Salesforce Certified Sharing and Visibility Designer – All Combined

Who can see a Private file?
File owner and users with the Modify All or View All Data permissions.
*If file is in a Private library, only file owner has access.
Who can see a Privately Shared file?
Only the file owner, users with “Modify All Data” or “View all Data” permission, and specific file viewers can find and view this file.
When does a File have a Sharing Setting of Private?
1. Upload it in Files Home
2. Publish it to your Private Library
3. Sync a file in your Salesforce Files Sync folder
4. Stop sharing it with everyone (Make Private)
5. Delete posts that include the file and the file isn’t shared anywhere else
When does a File have a Sharing Setting of Privately Shared?
1. Only shared with specific people or a private group
2. Posted to a private group
3. Shared via link
4. Posted to a feed on a record
5. Published to a shared library
When does a File have a Sharing Setting of Your Company?
1. Posted to a feed that all users can see, a profile, a record, or a public group
Which permissions does a File Viewer have?
1. View or Preview
2. Download
3. Share
4. Attach a File to a Post
5. Sync a File
Which permissions does a File Collaborator have?
1. View or Preview
2. Download
3. Share
4. Attach a File to a Post
5. Sync a File
6. Upload New Version
7. Edit Details
8. Change Permission
T/F Do records have viewer permission for files posted to their feeds?
True
Which permission is needed to sync files?
Sync Files
Who can grant access to a record?
1. The record owner
2. A user in a role above the owner in the hierarchy
3. Any user granted Full Access to the record
4. An administrator
To whom can you grant access to a record?
1. Managers Group
2. Manager Subordinates Groups
3. Public Groups
4. Personal Groups
5. Users
6. Roles
7. Roles and Subordinates
8. Roles and Internal Subordinates
9. Roles and Internal and Portal Subordinates
10. Territories
11. Territories and Subordinates
T/F You can share an opportunity or case to users without Read access on the Account and where you do not have the ability to share the Account.
False
What are the three key components of the ownership-based architecture?
1. Owner field for all records
2. Object share tables
3. Group membership tables
Which fields does a row in an object share table contain?
1. ID of the record being shared
2. ID of the user or group being granted access
3. Level of access
4. Reason the access is being granted
How many sharing records are created when a group of 5 users is granted access?
One. A single sharing record is created for groups in the object share table.
Describe the process followed when a user requests access to a record.
1. First, it checks whether a profile, permission set, or OWD setting already gives the user the level of access requested.
2. If the user does not have that level of access, the system queries the object share table to see if there is a row in which the record’s ID and user’s ID appears.
3. Next, it queries the group membership table to identify all groups that could provide access to the user.
4. It then scans the object share table again to see if there is a row in which any of these groups has already been granted access.
5. Finally, it compares the level of access granted directly to the user with the levels of access granted to the groups the user belongs to, giving the user the least restrictive level of access.
What are role groups?
Role groups gives users assigned to a role access to records owned by or shared to members of subordinate roles, and records shared to the subordinate roles themselves.
What security tactic should you employ if you don’t want anyone including the record owner, to be able to delete or share the record?
Create a “dummy” or “integration” user to own the data, then use sharing rules or apex to share data to the appropriate groups.
What functions are granted with the Manage Salesforce CRM Content permission?
1. Create, edit, and delete libraries
2. Edit library permission
*inclusive of the other CRM Content user permissions
What functions are granted with the Manage Content permission?
1. Create, edit, and delete library permissions
What functions are granted with the Manage Content Properties permission?
1. Create, edit, and delete custom fields CRM Content
What functions are granted with the Manage record types and layouts for Files permission?
1. Create, edit, and delete record types in CRM Content
2. Create, edit, and delete page layouts in CRM Content
What is a library permission?
A group of privileges assigned to each CRM Content library member. It determines which tasks a member can perform in a particular library.
*A user can have a different library permission in each of their libraries.
How do you create a library permission?
Setup > Content Permissions > Add a Library Permission
What permissions does the Manage Library privilege grant?
Perform any action in the library.
*Required to edit libraries’ name and description, add or remove library members, or delete a library
What permissions does the Add Content privilege grant?
Publish new content to the library, upload new content versions, or restore archived (deleted) content. Content authors can also change any tags associated with their content and archive or delete their own content.
What permission does the Deliver Content privilege grant?
Create a content delivery using any files in the library.
What permissions does the Attach or Share Content within Chatter privilege grant?
Make content from this library accessible in Chatter. Within Chatter, select a file from the library and attach it to a post or share it.
What are the org-wide default options for content-delivery password protection?
1. Password protection is optional and defaults to OFF
2. Password protection is optional and defaults to ON
3. Password protection is required
How many content-delivery views are allowed within a 24-hour period?
20,000
How much bandwidth is allocated to content deliveries within a 24-hour period?
10 GB
Which file type of content delivery are not supported for online views?
Any document over 25 MB is not supported.
T/F Customer Portal and Partner Portal users can create content deliveries?
False
What are your options when restricting the record types available in the library?
1. Allow content with any record type to be linked to this library
*Enable content published in other libraries to be shared to the library with the record type restrictions
2. Do not apply record type restrictions to existing content
*Select if you do not want to receive warnings regarding existing content. You will not be notified that if existing content uses record types that are now restricted.
What happens when there are no record types in common between a user profile and a library?
The default record type of the library becomes available to the users with that user profile who are sharing files with the library.
What are the available library tagging rules?
1. Open Tagging – no restrictions
2. Guided Tagging – contributors may enter any tag they would like, but a list of suggested tags are offered.
3. Restricted Tagging – contributors must select from a list of suggested tags
What can a Portal user without a Salesforce CRM Content feature do with Content?
Download, rate, comment on, and subscribe to content if they have the “View Content on Portals” user permission. Content delivery unavailable.
What can a Portal user with a Salesforce CRM Content feature do with Content?
1. Access all CRM Content features granted by their library permission(s), including contributing content, moving and sharing content among libraries, and deleting content.
2. View CRM Content reports
Content delivery feature unavailable.
Why would you need to use a custom permission?
Although permission sets and profile settings include access settings to many things (like objects, fields, etc.), they don’t include access for some custom processes and apps. Use custom settings when standard functionality isn’t enough.
What are custom permissions?
They let you define access checks that can be assigned to users via permission sets or profiles.
What is an example of a custom permission?
You can define access checks in Apex that make a button a VF page available only if a user has the appropriate custom permission.
What is an external object?
They are similar to custom objects, except they map to data that’s stored outside of Salesforce. They enable your users to to search and interact with external data.
What are the four types of Access Grants?
1. Explicit Grants
2. Group Membership Grants
3. Inherited Grants
4. Implicit Grants
What is an Explicit Grant?
Records are shared directly to users or groups
(Ex:
– A user or queue becomes the owner of a record.
– A sharing rule shares the record to a public group, queue, role, or territory
– An assignment rule shares a record to a user)
What is a Group Membership Grant?
A grant that occurs when a user, public group, queue, role, or territory is a member of a group that has explicit access to the record.
What is an Inherited Grant?
A grant that occurs when a user, group, queue, role, or territory inherits access through a role or territory hierarchy.
What is an Implicit Grant?
A grant that occurs when a built-in record sharing behavior provides access to a record.
(Ex:
– Users can view a parent record if they have access to its child opportunity.
– If a User has access to a parent account record, they also have access to its child opportunity, case, and contact records.
Which three tables does Salesforce use to store access grants?
1. Object Record Tables
2. Object Sharing Tables
3. Group Maintenance Tables
What information do the Object Sharing Tables contain?
The tables store data that supports explicit and implicit grants. Each object has its own Object Sharing Table unless it is a detail in a master-detail relationship.
What information do the Group Maintenance Tables contain?
The tables store data supporting group membership and inherited access grants
(Ex: If the Object Sharing Table grants access to a specific User, Salesforce checks the Group Maintenance Table to determine which users inherit access from Bob and grants these users access to the record.
What do sharing rows do?
Grant users or groups access to a specific record.
What do sharing rows include?
1) Record ID
2) User or Group ID
3) Level of Access
4) Row Cause
What are the three system-defined groups in Group Maintenance Tables?
1) Roles
2) RolesandSubordintates
3) RolesandInternalSubordinates
T/F Removing someone from an Account Team removes them from the Opportunity Team?
False
Which fields does the Account Team contain?
1) Account Access
2) Case Access
3) Contact Access
4) Opportunity Access
5) Team Member
6) Team Role
Which permissions do you need to create custom list views?
1) Read access on the object
2) Create and Customize List Views
Which permission do you need to create, edit, or delete public list views?
1) Manage Public List Views
To what can you share a report folder?
1) User
2) User Group
3) Role
4) Role and Subordinate
Which access levels can be granted for a report folder?
1) Viewer
2) Editor
3) Manager
What is the difference in report folder permissions between Editor and Manager?
Managers can do everything Editors can do AND control who has access to the folder, delete it, and change its properties.
If you have access to an account’s child record, what permission does that grant you to the account?
