Security: Quiz

[QuizIntro]

[RCNotLoggedIn][/RCNotLoggedIn]

[RCLoggedIn]

[WpProQuiz 8]

[/RCLoggedIn]

32 thoughts on “Security: Quiz”

  1. For question 2, option 2 / B is very close to being the perfect option except that the permission set does not restrict to the 2 sales reps. If the answer is reworded as “Grant field-level visibility to the Delinquency Status field to the finance team, sales manager, and 2 sales reps via permission set”, wouldn’t that be the ideal answer over the current answer (which is option 4 / D). The reason being such a permission set would make future changes to the delinquency field visibility much easier than updating profiles and permission sets separately.

    Thoughts, John?

    1. Depends – if you are managing access to an application through a permission set then it is generally better to centralize permissions under the permission set. For one off scenarios like the question either can work.

  2. Hi John,

    First off, thank you so much for the quizzes (both of them). They’ve been extremely helpful.

    Out of curiosity, will there be any updates made (such as additional quizzes or questions) to the Security Quiz section? I know its a lot to ask but the question’s you’ve propose are challenging and its hard to find other sites that push the envelope as hard as you do.

    If time is limited for you and it’s better off referring me to other resources, that would be great too.

    Thanks alot!
    Pedro

  3. John:

    On question 1, “…ability to access several list views and a report folder”, I am interpreting that “access” means “what you can see” which I believe in this case, is driven by Public Group (The ones that see the list view and reports). Permission set would apply when deciding what can be done to each record. Am I right on my assumptions?

    Thanks

    1. Access meaning that they can select the list view. Being able to select the list view does not mean the user can see all of the records within.

      Access to the view is controlled independently of access to the records (however both rely heavily on roles, groups).

  4. Hi John, I would like to check with you about Q4. Look like only one account record is to be shared by Jim and the answer is the first one. If the question is changed to many opportunity records related to the account “Squared Wireless” are to be shared by Jim. What is the best solution? May we use criteria rule base to share the records? The second answer might be right. Many thanks for your advice! -Crystal

  5. Hi, could you clarify the answer to Q1? I struggled with it, but I guess I don’t understand sharing rules well enough. Is the reason for this answer (rather than D, which was what I chose) because it’s about record security rather than object security?

  6. Hello! This sentence is worded a bit awkwardly. I had to read it a couple times to understand this explanation:
    -Question 1, answer description-
    “Creating a public group would be ideal in this scenario regardless, as would be able manage the list of users in a centralized fashion…”

  7. Hey John ~ on question 2, I thought the right answer was D or the last answer – but chose the second because I thought the answers displayed were trying to trick me. Wouldn’t you have to create a custom profile for finance and sales managers? If so, I choose the other answer because it wasn’t specified.

    1. This is somewhat subjective – but the idea is that you would want to assign the permission with broad strokes at the profile and to the individuals using permission sets. You could use permission sets for everything but that would create a lot of manual work.

  8. Question number 2.

    I got it right. However, could we not get the same solution if assigning it to all eligible users via permission sets?

      1. But question 2 is about field level security. I was refering to the I love permissions tutorial, where they say we should have the minimum amount of profiles and then use permission sets.

        Could you kindly elaborate, why we could not grant access to commission field via permission sets for all eligible users.

        Regards,

        Matej Blatnik

        1. Gotcha- it depends on how you define “minimum”. Technically speaking, you could have one profile and use only permission sets for everything.

          The idea is that you define the shared baseline between users in a profile, and then use permission sets for the non-standard variances. For example, finance and sales are probably going to need separate profiles. If you have two separate profiles, you would define access to that field at the profile level. What you might consider implementing is 2 profiles: 1 finance, 1 sales. Then use permission sets for all sales manager and the 2 sales users – that would make sense if you wanted to further limit profiles.

        1. Correct- again you definitely need a permission set. The question would be whether finance and sales would share a profile… and although it is possible, most of the time that’s going to be very unlikely.

  9. Question 4 – That was a loaded question – maybe consider updating the question to be a little more prescriptive as I went for the answer, which on the surface is what I thought was the ‘best practice’ answer.

    Maybe something like “What would be the easiest and quickest way for for Jim to share the record with Jill”…..just a suggestion.

    1. It is a bit wordy but does drop hints to suggest that it should be a manual/quick solution, namely: Account collaboration is rare within your organization.

      All other solutions involve setup which would not be appropriate if that were the case. Thanks for the feedback!

  10. I don’t understand the difference in these answers to question 2:

    * Grant field-level visibility to the Delinquency Status field to the finance team, sales manager, and sales reps via permission set.

    * Grant field-level visibility to the Delinquency Status field to the finance team and sales manager profiles. Grant field-level visibility to the Delinquency Status field to the two sales reps via permission set.

    It seems like the same answer to me.

    1. The first choice was:
      By using a Permission Set rule, grant Field Level visibility to:
      Finance Team
      Sales Manager
      Sales Reps

      The second choice was:
      Grant field level visibility to:
      Finance Team
      Sales Manager
      but give the two reps access via Permission Set.

      Remember in using SFDC it’s better to ‘tie down’ over all and then ‘free up’ as needed. Could you have done it the first way? Yes, but it would’ve taken a lot of time to actually set it up to each member of the finance team and sales managers, not to mention, in the future it would be hard to track it back down in case rules change.

    2. The word TEAM threw me off. Can a profile be assigned to a TEAM? Thinking aloud, Sales Manager is technically a Team. But still, Finance Team to me would suggest many different profiles comprising a team 🙁

Leave a Reply