- Describe how security is structured in Salesforce.com.
- Explain how to determine what security permissions are required in order to complete an action in Salesforce.com.
- Describe profiles and their influence on security.
- Describe the significance of the Enable Enhanced Profile User Interface setting.
- List and describe the standard Salesforce profiles.
- Explain when to create a custom profile in Salesforce.com.
- Describe permission sets, and common use cases where they are appropriate.
- Describe the settings an administrator controls to conditionally allow or prevent user authentication.
- Describe how Organization-Wide Defaults (OWDs) influence security.
- Describe how the sharing button can be used to monitor record access and facilitate manual record sharing in Salesforce.com.
- Describe the significance of a user’s role and Grant Access Using Hierarchies on record security.
- Given a scenario, determine how to properly structure the role hierarchy.
- Describe the impact of role configuration on accessing records related to an account (contacts, cases, opportunities).
- Describe sharing rules, and when their usage is appropriate.
- Describe the different types of groups available in Salesforce and when their use is appropriate.
- Describe when to select Grant Access Using Hierarchies when configuring a public group.
- Describe a queue’s influence on security.
- Describe how access to list views, documents, email templates, and similar information is secured in Salesforce.com.
- Describe the permissions required to transfer (change ownership) a record in Salesforce.com.
- Describe delegated administration, and when its usage would be appropriate.
- Describe the significance of the View All and Modify All permissions in Salesforce.com.
- Security – Module Checkpoint
Salesforce.com Security Grants & Evaluation Matrix
Video Must 15m CertifiedOnDemand.com
ARVE Error: API endpoint returned a 403 error. This can occur when a video has embedding disabled or restricted to certain domains.
Objectives for this Resource:
Security controls in Salesforce largely fit into one of the following classifications:
- Organization Security: When (Login Hours), where (Login IP Ranges), and how (UI/API/etc.) a user can login.
- Object Security: What actions a user can take on the records of a particular object (in conjunction with record security).
- Record Security: What actions a user can take on an existing record (in conjunction with object security).
- Field-Level Security: Determines which fields a user can view and update for each object.
Explain how to determine what security permissions are required in order to complete an action in Salesforce.com.
Security at all applicable levels is required in order to complete an action.
For example, in order to create a lead record, a user must authenticate (organization security) and must have create access to the lead object (object security). Field-level security will then determine which fields the user can view and modify.
All actions require an active session (organization security allowed), and:
- Create a record: Create on Object, Edit on Field
- View a record: Read on Object, Read on Record, Read on Field
- Edit a record: Edit on Object, Read/Write on Record, Edit on Field
- Delete a record: Delete on Object, Full Access on Record
Organization-wide default settings determine the default record-level permissions granted to all users for all records within each object. For example, setting the Account object to “Public Read/Write” will ensure that all users have “Read/Write” record-level permissions to all account records.
- Private: No record access granted
- Public Read Only: Read only record access granted
- Public Read/Write: Read/Write record access granted
- Public Read/Write/Transfer (Only: Cases, Leads): Read/Write plus transfer (ability to change the record owner) permissions granted
- Controlled by Parents (Only: Contacts, Activities): Parent record controls access
- Public Full Access (Only: Campaigns): Read/Write/Delete access granted
Describe how the sharing button can be used to monitor record access and facilitate manual record sharing in Salesforce.com.
The sharing button will appear (in Salesforce Classic only) when added to the page layout and the Org-Wide Defaults for the object are set to Private or Public Read Only.
This button can be used to determine who has what level of access to a record. The default view shows the grants providing access to the record, while the expanded view shows all users provided access.
In addition, users with Full Access to a record can manually share access to the record.