Read Only
If you have access to an account, what permission does that grant you to its children (Contacts, Cases, Opportunities)?
Depends on the account owner’s role
What are the three Communities User Licenses?
1) Customer Community
2) Customer Community Plus
3) Partner Community
What is the Customer Community license best used for?
B2C with large number of external users (up to 10 million users)
What is the Customer Community Plus license best used for?
B2B for support and non-sale scenarios (up to 1 million users)
What is the Partner Community license best used for?
B2B that need access to sales data (up to 1 million users)
What is a sharing set?
Grants HVC access to any account or contact that matches the user’s contact or account. Also supports indirect lookups
What is a share group?
Because HVC don’t have roles, share groups are used to specify the other external users that should have access to HVC owned records.
Term for an owner of more than 10,000 Records?
Ownership Data Skew
What issues are caused by Ownership Data Skew?
Changing the owner of that account or moving those users in the hierarchy requires the system to recalculate all the sharing and inheritance for all the data under the account.
What is a workaround to ownership data skew?
You can minimize possible performance impacts by not assigning the user(s) to a role.
Recommendations for data skew issues when you must have a small group or single owner
• Place them in a separate role at the top of the hierarchy • Not move them out of that top-level role • Keep them out of public groups that could be used as the source for sharing rules
Tuning Group Membership for Performance
Understand the performance characteristics of the various group maintenance operations that you are performing and always test substantial configuration changes in a sandbox environment so you know what to expect in production.
Group Membership Tuning 1
• Identify user and group updates that are complex, such as user role and portal account ownership changes, or updates that involve a large amount of associated data. Allow for additional time to process these changes.
Group Membership Tuning 2
• When making changes to the hierarchy, process changes to the bottom (leaf) nodes first, then move upward to avoid duplicate processing.
Group Membership Tuning 3
• Limit the number of records of an object owned by a single user to 10,000.
Group Membership Tuning 4
• Run group maintenance operations single threaded to prevent locking. Investigate whether the use of granular locking will allow some of your operations to run simultaneously.
Granular Locking
By default, the Force.com platform locks the entire group membership table to protect data integrity when Salesforce makes changes to roles and groups. This locking makes it impossible to process group changes in multiple threads to increase throughput on updates.
Group Membership Tuning 4
• Tune your updates for maximum throughput by experimenting with batch sizes and using the bulk API, where possible.
Group Membership Tuning 5
• Remove redundant paths of access, such as sharing rules that provide access to people who already have it through the hierarchy.
Parent Child Data Skew
A common configuration that can lead to poor performance is the association of a large number of child records (10,000 or more) with a single parent account. Parent-child data skew can cause serious performance problems in the maintenance of implicit sharing.
Data Relationship Tuning 1
• Use a Public Read Only or Read/Write organization-wide default sharing model for all non-confidential data.
Data Relationship Tuning 2
• To avoid creating implicit shares, configure child objects to be Controlled by Parent wherever this configuration meets security requirements.
Data Relationship Tuning 3
• Configure parent-child relationships with no more than 10,000 children to one parent record.
Data Relationship Tuning 4
• If you are encountering only occasional locking errors, see if the addition of retry logic is sufficient to solve the problem.
Data Relationship Tuning 5
• Sequence operations on parent and child objects by ParentID and ensure that different threads are operating on unique sets of records.
Data Relationship Tuning 6
• Tune your updates for maximum throughput by working with batch sizes, timeout values, the Bulk API, and other performance-optimizing techniques
Community User Limits
Partner or Customer Community Plus 1 million. Customer 10 million
Apex Sharing Reason Best Practice
When writing apex sharing code, don’t use Manual as the sharing reason, otherwise everything gets wiped out on an owner change.
Files: Private Sharing Setting
The file is private. It hasn’t been shared with anyone else besides the owner. The file owner and users with “Modify All Data” permission can find and view this file. However, if the file is in a private library, only the file owner has access to it.
Files: Private Sharing Setting 2
A file is private when you: Upload it in Files home, Publish it to your private library, Sync a file in your Salesforce Files Sync folder, Stop sharing it with everyone (Make Private), Delete posts that include the file and the file isn’t shared
Files: Privately Shared Sharing Setting
The file has only been shared with specific people, groups, or via link. It’s not available to all users in your company. Only the file owner, users with “Modify All Data” or “View all Data” permission, and specific file viewers can find and view this file.
Files: Privately Shared Sharing Setting 2
A file is privately shared when it’s: Only shared with specific people or a private group, Posted to a private group, Shared via link, Posted to a feed on a record, Published to a shared library
Files: Your Company Sharing Setting
All users in your company can find and view this file. A file is shared with your company when it’s posted to a feed that all users can see, a profile, a record, or a public group.
Record Ownership Background
Record ownership is at the core of Salesforce’s record access capabilities, which allow you to specify which users or types of users should be able to access specific records or types of records.
Ownership Use Case: Solo Work
For many assignments, employees work independently for their individual customers and have their progress monitored by their team’s manager. Configuring access at the role level is ideal for this use case because the role hierarchy configures record access vertically.
Ownership Use Case: Ad hoc collaboration
Every organization must both protect sensitive data and allow its users to collaborate so they can quickly solve problems for their customers. The record ownership model clarifies which user is responsible for keeping each record accurate and secure, and allows record owners to share
Ownership use case: Structured collaboration
As companies grow and need to allocate responsibilities for processes and functions across many business units, the members of their organization need to share data across these business units more and more often. A company’s customer service team needs business
How Ownership Drives Record Access “Under the Hood”
All of the data sharing capabilities of the Force. com platform are supported by three key components of the ownership-based sharing architecture. An Owner field for all records, except detail records in master-
Sharing Strategies for Maximum Security 1
If you set a custom object’s organization-wide default to Private and deselect “Grant Access Using Hierarchies” for that object, then without additional sharing, only record owners and administrators can access the object’s records.
Sharing Strategies for maximum security 2
If you, as an administrator, don’t want anyone else, including a record owner, to be able to delete or share the record, you might need to create a “dummy” or “integration” user to own the data, then use sharing rules or Apex code to share the data to the appropriate groups and
Account Team Security
Page layout and field-level security settings determine which fields are visible and editable.
Sharing between accounts and child records
Access to a parent account—If you have access to an account’s child record, you have implicit Read Only access to that account. Access to child records—If you have access to a parent account, you have access to the associated child records. The
Sharing behavior for portal users
Account and case access—An account’s portal user has Read Only access to the parent account and to all of the account’s contacts. Management access to data owned by Service Cloud portal users—Since Service Cloud portal users don’t have roles, portal account owners can’t
Implicit Sharing: Boss
Access to records owned by or shared to portal users for internal users
Shared to the role of the account owner. Also supports inheritance within portal roles
Implicit Sharing: Portal
Access to portal account and all associated contacts for all portal users under that account. Shared to the lowest role under the portal account
Implicit Sharing: Community
Access to data owned by Community users under a portal for internal users who are members of the portal share group. All members of the share group gain access to every record owned by every Community portal user.
Implicit Sharing: Community Parent
Access to the parent accounts of child records shared through the Community portal share group for internal users who are members. Maintains the ability to see the parent account when internal users are given access to account children owned by Community portal users
Community (footnote)
To allow portal users to scale into the millions, Community users have a streamlined sharing model that does not rely on roles or groups, and functions similarly to calendar events and activities. Community users are provisioned with the Service Cloud Portal or Authenticated
Partner Roles
Partner users at a given role level are always able to view and edit all data owned by or shared with users below them in the hierarchy, regardless of your organization’s sharing model. Use administrative reports to manage your partner roles.
Portal Groups
All Partner Portal Users group: Contains all partner portal users in your organization. All Internal Users group: Contains all Salesforce users in your organization
Roles and Internal Subordinates sharing rule category
Allows you to create sharing rules in which you can choose specific Salesforce users in your organization by role plus all of the users in roles below that role, excluding any partner portal roles
Partner Portal Role Hierarchy
A portal user role hierarchy is created for an account and its contacts when you enable the first partner portal user on that account. The account is added to the role hierarchy beneath the user that owns the account. Whenever you enable a contact as a partner portal user, he or she is automatically assigned.
Accounts with different portal types
Accounts with different portal types have a separate role hierarchy for each portal. Role names include the portal type with which they are associated.
Partner Users
All users in a partner user role have read access to all contacts under their partner account even when the contact sharing model is private. Partner users have read-write access to tasks associated with any object they can access. They also have read access to events associated with any object they can access.
Reporting on Portal Roles
To view the roles assigned to your partner portal users, create a custom report, choose Administrative Reports, select Users as the data type, and add Role to your report columns.
Deletion of Partner Portal Roles
When you delete partner portal roles, the roles are renamed to maintain the hierarchy. For example, if the Manager role is deleted from a three-role hierarchy of Executive, Manager, and User, then the Executive role is renamed to Manager but its ID remains the same. When you create a
Partner Portal Super User Access
Users can be assigned super user access to give them access to data owned by other users belonging to the same role or those below in the hierarchy. For example, a Partner Manager with super user access can see data owned by other users in the Partner Manager role and the Partner User roles.
