organization?

500, however this number can be increased by Salesforce up to a maximum of 10,000

14

What is the max number (as a best practice) to limit your non-portal roles at?

25,000

15

What is the max number (as a best practice) to limit your portal roles at?

100,000

16

What is the best practice for the max number of branches in the hierarchy?

Keep the role hierarchy to no more than 10 levels of branches

17

What type of security component can be used if managers want to be able to see and do whatever their subordinates can see and do?

Role Hierarchy

18

What type of security component can be used to have reporting roll up in a hierarchical fashion so that anyone higher in the hierarchy sees more data than those below them?

Role Hierarchy

19

If different business units don't need to see each other's data, which type of security component can be used?

Having a hierarchy in which you can define separate branches allows you to segregate visibility within business units, while still rolling visibility up to the executive levels above those units

20

How can you setup data access so that people who all play the same role should not necessarily see each other's data?

Having hierarchical roles allows you to define a "leaf" node in which all data is essentially private, and still roll that data up to a parent role that can see all

21

What are public groups?

A collection of individual users, roles, territories, and so on, that all have a function in common

22

If you do decide to nest groups, what level would be the 'max' in terms of best practice

Do not nest more than 5 levels

23

What is the max number of public groups in an organization (as a best practice)

100,000

24

What would you do if you need to provide access to an arbitrary group of people?

Use a public group to collect them, and then use other sharing tools to give the group the necessary access. Group membership alone doesn't provide data access.

25

Which security component allows for exceptions to organization-wide default settings and the role hierarchy so that you can give additional users access to records they don't own?

Ownership-based Sharing rules.

Note that Ownership-based sharing rules are based on the record owner only.

26

Do contact ownership-based sharing rules apply to private contacts?

No

27

If you have a person in Service that needs access to see some Sales data, but they live in different branches of the hierarchy, what would you do?

Create a ownership-based sharing rule between roles on different branches

28

How can you provide data access to peers who hold the same role/territory?

Use ownership-based sharing rules

29

How can you provide data access to other groupings of users (public groups, portal roles, territories)?

Use ownership-based sharing rules as follows: the members of the groupings who own the records can be shared with the members of other groupings

30

What are criteria-based Sharing Rules?

Criteria-based sharing rules provide access to records based on the record's field values (criteria). If the criteria are met (one or many field values), then a share record is created for the rule. Record ownership is not a consideration