- Describe how security is structured in Salesforce.com.
- Explain how to determine what security permissions are required in order to complete an action in Salesforce.com.
- Describe profiles and their influence on security.
- Describe the significance of the Enable Enhanced Profile User Interface setting.
- List and describe the standard Salesforce profiles.
- Explain when to create a custom profile in Salesforce.com.
- Describe permission sets, and common use cases where they are appropriate.
- Describe the settings an administrator controls to conditionally allow or prevent user authentication.
- Describe how Organization-Wide Defaults (OWDs) influence security.
- Describe how the sharing button can be used to monitor record access and facilitate manual record sharing in Salesforce.com.
- Describe the significance of a user’s role and Grant Access Using Hierarchies on record security.
- Given a scenario, determine how to properly structure the role hierarchy.
- Describe the impact of role configuration on accessing records related to an account (contacts, cases, opportunities).
- Describe sharing rules, and when their usage is appropriate.
- Describe the different types of groups available in Salesforce and when their use is appropriate.
- Describe when to select Grant Access Using Hierarchies when configuring a public group.
- Describe a queue’s influence on security.
- Describe how access to list views, documents, email templates, and similar information is secured in Salesforce.com.
- Describe the permissions required to transfer (change ownership) a record in Salesforce.com.
- Describe delegated administration, and when its usage would be appropriate.
- Describe the significance of the View All and Modify All permissions in Salesforce.com.
- Security – Module Checkpoint
Overivew of Salesforce.com Sharing Rules and Groups
Video
Must
14m
CertifiedOnDemand.com
ARVE Error: API endpoint returned a 403 error. This can occur when a video has embedding disabled or restricted to certain domains.
Objectives for this Resource:
Sharing rules are used to extend record access to users within specified roles or groups.
Records can be shared either based on record owner (role, group) or record criteria (known as a criteria-based sharing rule; e.g. all accounts in state “OH”).
Sharing Rules on accounts also provide access to related contracts and can provide access to related Contacts, Opportunities, and Cases.
Sharing rules can extend either Read Only or Read/Write access, but cannot extend Full Access.
Public groups are used to streamline the process of sharing access to records and folders. A group is comprised of users, roles, and other groups.
Personal groups are created and maintained by users, and can only be referenced in select configuration (such as Outlook contact synchronization).
When Grant Access Using Hierarchies is selected in a Public Group and that group is the target (Shared With) in a sharing rule, record access granted via the sharing rule will also be inherited via the role hierarchy.
For example:
- A sharing rule provides read only access to accounts owned by the role and subordinate roles of SVP, Sales & Marketing to the public group International Support.
- The public group International Support contains the role Customer Support, International. Members of this group gain read access to accounts owned by users in the SVP, Sales and Marketing or subordinate roles.
- Users in the role SVP, Customer Service and Support gain access to records owned by users in the SVP, Sales and Marketing or subordinate roles through Grant Access Using Hierarchies with the group configuration.
Note: Grant Access Using Hierarchies is only effective when the sharing rule is targeting a group (not when the group is the source of records).
Example
ARVE Error: API endpoint returned a 403 error. This can occur when a video has embedding disabled or restricted to certain domains.