Sharing Sets
A sharing set grants high-volume users access to any record associated with an account or contact that matches the user’s account or contact. You can also grant access to records via access mapping in a sharing set, which supports indirect lookups from the user and target record to the account or
Share Groups
High-volume users are limited-access users intended for organizations with many thousands to millions of external users. Unlike other external users, high-volume users don’t have roles, which eliminates performance issues associated with role hierarchy calculations. Because high-volume community users are
Original Territory Management
Salesforce’s original territory management feature lets you grant users access to accounts based on criteria such as postal code, industry, revenue, or a custom field relevant to your business.
Enterprise Territory Management
Enterprise Territory Management builds upon the original feature by introducing territory types, territory models, and territory model states. These components let you create and preview multiple territory structures and strategies before you activate
Enterprise Territory Management 2.0 Features
Multiple Territories/Hierarchy. Collaborative Forecasting (based on Role Hierarchy, not Territory Hierarchy). Territory Hierarchy Deep Clone. Rule Sharing among multiple Territories. Audit Trail. User Role in Territory
Inherited Account Assignment Rules
When you add parent territories to the territory hierarchy, it’s also a good idea to add inherited account assignment rules to those territories. If you follow this practice, you can both prevent the rules engine from having to evaluate entire branches of your territory hierarchy and
Re-parent from the Bottom Up
When modifying your territory hierarchy, re-parent each node of the territory from the bottom up to avoid having to recalculate access for the same territories.
Programmatic Territory Sharing
When any object in Salesforce is shared to a territory, the access granted to that object is based on the territory group the object was shared to, and traverses both the territory and role hierarchies. This process allows customers to architect the matrixed visibility of the Salesforce Territory
Integrating with an assignment engine external to Salesforce
Configure a workflow rule to detect when a record owner is changed, and use an outbound message to trigger your assignment engine to take appropriate action.
Sensitive Data Definition
Sensitive data is also called personally-identifying information (PII) or high business impact (HBI) data. What is considered sensitive data varies greatly from state to state and country to country. Various compliance standards, such as the Payment Card Industry (PCI) compliance
Sensitive Data Includes
Passwords. Passphrases. Encryption keys. OAuth tokens. Purchase instruments, such as credit card numbers. Personal contact information such as names, phone numbers, email addresses, account usernames, physical addresses,
Group Sharing Core Principles
Moving users from one group to another trigger organization wide group membership locks, so highly dynamic groups can have a negative impact on performance. The use case which will provide peak performance includes a group of users who share the same visibility and
Security and Code
External service integration points, VisualForce controllers and triggers all have the potential for bypassing existing security configurations.
why doesn’t Apex enforce platform security at all times
Enforcing sharing rules at compile time is impractical, as that would require recompiling code (with the associated possibility of compile time errors) for each user. Enforcing security at runtime would be potentially very costly in terms of performance,
Security Boundaries
When and where security gets enforced using code
“With Sharing”
Sharing rules are implemented as part of the query system. When a class is defined “With Sharing”, queries and searches will only return objects that are accessible to the user. But when it comes to Apex, that’s about all you can count on. If your class is defined Without sharing, queries and searches will ignore sharing rules. And
“With Sharing” 2
There is no guarantee that a class declared as with sharing doesn’t call code that operates as without sharing. Class-level security is always still necessary. In addition, all SOQL or SOSL queries that use PriceBook2 ignore the with sharing keyword. All PriceBook records are returned, regardless of the applied sharing rules.
Apex: System Context
Apex generally runs in system context; that is, the current user’s permissions, field-level security, and sharing rules aren’t taken into account during code execution.
The only exceptions to this rule are Apex code that is executed with the executeAnonymous call and Chatter in Apex.
Apex Managed Sharing
Apex Managed Sharing allows you to use Apex Code to build sophisticated and dynamic sharing settings that aren’t otherwise possible. For example, a developer can use Apex Managed Sharing to write a trigger that will automatically share a custom object record with a user that
isAccessible()
calling isAccessible() or any field-level access checks on a field automatically checks that the user has the corresponding CRUD access to the object type.
Apex web services do not have a VisualForce layer to automatically enforce CRUD/FLS and always need to call isAccessible() on all SObject fields before returning
Schema.DescribeSObjectResult
For example, you can call the isAccessible, isCreateable, or isUpdateable methods of Schema.DescribeSObjectResult to verify whether the current user has read, create, or update access to an sObject, respectively. Similarly, schema.DescribeFieldResult exposes these access control methods that you can call to
Managing Group Membership Locks for Success
Many organizations have user driven group membership changes which can compete with your business critical operations. Since these changes cannot be throttled, business process should be implemented to perform significant changes during
Group Membership Lock Events
Role creation. Role deletion.. Moving a role in the hierarchy. Adding a user to a territory. Removing a user from a territory. Moving a territory in the hierarchy. Territory deletion. Territory creation
Customers can lessen the chance of locking errors by:
Scheduling separate group maintenance processes carefully so they don’t overlap
Implementing retry logic in integrations and other automated group maintenance processes to recover from a failure to acquire a lock Using the granular locking
Single Thread
single thread performance is the amount of work completed by some software that runs as a single stream of instructions in a certain amount of time.
SF Compliance
Salesforce.com’s services are certified as compliant with some of the most rigorous, industry-accepted security, privacy, and reliability standards. We are certified and audited to standards as a service provider with the ISO/IEC 27001:2005 standard (including ISO 27001), SAS 70 Type II (now SSAE No. 16),
SF Database Security
When a user establishes a connection, Force.com assigns the session a client hash value. Along with forming and executing each application request, Force.com confirms that the user context (an organization ID, or “orgID”) accompanies each request and includes it in the WHERE clause of all SQL statements to
Encrypted Custom Fields
encrypted custom fields do have some restrictions that might be important to your use case; they cannot be an external ID and do not have default values, and they are not searchable or available for use in filters such as list views, reports, roll-up summary fields, and rule filters.
Encryption Keys
Force.com automatically encrypts this data using AES 128. It then uses key splitting to separate the keying material between application server and database so that no single salesforce.com administrator can recover both parts of the key.
Apex Crypto Class
As per the Crypto Class documentation in the Apex Developer’s Guide, the Apex Crypto class provides a number of cryptographic functions for creating digests, message authentication codes, and signatures, as well as functions for encrypting and decrypting information
Viewing Encrypted Data
Only users with the permission “View Encrypted Data” can see data in encrypted custom text fields.
Implementing Classic Encryption
Encrypted fields are encrypted with 128-bit master keys and use the Advanced Encryption Standard (AES) algorithm. You can archive, delete, and import your master encryption key. To enable master encryption key management, contact Salesforce. You can use encrypted fields in
Encrypted Text Field Restrictions
Cannot be unique, have an external ID, or have default values. For leads are not available for mapping to other objects. Are limited to 175 characters because of the encryption algorithm. Are not available for use in filters such as list views,
Encrypted Text Fields 2
Encrypted fields are editable regardless of whether the user has the “View Encrypted Data” permission. Use validation rules, field-level security settings, or page layout settings to prevent users from editing encrypted fields. You can still validate the values of encrypted fields
Encrypted Text Fields 3
Encrypted field data is not always masked in the debug log. Encrypted field data is masked if the Apex request originates from an Apex Web service, a trigger, a workflow, an inline Visualforce page (a page embedded in a page layout), or a Visualforce email template. In other cases,
Encrypted Text Fields 4
Existing custom fields cannot be converted into encrypted fields nor can encrypted fields be converted into another data type. To encrypt the values of an existing (unencrypted) field, export the data, create an encrypted custom field to store that data, and import that data into the new encrypted field.
When to use encrypted fields
Use encrypted custom fields only when government regulations require it because they involve more processing and have search-related limitations.
Shield Platform Encryption
Shield Platform Encryption gives your data a whole new layer of security while preserving critical platform functionality. It enables you to encrypt sensitive data at rest, and not just when transmitted over a network, so your company can confidently comply with privacy policies,
Shield Platform Encryption 2
Shield Platform Encryption builds on the data encryption options that Salesforce offers out of the box. Data stored in many standard and custom fields and in files and attachments is encrypted using an advanced HSM-based key derivation system, so it is protected even when other
What are the 3 key components of record ownership?
* Owner field (except on detail records) * Object Share Tables * Group Membership Tables
Territory Management Objects/Decision Point
Territory Management natively supports assignments for only accounts and opportunities. To assign additional types of object records such as leads, orders, or custom object records you must make significant customizations to your organization.
Territory Management LDV/Decision Point
Organization B frequently realigns its 400,000 accounts. This number might seem large, but Salesforce has customers who realign over 60 million accounts. For the Salesforce Territory Management decision tree, consider that an organization with more than 200,000 accounts has large
Team-Based Territory Management
Team-based territory management uses accounts and sales teams to define responsibilities across a sales organization. Team-based territory management works as an alternative to the Territory Management feature when territory assignments affect only accounts and
Public Group-Based Territory Management
Public group-based territory management uses Salesforce public groups to define teams associated with accounts, opportunities, leads, and other types of records. You can nest public groups to establish a record access hierarchy separate from your role hierarchy, but your forecasts
Criteria-Based Territory Management
Criteria-based sharing territory management uses criteria-based sharing rules to define responsibilities across a sales organization. Because of the limited number of criteria-based sharing rules available per object, only use criteria-based territory management if your organization is small.
