Sharing Architecture Flashcards Preview

SFDC Sharing and Visibility Designer > Sharing Architecture > Flashcards

Flashcards in Sharing Architecture Deck (76)
Loading flashcards...

Name the 7 layers of the Sharing Architecture

1. Profiles and Permission Sets

2. Org-Wide Defaults

3. Role Hierarchy

4. Sharing Rules

5. Manual Sharing

6. Team Access

7. Territory Hierarchy Access


Which security components provide object-level security (and determines what types of data users see and whether they can edit, create, or delete records?)

Profiles and Permission Sets


What do the "View All" and "Modify All" object permissions do?

Ignore sharing rules and settings, allowing administrators to quickly grant access associated with a given object across the organization.


What is the preferable alternatives to the "View All Data" and "Modify All Data" administrative permissions?

The object permission of "View All" and "Modify All" which can be set via permission set or on the profile


Which security components provide field-level security?

Profiles and Permission Sets


What access does a user higher in a hierarchy (role or territory) have?

Users higher in a hierarchy (role or territory) inherit the same data access as their subordinates for standard objects. Managers gain as much access as their subordinates. If the subordinate has read-only access, so will the manager. This access applies to records owned by users, as well as records shared with them


What is a best practice if a single user owns more than 10,000 records?

- The user record of the owner should not hold a role in the role hierarchy

- If the owner's user record must hold a role, the role should be at the top of the hierarchy in its own branch of the role hierarchy


What is the purpose of Organization-Wide defaults?

Specifies the default level of access users have to each other's records.


What is the only way to restrict user access to a record?

Organization-wide defaults


What are the setting options for Organization-wide defaults?

- Private
- Controlled by parent
- Public Read Only
- Public Read/Write
- Public Full Access


Which setting on Organization-wide defaults can only be set for custom objects?

Grant Access Using Hierarchies (defaulted to checked)


What is an option that will prevent managers from inheriting access?

Do not set the Grant Access Using Hierarchies (which can be found in the organization-wide default settings).


What is typically the max number of allowed roles per organization?

500, however this number can be increased by Salesforce up to a maximum of 10,000


What is the max number (as a best practice) to limit your non-portal roles at?



What is the max number (as a best practice) to limit your portal roles at?



What is the best practice for the max number of branches in the hierarchy?

Keep the role hierarchy to no more than 10 levels of branches


What type of security component can be used if managers want to be able to see and do whatever their subordinates can see and do?

Role Hierarchy


What type of security component can be used to have reporting roll up in a hierarchical fashion so that anyone higher in the hierarchy sees more data than those below them?

Role Hierarchy


If different business units don't need to see each other's data, which type of security component can be used?

Having a hierarchy in which you can define separate branches allows you to segregate visibility within business units, while still rolling visibility up to the executive levels above those units


How can you setup data access so that people who all play the same role should not necessarily see each other's data?

Having hierarchical roles allows you to define a "leaf" node in which all data is essentially private, and still roll that data up to a parent role that can see all


What are public groups?

A collection of individual users, roles, territories, and so on, that all have a function in common


If you do decide to nest groups, what level would be the 'max' in terms of best practice

Do not nest more than 5 levels


What is the max number of public groups in an organization (as a best practice)



What would you do if you need to provide access to an arbitrary group of people?

Use a public group to collect them, and then use other sharing tools to give the group the necessary access. Group membership alone doesn't provide data access.


Which security component allows for exceptions to organization-wide default settings and the role hierarchy so that you can give additional users access to records they don't own?

Ownership-based Sharing rules.

Note that Ownership-based sharing rules are based on the record owner only.


Do contact ownership-based sharing rules apply to private contacts?



If you have a person in Service that needs access to see some Sales data, but they live in different branches of the hierarchy, what would you do?

Create a ownership-based sharing rule between roles on different branches


How can you provide data access to peers who hold the same role/territory?

Use ownership-based sharing rules


How can you provide data access to other groupings of users (public groups, portal roles, territories)?

Use ownership-based sharing rules as follows: the members of the groupings who own the records can be shared with the members of other groupings


What are criteria-based Sharing Rules?

Criteria-based sharing rules provide access to records based on the record's field values (criteria). If the criteria are met (one or many field values), then a share record is created for the rule. Record ownership is not a consideration