Territory Models
Only one model can be in the Active state at one time in your organization, and you can only activate a model that is in the Planning state. After activating a model, you cannot reset it to Planning state: you can only set it to Archived state.
Platform Encryption Best Practice: Number Fields
Don’t use Currency and Number fields for sensitive data. You can often keep private, sensitive, or regulated data safe without encrypting associated Currency or Number fields. Encrypting these fields could have broad functional consequences across the platform, such as disruptions to roll-up summary reports, report timeframes, and calculations, so they are not encryptable.
Platform Encryption Keys
Encrypt your data using the most current key. When you generate a new tenant secret, any new data is encrypted using this key. However, existing sensitive data remains encrypted using previous keys. In this situation, Salesforce strongly recommends re-encrypting these fields using the latest key. Contact Salesforce for help with this.
What is a territory type?
Allows you to organize territories by key characteristics. Every territory must have a territory type. Do not appear in territory hierarchy.
What is a Territory Model?
A territory model represents a complete territory system. Modeling allows you to create and preview multiple territory structures and user/account assignments before activating the model.
What is a Territory Hierarchy?
The territory hierarchy displays the territory structure. You can create, edit, and delete territories; run assignment rules, assign territories to opportunities, activate or archive the model.
What is the Territory Model State?
The territory model state indicates whether a territory is in the planning stage, in active use, or archived.
What actions can you take on an archived territory?
Admins can view hierarchy and rule assignments.
The territory no longer provides account access.
Note: Only active models can be archived, and archived models cannot be reactivated. When you archive or delete a territory, the Territory field on the opportunity becomes blank.
What does the Manage Territories permission grant?
1) Create territory models and all related records
2) View and manage territory models in all states: Planning, Active, and Archived
3) Activate, archive, delete, or clone territory models
4) View territory info on territory-assigned account records for territories in models in all states
Which territory functionality is accessible with the View Setup and Configuration permission?
1) View the Salesforce Setup tree
2) View the territory model in Active state
3) View the name of all account records assigned to territories in the Active territory model
4) View territory info on territory-assigned account records for territories in models in the Active state
How can you assign territories to opportunities?
Filter-based opportunity assignment allows you to use a simple job to assign territories to opportunities.
T/F Enterprise Territory Management can be enabled with Customizable Forecasting?
False
T/F Enterprise Territory Management can be enabled with Collaborative Forecasting?
True (but they are not integrated to work with one another.)
What are the default access levels for accounts in territories?
1) View accounts assigned to a territory
2) View and edit accounts assigned to a territory
3) View, edit, transfer, and delete accounts assigned to a territory
What are the default access levels for opportunities in territories?
1) Not access opportunities the user does not own that are associated with accounts in a territory
2) View all opportunities associated with accounts in the territory
3) View and edit all opportunities associated with accounts in the territory, regardless of who owns the opportunities
What are the default access level for cases in territories?
1) No access to cases the user does not own that are associated with accounts in the territory
2) View all cases associated with accounts in the territory
3) View and edit all cases associated with accounts in the territory, regardless of who owns the opportunities
How many territory models can you create?
1) Developer – 4
2) Enterprise – 2
3) Performance – 4
4) Unlimited – 4
How many territories can a territory model have?
1,000
How can accounts be assigned to a territory?
1) Manually
2) Rules to automate assignment
What is the best practice for assigning a rule to a territory and its child territory?
Do not assign the rule separately to the child territory. Instead, select Apply to Child Territories.
T/F You assign more than one territory to an Account from an Account Record?
True
How many assignment rules can a single territory have?
15
How are manual territory assignments controlled for opportunities?
They are controlled by users’ sharing access to the opportunity’s assigned (parent) account
Who can manually assign an opportunity to a territory?
1) Any user with sharing access to an opportunity may assign the opportunity to ANY territory.
2) A user with sharing access to an opportunity’s parent account may only assign the opportunity to a territory that is also assigned to the parent account.
How do you exclude an Opportunity from filter-based territory assignment?
1) On the Opportunity record, select Exclude from the territory assignment filter logic
2) View the API
What is a territory role?
Territory roles allow you to keep track of user functions within territories.
T/F Users must have the same territory role across territories?
False
What is the best way to view territories assigned to an account?
Add the Assigned Territories Related List to the Account page layout
What is the best way to view the users assigned to territories for a given account?
Add the Users in Assigned Territories Related List to the Account page layout
What is the best way to view the Territory assigned to a given Opportunity?
Add the Territory field to the Opportunity page layout.
What actions can you take in Territory 1.0, but not in Enterprise Territory Management 2.0?
1) Integrate with Customizable Forecasting
2) Share a report/dashboard folder with a territory
3) Create a public group with territory
What actions can you take in Enterprise Territory Management 2.0, but not in Territory Management 1.0?
1) Multiple Territories/Hierarchies
2) Run Territories on Territory Tree/List View Page
3) Territory Type/Priority
4) Territory Models
5) Integration with Collaborative Forecasting
6) Separation of Rule Execution versus Deployment
7) Territory Hierarchy Deep Clone
8) Rule Sharing among multiple Territories
9) Audit Trail
10) Metadata API Support
11) User Role in Territory
12) Trigger on User to Territory Association Object
What are the best practices for using role hierarchy and territory hierarchy in conjunction?
Remember that access provided by territory managements rolls up through the role hierarchy. Do not duplicate the role hierarchy. Instead, use the role hierarchy for management relationships, reporting rollups, approvals and other hierarchically structured workflows. Use territories to expand access to opportunities and accounts.
What should you do when you add parent territories?
It’s a good idea to add inherited account assignment rules.
What is the best way to re-parent territories?
From the bottom up (so that you do not have to recalculate access for the same territories)
How can you improve the performance of certain territory related locking operations?
Enable granular locking, which attempts to lock only the modified portions of the table. This can improve performance of the following items:
1) Adding/deleting/transferring user from a territory
2) Re-parent a territory
3) Create or delete a territory within a hierarchy
4) Adding or removing a forecast manager
Which territory related locking operations will not be improved by enabling granular locking?
1) Modifying access levels
2) Making manual assignments to an account
3) Adding, deleting, or updating rules
4) Previewing account assignment
5) Assigning an object or removing an object from a territory
What should you consider if you have an existing system for managing territories or a complex and large set of territories?
You should consider integrating an external source of truth
How can you architect a territory system for peak performance?
1) Use inherited criteria whenever possible
2) If standard account assignment rules aren’t flexible enough, consider using formula fields in the account assignment rule
3) Make your direct and inherited assignment rules as restrictive as possible
Which permission is needed to sync files?
Sync Files
Who can grant access to a record?
1. The record owner
2. A user in a role above the owner in the hierarchy
3. Any user granted Full Access to the record
4. An administrator
To whom can you grant access to a record?
1. Managers Group
2. Manager Subordinates Groups
3. Public Groups
4. Personal Groups
5. Users
6. Roles
7. Roles and Subordinates
8. Roles and Internal Subordinates
9. Roles and Internal and Portal Subordinates
10. Territories
11. Territories and Subordinates
T/F You can share an opportunity or case to users without Read access on the Account and where you do not have the ability to share the Account.
False
What are the three key components of the ownership-based architecture?
1. Owner field for all records
2. Object share tables
3. Group membership tables
Which fields does a row in an object share table contain?
1. ID of the record being shared
2. ID of the user or group being granted access
3. Level of access
4. Reason the access is being granted
How many sharing records are created when a group of 5 users is granted access?
One. A single sharing record is created for groups in the object share table.
Describe the process followed when a user requests access to a record.
1. First, it checks whether a profile, permission set, or OWD setting already gives the user the level of access requested.
2. If the user does not have that level of access, the system queries the object share table to see if there is a row in which the record’s ID and user’s ID appears.
3. Next, it queries the group membership table to identify all groups that could provide access to the user.
4. It then scans the object share table again to see if there is a row in which any of these groups has already been granted access.
5. Finally, it compares the level of access granted directly to the user with the levels of access granted to the groups the user belongs to, giving the user the least restrictive level of access.
What are role groups?
Role groups gives users assigned to a role access to records owned by or shared to members of subordinate roles, and records shared to the subordinate roles themselves.
What security tactic should you employ if you don’t want anyone including the record owner, to be able to delete or share the record?
Create a “dummy” or “integration” user to own the data, then use sharing rules or apex to share data to the appropriate groups.
Why would you need to use a custom permission?
Although permission sets and profile settings include access settings to many things (like objects, fields, etc.), they don’t include access for some custom processes and apps. Use custom settings when standard functionality isn’t enough.
What are custom permissions?
They let you define access checks that can be assigned to users via permission sets or profiles.
What is an example of a custom permission?
You can define access checks in Apex that make a button a VF page available only if a user has the appropriate custom permission.
What is an external object?
They are similar to custom objects, except they map to data that’s stored outside of Salesforce. They enable your users to to search and interact with external data.
What are the four types of Access Grants?
1. Explicit Grants
2. Group Membership Grants
3. Inherited Grants
4. Implicit Grants
What is an Explicit Grant?
Records are shared directly to users or groups
(Ex:
– A user or queue becomes the owner of a record.
– A sharing rule shares the record to a public group, queue, role, or territory
– An assignment rule shares a record to a user)
What is a Group Membership Grant?
A grant that occurs when a user, public group, queue, role, or territory is a member of a group that has explicit access to the record.
What is an Inherited Grant?
A grant that occurs when a user, group, queue, role, or territory inherits access through a role or territory hierarchy.
What is an Implicit Grant?
A grant that occurs when a built-in record sharing behavior provides access to a record.
(Ex:
– Users can view a parent record if they have access to its child opportunity.
– If a User has access to a parent account record, they also have access to its child opportunity, case, and contact records.
Which three tables does Salesforce use to store access grants?
1. Object Record Tables
2. Object Sharing Tables
3. Group Maintenance Tables
What information do the Object Sharing Tables contain?
The tables store data that supports explicit and implicit grants. Each object has its own Object Sharing Table unless it is a detail in a master-detail relationship.
What information do the Group Maintenance Tables contain?
The tables store data supporting group membership and inherited access grants
(Ex: If the Object Sharing Table grants access to a specific User, Salesforce checks the Group Maintenance Table to determine which users inherit access from Bob and grants these users access to the record.
What do sharing rows do?
Grant users or groups access to a specific record.
What do sharing rows include?
1) Record ID
2) User or Group ID
3) Level of Access
4) Row Cause
What are the three system-defined groups in Group Maintenance Tables?
1) Roles
2) RolesandSubordintates
3) RolesandInternalSubordinates
T/F Removing someone from an Account Team removes them from the Opportunity Team?
False
Which fields does the Account Team contain?
1) Account Access
2) Case Access
3) Contact Access
4) Opportunity Access
5) Team Member
6) Team Role
Which permissions do you need to create custom list views?
1) Read access on the object
2) Create and Customize List Views
Which permission do you need to create, edit, or delete public list views?
1) Manage Public List Views
To what can you share a report folder?
1) User
2) User Group
3) Role
4) Role and Subordinate
Which access levels can be granted for a report folder?
1) Viewer
2) Editor
3) Manager
What is the difference in report folder permissions between Editor and Manager?
Managers can do everything Editors can do AND control who has access to the folder, delete it, and change its properties.
If you have access to an account’s child record, what permission does that grant you to the account?
Read Only
If you have access to an account, what permission does that grant you to its children (Contacts, Cases, Opportunities)?
Depends on the account owner’s role
What are the three Communities User Licenses?
1) Customer Community
2) Customer Community Plus
3) Partner Community
What is the Customer Community license best used for?
B2C with large number of external users (up to 10 million users)
What is the Customer Community Plus license best used for?
B2B for support and non-sale scenarios (up to 1 million users)
What is the Partner Community license best used for?
B2B that need access to sales data (up to 1 million users)
What is a sharing set?
Grants HVC access to any account or contact that matches the user’s contact or account. Also supports indirect lookups
What is a share group?
Because HVC don’t have roles, share groups are used to specify the other external users that should have access to HVC owned records.
What is the name of the share table where MyCustomObject is the name of a custom object?
MyCustomObject__Share
T/F Objects on the detail side of a Master-Detail object do not have a sharing table?
True
Which three types of sharing are supported through the Share Table?
1) Apex sharing
2) User managed sharing
3) Force.com sharing
Which properties does a Share Table have?
1) Access Level: Edit, Read, All
2) Parent ID: Id of the object
3) RowCause: Reason why the user or group is being granted access
4) UserOrGroupID: the user or group ID to which you are granting access
What is Apex managed sharing?
Apex managed sharing enables developers to programmatically manipulate sharing to support their application’s behavior through Apex or the SOAP API. (Maintained across record ownership changes.)
What is an Apex sharing reason?
A method to track why a record is shared with a user or group.
What two things make up an Apex sharing reason?
1) Label, which displays the reason
2) Name, which is used when referencing the reason through the API and Apex
What format would the Apex Sharing Reason have where the name is MyReasonName?
MyReasonName__c
How would the Apex Sharing Reason MyReasonName be referenced for an object CustomObject?
Schema.CustomObject__Share.rowCause.MyReasonName__c
How would an apex sharing reason called Recruiter for a custom object Job be called?
Schema.Job__Share.rowCause.Recruiter__c
How do you prevent Apex managed sharing from being deleted when an owner is changed?
Set the row case to value other than “Manual” using (the default) using Apex Sharing Reasons. (ONLY FOR CUSTOM OBJECTS; OTHERWISE USE AN OUTBOUND MESSAGE)
What does Apex running in the system context mean?
The current user’s permissions, FLS, and sharing rules are not taken into consideration during code execution.
What is the exception to Apex running into the system context?
Apex code executed with the executeAnonymous call and Chatter are not executed in system context. (It executes using the full permissions of the current user.)
What is the best way to avoid accidentally revealing secured info through Apex classes?
Use the “With Sharing” keyword to enforce sharing rules
Why might you not want to specify “With Sharing” on an Apex class?
1) Enforcing sharing rules at compile time is impractical
2) Enforcing security at runtime could become costly in terms of performance
3) There are some useful scenarios where it’s valuable to bypass security
T/F The “With Sharing” keyword enforces the user’s permission, FLS, and sharing rules?
False. “With Sharing” only enforces sharing rules.
T/F A class declared as “with sharing” will never call code that operates as “without sharing”.
False. If an inner class is declared as “Without Sharing”, it will execute without enforcing the sharing rules that apply to the context user.
What happens to manually shared records when the owner is changed?
User managed sharing is removed when the record owner changes.
T/F Custom sharing reasons can be defined for standard and custom objects.
False. Custom sharing reasons can only be written for custom objects.
T/F Object shares can be written for standard and custom objects.
True
T/F Objects with a default sharing setting of “Public Read/Write” have a share table?
False
T/F The UserOrGroupID can be assigned to a Role ID.
False. The UserOrGroupID should instead be assigned to the matching Group ID from the Group table.
How does Apex managed sharing behave differently than other forms of record-level sharing?
1) Sharing records are maintained across record owner changes
2) The only users that can modify these sharing records are those with the “Modify All Data” permission
3) A record can be shared multiple times with the same user or group using different Apex sharing reasons
In which scenarios will SFDC not enforce FLS or CRUD?
1) When objects or field values are referenced as generic data types or data is copied to other elements.



2) Passing custom Apex classes that copy or wrap SObject data to VF pages
3) All Apex web services
4) Lightning components when you reference objects or retrieve objects from an Apex controller
4) SObject updates, creates, or deletes done within Apex controllers or extensions
How can you enforce CRUD/FLS in Apex web services, Lightning components, and controllers?
Call isAccessible() on all SObject fields before returning data to the user
How can you enforce CRUD/FLS for Create, Update, and Delete Operations in Apex classes?
For create and update operations, each field assigned a value in Apex should have a describe result isCreateable() or isUpdateable(). (Fields assigned a value with apex:inputField tag are automatically checked)
For delete operations, the check should be at the object level. The object’s describe result isDeletable() should be called.
What is the easiest way to enforce CRUD/FLS in Apex?
Perform operations in VisualForce and to operate directly on SObjects and fields.
How do you check the field-level update permission of the contact’s email field before updating it?
if (Schema.sObjectType.Contact.fields.Email.isUpdateable()) {
//Update contact email
}
How do you check the field-level create permission of the contact’s email field before creating a new contact?
if(Schema.sObjectType.Contact.fields.Email.isCreatable()){
//Create new contact
}
How do you check the field-level read permission of the contact’s email field before querying the field?
if (Schema.sObjectType.Contact.Fields.isAccessible()){
Contact c = [SELECT Email FROM Contact WHERE IF= :ID];
}
How do you check the object-level permission for the contact before deleting it?
if(Schema.sObjectType.Contact.isDeleteable()){
//Delete Contact
}
What is Account Data Skew?
A situation where an Account’s parent object has more than 10,000 child objects.
How can you avoid account data skew?
1) Design architecture to limit account objects to 10,000 children. (You could create a pool of Accounts and assign children in a round robin OR use Custom settings for the current account and number of children.)
2) Consider a Public Read/Write sharing model
3) If the account is skewed, redistribute child objects during off-peak hours
What is the high-level benefit of the SFDC group membership architecture?
Since the group is a representation of one or more users who share a single access grant, moving a group access grant involves maintaining only a single share record for the group (instead of a share record for every member of the group).
What happens when a user is moved from one group to another?
An org-wide group membership lock is triggered. Highly dynamic groups can have a negative impact on performance.
How is the sharing performance benefit correlated with the number of group members and the frequency of user movement within the groups?
The benefit will decrease as the number of group members decreases and the frequency of user movement within the groups increases.
Which actions does SFDC perform when a user moves from one branch of the hierarchy to another, if the user is the first member in their role to own data?
1) Salesforce adds access to the user’s data for people who are above the user’s new role in the hierarchy
2) Salesforce removes access for people who were above the user’s old role in the hierarchy
Which actions does Salesforce take when a user moves from one branch of the hierarchy to another, if the user has a new role with different settings for accessing contacts, cases, and opportunities?
1) Adds shares to those child objects where the new settings are more permissive
2) Removes existing shares where the new settings are more restrictive
Which actions does SFDC always taken, when a user moves from one branch of the hierarchy to another?
1) Removes all of the user’s records from the scope of sharing rules where the old role is the source group
2) Adds all of the user’s records to the scope of rules where the new role is the source
What is ownership data skew?
When a single user owns more than 10,000 records of an object
How can you minimize the impact of users facing ownership data skew?
1) Place the user in a separate role at the top of the hierarchy
2) Do not move them out of that top-level role
3) Keep the user out of public groups that could be used as the source for sharing rules
Why would a user experience a “could not acquire lock” error?
The sharing system locks the tables holding group membership info during updates to prevent incompatible concurrent updates, which could lead to inaccurate data about users’ access rights. The customer is likely executing large data loads or integrations that are making changes to tole/group structure, user assignments to role and groups, or both.
How can you lesson the chance of group membership locking errors?
1) Schedule separate group maintenance processes so they don’t overlap
2) Implementing retry logic in integrates and other automated group maintenance processes to recover from a failure
3) Use the granular locking feature to allow some group maintenance operations to proceed simultaneously
What does Parent Implicit Sharing provide?
Read-only access to the parent account for a user with access to a child record
Note:
1) Not used when sharing on the child is controlled by the parent
2) Expensive to maintain with many account children
3) When a user loses access to a child, SFDC has to check all other children to see if it can delete the implicit parent sharing grant.
What dos Child Implicit Sharing provide?
Access to child records for the owner of the parent account
Note:
1) Not used when sharing on the child is controlled by its parent
2) Controlled by child access setting for the account owner’s role
3) Supports account sharing rules that grant child record access
4) Supports account team access based on team settings
5) When a user loses access to the parent, SFDC has to remove all the implicit child sharing for that user
What does Boss Implicit Sharing provide?
Access to records owned by or shared to portal users for internal users
Note:
1) Shared to the role of the account owner
2) Supports inheritance within portal roles
What does Portal Implicit Sharing provide?
Access to portal account and all associated contacts for all portal users under that account
Note:
Shared to the lowest role under the portal account
What is Parent-Child Data Skew?
The association of a large number of child records (10,000 or more) with a single parent account.
How can you avoid creating implicit shares?
Configure child objects to be Controlled by Parent whenever possible
How can you tune your updates for maximum throughput?
Work with batch sizes, timeout values, the Bulk API, and other performance-optimizing techniques.
What is deferred sharing maintenance?
Instead of processing separate updates and waiting for them to complete, the admin “turns off” processing of group maintenance operations and makes all the desired changes at the same time. Once the changes have been completed, the admin resumes processing group maintenance, and the system performs a recalculation to make the role and group changes take effect.
The system then requires a full recalculation of sharing rules, which can be set to take place immediately or to start at a later time.
Who can benefit from deferred sharing?
Company’s that can negotiate downtime with customers and have struggled to complete updates in a timely fashion.
What are the key advantages of granular locking?
1) Groups that are in separate hierarchies can be manipulated concurrently
2) Public groups and roles that do not include territories can be manipulated concurrently
3) Users can be added concurrently to territories and public groups
4) User provisioning can occur in parallel
5) A single-long running process, such as a role delete, only blocks a small subset of operations
What is granular locking?
The system employs additional logic to allow multiple updates to proceed simultaneously if there is no hierarchical or other relationship between the roles or groups involved
Who can benefit from granular locking?
Customers who frequently experience locking that restricts their ability to manage manual and automated group maintenance operations.
Which activities take out group membership locks during their transaction?
1) Role Creation
2) Role Deletion
3) Moving a role in the hierarchy
4) Adding a user to a territory
5) Removing a user from a territory
6) Moving a territory in the hierarchy
7) Territory deletion
8) Territory creation
9) Provisioning an internal user with an existing role
10) User role change
11) Provisioning a non-HVPU portal user under an account
12) Portal Account owner change
13) User Role change of a user who owns one or more portal accounts
What information can you review at trust.salesforce.com?
1) Current and archived history of system status and performance metrics
2) Planned upgrades and maintenance windows
3) System performance incidents, including why and methods for preventing future incidents
How does Force.com validate a user has permission to access an org when the user establishes a connection?
1) Force.com assigns the session a client has value
2) Force.com confirms that the user context (the org ID) accompanies each application request
3) When data is returned, Force.com confirms that the data is coming from the user context
What is a free application you can use to check your security related settings and that will make recommendations for improving security?
Security Health Check
What is the Apex Crypto class?
The class provides a number of cryptographic functions for creating digests, message authentication codes and signatures, and functions for encrypting and decrypting data.
In which scenarios, is the Apex Crypto class used?
1) Confidentiality – the protection of data from unauthorized party
2) Integrity – the data is complete and correct
3) Authenticity – proof of the authenticity of the sender or receiver of the message
Who can see encrypted data?
Users with the “View encrypted data” permission
What does the recipient see when an encrypted field is included in an email template?
The value is masked, regardless of whether the recipient has the “View encrypted data” permission
T/F If a user with the “View encrypted data” permissions grant login access to another user, the user will view the encrypted data in plain text.
True
Which component supports presenting encrypted fields in visualforce pages?
What restrictions exist for encrypted fields?
1) Encrypted fields cannot be unique, external, or have a default field
2) For leads, are not available for lead mapping
3) Cannot be used in report filers, but can be included in report results
4) Are not searchable, but can be included in search results
5) Are not available for Salesforce for Outlook, workflow rules, lead conversion, formula fields, web-to-lead
T/F Encrypted fields are not editable for users without the “View encrypted data”
False. Use validation rules to prevent edits after the initial entry
T/F You can use validation rules or Apex to validate encrypted fields data
True
T/F Encrypted fields can be converted into another data type and other data types can be converted into encrypted fields.
False
How does shield platform encryption work?
It relies on a unique tenant secret you control and a master secret controlled by Salesforce. The secrets are combined to create a unique data encryption key.
What is different between shield platform encryption and classic encryption?
1) Shield Platform has an additional fee
2) Shield Platform requires Manage Encryption Keys Permission
3) Shield Platform can encrypt standard fields, attachments, files, and existing fields
4) Shield Platform encrypted fields are available in Workflow Rules and field updates
5) Classic encryption supports Masking
How Much Visibility Do Managers Get To Standard Objects Their Subordinates Own or have Shared With Them?
The same level of access.
What Are Two Best Practices for Users Who Own More Than 10,000 Records?
1. They shouldn’t have a role in the role hierarchy.

2. If they must hold a role, it should be at the top in their own branch.

Who can take ownership of records belonging to a queue?
Queue members and users higher in the role hierarchy.
How can you restrict access to an object?
Org wide defaults are the only way. Everything else grants access.
What’s the recommended max depth of a role hierarhy?
10 levels.
What can a public group consist of?
Users, Roles (with or without subordinates), Territories, or Other Public Groups
Which permission is needed to sync files?
Sync Files
Who can grant access to a record?
1. The record owner
2. A user in a role above the owner in the hierarchy
3. Any user granted Full Access to the record
4. An administrator
To whom can you grant access to a record?
1. Managers Group
2. Manager Subordinates Groups
3. Public Groups
4. Personal Groups
5. Users
6. Roles
7. Roles and Subordinates
8. Roles and Internal Subordinates
9. Roles and Internal and Portal Subordinates
10. Territories
11. Territories and Subordinates
T/F You can share an opportunity or case to users without Read access on the Account and where you do not have the ability to share the Account.
False
What are the three key components of the ownership-based architecture?
1. Owner field for all records
2. Object share tables
3. Group membership tables
Which fields does a row in an object share table contain?
1. ID of the record being shared
2. ID of the user or group being granted access
3. Level of access
4. Reason the access is being granted
How many sharing records are created when a group of 5 users is granted access?
One. A single sharing record is created for groups in the object share table.
Describe the process followed when a user requests access to a record.
1. First, it checks whether a profile, permission set, or OWD setting already gives the user the level of access requested.
2. If the user does not have that level of access, the system queries the object share table to see if there is a row in which the record’s ID and user’s ID appears.
3. Next, it queries the group membership table to identify all groups that could provide access to the user.
4. It then scans the object share table again to see if there is a row in which any of these groups has already been granted access.
5. Finally, it compares the level of access granted directly to the user with the levels of access granted to the groups the user belongs to, giving the user the least restrictive level of access.
What are role groups?
Role groups gives users assigned to a role access to records owned by or shared to members of subordinate roles, and records shared to the subordinate roles themselves.
What security tactic should you employ if you don’t want anyone including the record owner, to be able to delete or share the record?
Create a “dummy” or “integration” user to own the data, then use sharing rules or apex to share data to the appropriate groups.
Why would you need to use a custom permission?
Although permission sets and profile settings include access settings to many things (like objects, fields, etc.), they don’t include access for some custom processes and apps. Use custom settings when standard functionality isn’t enough.
What are custom permissions?
They let you define access checks that can be assigned to users via permission sets or profiles.
What is an example of a custom permission?
You can define access checks in Apex that make a button a VF page available only if a user has the appropriate custom permission.
What is an external object?
They are similar to custom objects, except they map to data that’s stored outside of Salesforce. They enable your users to to search and interact with external data.
What are the four types of Access Grants?
1. Explicit Grants
2. Group Membership Grants
3. Inherited Grants
4. Implicit Grants
What is an Explicit Grant?
Records are shared directly to users or groups
(Ex:
– A user or queue becomes the owner of a record.
– A sharing rule shares the record to a public group, queue, role, or territory
– An assignment rule shares a record to a user)
What is a Group Membership Grant?
A grant that occurs when a user, public group, queue, role, or territory is a member of a group that has explicit access to the record.
What is an Inherited Grant?
A grant that occurs when a user, group, queue, role, or territory inherits access through a role or territory hierarchy.
What is an Implicit Grant?
A grant that occurs when a built-in record sharing behavior provides access to a record.
(Ex:
– Users can view a parent record if they have access to its child opportunity.
– If a User has access to a parent account record, they also have access to its child opportunity, case, and contact records.
Which three tables does Salesforce use to store access grants?
1. Object Record Tables
2. Object Sharing Tables
3. Group Maintenance Tables
What information do the Object Sharing Tables contain?
The tables store data that supports explicit and implicit grants. Each object has its own Object Sharing Table unless it is a detail in a master-detail relationship.
What information do the Group Maintenance Tables contain?
The tables store data supporting group membership and inherited access grants
(Ex: If the Object Sharing Table grants access to a specific User, Salesforce checks the Group Maintenance Table to determine which users inherit access from Bob and grants these users access to the record.
What do sharing rows do?
Grant users or groups access to a specific record.
What do sharing rows include?
1) Record ID
2) User or Group ID
3) Level of Access
4) Row Cause
What are the three system-defined groups in Group Maintenance Tables?
1) Roles
2) RolesandSubordintates
3) RolesandInternalSubordinates
T/F Removing someone from an Account Team removes them from the Opportunity Team?
False
Which fields does the Account Team contain?
1) Account Access
2) Case Access
3) Contact Access
4) Opportunity Access
5) Team Member
6) Team Role
Which permissions do you need to create custom list views?
1) Read access on the object
2) Create and Customize List Views
Which permission do you need to create, edit, or delete public list views?
1) Manage Public List Views
To what can you share a report folder?
1) User
2) User Group
3) Role
4) Role and Subordinate
Which access levels can be granted for a report folder?
1) Viewer
2) Editor
3) Manager
What is the difference in report folder permissions between Editor and Manager?
Managers can do everything Editors can do AND control who has access to the folder, delete it, and change its properties.
If you have access to an account’s child record, what permission does that grant you to the account?
Read Only
If you have access to an account, what permission does that grant you to its children (Contacts, Cases, Opportunities)?
Depends on the account owner’s role
What are the three Communities User Licenses?
1) Customer Community
2) Customer Community Plus
3) Partner Community
What is the Customer Community license best used for?
B2C with large number of external users (up to 10 million users)
What is the Customer Community Plus license best used for?
B2B for support and non-sale scenarios (up to 1 million users)
What is the Partner Community license best used for?
B2B that need access to sales data (up to 1 million users)
What is a sharing set?
Grants HVC access to any account or contact that matches the user’s contact or account. Also supports indirect lookups
What is a share group?
Because HVC don’t have roles, share groups are used to specify the other external users that should have access to HVC owned records.
What is the name of the share table where MyCustomObject is the name of a custom object?
MyCustomObject__Share
T/F Objects on the detail side of a Master-Detail object do not have a sharing table?
True
Which three types of sharing are supported through the Share Table?
1) Apex sharing
2) User managed sharing
3) Force.com sharing
Which properties does a Share Table have?
1) Access Level: Edit, Read, All
2) Parent ID: Id of the object
3) RowCause: Reason why the user or group is being granted access
4) UserOrGroupID: the user or group ID to which you are granting access
What is Apex managed sharing?
Apex managed sharing enables developers to programmatically manipulate sharing to support their application’s behavior through Apex or the SOAP API. (Maintained across record ownership changes.)
What is an Apex sharing reason?
A method to track why a record is shared with a user or group.
What two things make up an Apex sharing reason?
1) Label, which displays the reason
2) Name, which is used when referencing the reason through the API and Apex
What format would the Apex Sharing Reason have where the name is MyReasonName?
MyReasonName__c
How would the Apex Sharing Reason MyReasonName be referenced for an object CustomObject?
Schema.CustomObject__Share.rowCause.MyReasonName__c
How would an apex sharing reason called Recruiter for a custom object Job be called?
Schema.Job__Share.rowCause.Recruiter__c
How do you prevent Apex managed sharing from being deleted when an owner is changed?
Set the row case to value other than “Manual” using (the default) using Apex Sharing Reasons. (ONLY FOR CUSTOM OBJECTS; OTHERWISE USE AN OUTBOUND MESSAGE)
What does Apex running in the system context mean?
The current user’s permissions, FLS, and sharing rules are not taken into consideration during code execution.
What is the exception to Apex running into the system context?
Apex code executed with the executeAnonymous call and Chatter are not executed in system context. (It executes using the full permissions of the current user.)
What is the best way to avoid accidentally revealing secured info through Apex classes?
Use the “With Sharing” keyword to enforce sharing rules
Why might you not want to specify “With Sharing” on an Apex class?
1) Enforcing sharing rules at compile time is impractical
2) Enforcing security at runtime could become costly in terms of performance
3) There are some useful scenarios where it’s valuable to bypass security
T/F The “With Sharing” keyword enforces the user’s permission, FLS, and sharing rules?
False. “With Sharing” only enforces sharing rules.
T/F A class declared as “with sharing” will never call code that operates as “without sharing”.
False. If an inner class is declared as “Without Sharing”, it will execute without enforcing the sharing rules that apply to the context user.
What happens to manually shared records when the owner is changed?
User managed sharing is removed when the record owner changes.
T/F Custom sharing reasons can be defined for standard and custom objects.
False. Custom sharing reasons can only be written for custom objects.
T/F Object shares can be written for standard and custom objects.
True
T/F Objects with a default sharing setting of “Public Read/Write” have a share table?
False
T/F The UserOrGroupID can be assigned to a Role ID.
False. The UserOrGroupID should instead be assigned to the matching Group ID from the Group table.
How does Apex managed sharing behave differently than other forms of record-level sharing?
1) Sharing records are maintained across record owner changes
2) The only users that can modify these sharing records are those with the “Modify All Data” permission
3) A record can be shared multiple times with the same user or group using different Apex sharing reasons
In which scenarios will SFDC not enforce FLS or CRUD?
1) When objects or field values are referenced as generic data types or data is copied to other elements.



2) Passing custom Apex classes that copy or wrap SObject data to VF pages
3) All Apex web services
4) Lightning components when you reference objects or retrieve objects from an Apex controller
4) SObject updates, creates, or deletes done within Apex controllers or extensions
How can you enforce CRUD/FLS in Apex web services, Lightning components, and controllers?
Call isAccessible() on all SObject fields before returning data to the user
How can you enforce CRUD/FLS for Create, Update, and Delete Operations in Apex classes?
For create and update operations, each field assigned a value in Apex should have a describe result isCreateable() or isUpdateable(). (Fields assigned a value with apex:inputField tag are automatically checked)
For delete operations, the check should be at the object level. The object’s describe result isDeletable() should be called.
What is the easiest way to enforce CRUD/FLS in Apex?
Perform operations in VisualForce and to operate directly on SObjects and fields.
How do you check the field-level update permission of the contact’s email field before updating it?
if (Schema.sObjectType.Contact.fields.Email.isUpdateable()) {
//Update contact email
}
How do you check the field-level create permission of the contact’s email field before creating a new contact?
if(Schema.sObjectType.Contact.fields.Email.isCreatable()){
//Create new contact
}
How do you check the field-level read permission of the contact’s email field before querying the field?
if (Schema.sObjectType.Contact.Fields.isAccessible()){
Contact c = [SELECT Email FROM Contact WHERE IF= :ID];
}
How do you check the object-level permission for the contact before deleting it?
if(Schema.sObjectType.Contact.isDeleteable()){
//Delete Contact
}
What is Account Data Skew?
A situation where an Account’s parent object has more than 10,000 child objects.
How can you avoid account data skew?
1) Design architecture to limit account objects to 10,000 children. (You could create a pool of Accounts and assign children in a round robin OR use Custom settings for the current account and number of children.)
2) Consider a Public Read/Write sharing model
3) If the account is skewed, redistribute child objects during off-peak hours
What is the high-level benefit of the SFDC group membership architecture?
Since the group is a representation of one or more users who share a single access grant, moving a group access grant involves maintaining only a single share record for the group (instead of a share record for every member of the group).
What happens when a user is moved from one group to another?
An org-wide group membership lock is triggered. Highly dynamic groups can have a negative impact on performance.
How is the sharing performance benefit correlated with the number of group members and the frequency of user movement within the groups?
The benefit will decrease as the number of group members decreases and the frequency of user movement within the groups increases.
Which actions does SFDC perform when a user moves from one branch of the hierarchy to another, if the user is the first member in their role to own data?
1) Salesforce adds access to the user’s data for people who are above the user’s new role in the hierarchy
2) Salesforce removes access for people who were above the user’s old role in the hierarchy
Which actions does Salesforce take when a user moves from one branch of the hierarchy to another, if the user has a new role with different settings for accessing contacts, cases, and opportunities?
1) Adds shares to those child objects where the new settings are more permissive
2) Removes existing shares where the new settings are more restrictive
Which actions does SFDC always taken, when a user moves from one branch of the hierarchy to another?
1) Removes all of the user’s records from the scope of sharing rules where the old role is the source group
2) Adds all of the user’s records to the scope of rules where the new role is the source
What is ownership data skew?
When a single user owns more than 10,000 records of an object
How can you minimize the impact of users facing ownership data skew?
1) Place the user in a separate role at the top of the hierarchy
2) Do not move them out of that top-level role
3) Keep the user out of public groups that could be used as the source for sharing rules
Why would a user experience a “could not acquire lock” error?
The sharing system locks the tables holding group membership info during updates to prevent incompatible concurrent updates, which could lead to inaccurate data about users’ access rights. The customer is likely executing large data loads or integrations that are making changes to tole/group structure, user assignments to role and groups, or both.
How can you lesson the chance of group membership locking errors?
1) Schedule separate group maintenance processes so they don’t overlap
2) Implementing retry logic in integrates and other automated group maintenance processes to recover from a failure
3) Use the granular locking feature to allow some group maintenance operations to proceed simultaneously
What does Parent Implicit Sharing provide?
Read-only access to the parent account for a user with access to a child record
Note:
1) Not used when sharing on the child is controlled by the parent
2) Expensive to maintain with many account children
3) When a user loses access to a child, SFDC has to check all other children to see if it can delete the implicit parent sharing grant.
What dos Child Implicit Sharing provide?
Access to child records for the owner of the parent account
Note:
1) Not used when sharing on the child is controlled by its parent
2) Controlled by child access setting for the account owner’s role
3) Supports account sharing rules that grant child record access
4) Supports account team access based on team settings
5) When a user loses access to the parent, SFDC has to remove all the implicit child sharing for that user
What does Boss Implicit Sharing provide?
Access to records owned by or shared to portal users for internal users
Note:
1) Shared to the role of the account owner
2) Supports inheritance within portal roles
What does Portal Implicit Sharing provide?
Access to portal account and all associated contacts for all portal users under that account
Note:
Shared to the lowest role under the portal account
What is Parent-Child Data Skew?
The association of a large number of child records (10,000 or more) with a single parent account.
How can you avoid creating implicit shares?
Configure child objects to be Controlled by Parent whenever possible
How can you tune your updates for maximum throughput?
Work with batch sizes, timeout values, the Bulk API, and other performance-optimizing techniques.
What is deferred sharing maintenance?
Instead of processing separate updates and waiting for them to complete, the admin “turns off” processing of group maintenance operations and makes all the desired changes at the same time. Once the changes have been completed, the admin resumes processing group maintenance, and the system performs a recalculation to make the role and group changes take effect.
The system then requires a full recalculation of sharing rules, which can be set to take place immediately or to start at a later time.
Who can benefit from deferred sharing?
Company’s that can negotiate downtime with customers and have struggled to complete updates in a timely fashion.
What are the key advantages of granular locking?
1) Groups that are in separate hierarchies can be manipulated concurrently
2) Public groups and roles that do not include territories can be manipulated concurrently
3) Users can be added concurrently to territories and public groups
4) User provisioning can occur in parallel
5) A single-long running process, such as a role delete, only blocks a small subset of operations
What is granular locking?
The system employs additional logic to allow multiple updates to proceed simultaneously if there is no hierarchical or other relationship between the roles or groups involved
Who can benefit from granular locking?
Customers who frequently experience locking that restricts their ability to manage manual and automated group maintenance operations.
Which activities take out group membership locks during their transaction?
1) Role Creation
2) Role Deletion
3) Moving a role in the hierarchy
4) Adding a user to a territory
5) Removing a user from a territory
6) Moving a territory in the hierarchy
7) Territory deletion
8) Territory creation
9) Provisioning an internal user with an existing role
10) User role change
11) Provisioning a non-HVPU portal user under an account
12) Portal Account owner change
13) User Role change of a user who owns one or more portal accounts
What information can you review at trust.salesforce.com?
1) Current and archived history of system status and performance metrics
2) Planned upgrades and maintenance windows
3) System performance incidents, including why and methods for preventing future incidents
How does Force.com validate a user has permission to access an org when the user establishes a connection?
1) Force.com assigns the session a client has value
2) Force.com confirms that the user context (the org ID) accompanies each application request
3) When data is returned, Force.com confirms that the data is coming from the user context
What is a free application you can use to check your security related settings and that will make recommendations for improving security?
Security Health Check
What is the Apex Crypto class?
The class provides a number of cryptographic functions for creating digests, message authentication codes and signatures, and functions for encrypting and decrypting data.
In which scenarios, is the Apex Crypto class used?
1) Confidentiality – the protection of data from unauthorized party
2) Integrity – the data is complete and correct
3) Authenticity – proof of the authenticity of the sender or receiver of the message
Who can see encrypted data?
Users with the “View encrypted data” permission
What does the recipient see when an encrypted field is included in an email template?
The value is masked, regardless of whether the recipient has the “View encrypted data” permission
T/F If a user with the “View encrypted data” permissions grant login access to another user, the user will view the encrypted data in plain text.
True
Which component supports presenting encrypted fields in visualforce pages?
What restrictions exist for encrypted fields?
1) Encrypted fields cannot be unique, external, or have a default field
2) For leads, are not available for lead mapping
3) Cannot be used in report filers, but can be included in report results
4) Are not searchable, but can be included in search results
5) Are not available for Salesforce for Outlook, workflow rules, lead conversion, formula fields, web-to-lead
T/F Encrypted fields are not editable for users without the “View encrypted data”
False. Use validation rules to prevent edits after the initial entry
T/F You can use validation rules or Apex to validate encrypted fields data
True
T/F Encrypted fields can be converted into another data type and other data types can be converted into encrypted fields.
False
How does shield platform encryption work?
It relies on a unique tenant secret you control and a master secret controlled by Salesforce. The secrets are combined to create a unique data encryption key.
What is different between shield platform encryption and classic encryption?
1) Shield Platform has an additional fee
2) Shield Platform requires Manage Encryption Keys Permission
3) Shield Platform can encrypt standard fields, attachments, files, and existing fields
4) Shield Platform encrypted fields are available in Workflow Rules and field updates
5) Classic encryption supports Masking
Administer communities in Salesforce
Not available
Global Header
The drop-down in the global header shows a list of communities the user created or has access to. Also links back to their internal organization. Can’t access communities in Inactive status. Can see communities in Preview status if a link is provided.
Your Name menu in Global Header
Same as in internal organization. Chatter Free users see a My Settings menu, an Edit Contact Info menu, and a Logout link. For Chatter Free users, the My Settings menu opens an overlay where they can update location settings, security settings, email settings, and approved connections. These settings apply across the internal organization and all communities that users have access to. This overlay is different from the My Settings page that other internal users see if the organization has enabled the improved Setup user interface.
Community Management menu in Global Header
Users with “Manage Communities” can see the menu and use it to preview the community or access Community Builder, Site. com Studio, and Force. com. Note that the Community Builder option doesn’t appear for communities created using the Salesforce Tabs + Visualforce template. This menu only appears within Community Management.
Salesforce Online Help
Standard Salesforce user sees Salesforce Online Help. Chatter Free user sees Chatter help.
People
Can see everyone else in the community and vice versa.
Profiles and people hovers
Can see all contact information fields (such as Title, Work Phone, and Email) on all community members’ profiles. In people hovers, user always sees members’ Title, Work Phone, and Mobile Phone fields.
Records (such as accounts, leads, opportunities)
Standard Salesforce user sees records they have access to (based on sharing rules) across all communities and their internal organization. Chatter Free user doesn’t have access to records.
Dashboards and Reports
Can view and create dashboards and reports
Salesforce Knowledge Articles
Salesforce Knowledge User License, Read permission on the article type, and visibility on the article’s category.