5. Security and Access

Questions and Answers

What is the primary function of a user license in Salesforce?

It grants instant access to all Salesforce features.

It defines the maximum features a user can access within Salesforce. (correct)

It determines the specific data that users can view.

It automatically assigns permissions to a user.

Which type of Salesforce license allows access to standard and custom objects/applications?

Permission Set License

Feature License

Salesforce License (correct)

Salesforce Platform License

What do feature licenses in Salesforce directly provide?

Automatic assignment of profiles.

Access to specific features bypassing limitations set by user licenses. (correct)

Permissions to view all standard objects.

Access to additional user accounts.

How do permission set licenses differ from feature licenses?

Permission set licenses require associated permission sets for access.

What is the consequence of a user license determining maximum feature access?

Actual access is granted through profiles and permission sets.

To what extent can a Salesforce Platform License be used?

It permits use of custom objects/apps and limited standard objects.

What is recommended for companies when assigning user licenses?

To select the most basic license that fulfills employee needs.

What role do permission sets play in user access management in Salesforce?

They define the maximum permissions a user can have.

What is the primary purpose of a user's profile in Salesforce?

To define the foundational level of permissions for feature access.

How do permission sets relate to user profiles?

They provide additional permissions beyond what profiles allow.

Which component is crucial for protecting Salesforce against unauthorized access?

Org Level Security

What combination of permissions does object level security control?

Access and operations on standard and custom objects.

What limitations do field level security settings impose?

They restrict user visibility and edit capability for fields.

What access levels are defined by Organization Wide Defaults (OWDs)?

Private, Public Read Only, and Public Read/Write.

How can users mute permissions in permission set groups?

By disabling specific permissions within a group.

Which statement correctly defines record level security in Salesforce?

It determines which actions can be performed on all records.

What is the main function of roles in the Salesforce sharing model?

To represent the organizational hierarchy for sharing records.

What happens if a user does not have the necessary object permissions?

They won't be able to perform any actions on data related to that object.

Which statement about standard profiles in Salesforce is correct?

They must be cloned for any customization.

How do Organization-Wide Defaults (OWDs) influence data access in Salesforce?

They set the least restrictive access level for records on an object-by-object basis.

What does muting a permission set do?

Disables specific permissions temporarily.

Which of the following is true about multi-factor authentication (MFA) in Salesforce?

It will be mandated in all Salesforce environments in 2023.

What role does the Role Hierarchy play in record sharing?

It propagates record access vertically while restricting lateral sharing.

What purpose do Public Groups serve in Salesforce?

They assist in sharing records by grouping users with similar needs.

What are Sharing Rules and how do they enhance record access?

They provide access to users based on ownership or record field values.

When is Manual Sharing typically employed?

For temporary sharing needs on a case-by-case basis.

What are Restriction Rules used for in Salesforce?

To enforce data security by removing access based on criteria.

How do Custom Permissions extend the Salesforce security model?

By allowing administrators to create unique permissions for specific needs.

What impact do trusted IP ranges have on user access in Salesforce?

They allow logging in from specified addresses without additional verification.

What result does setting Organization-Wide Defaults to 'Public Read Only' have?

Users can view all records, but cannot edit them.

What is the main feature of role-based sharing in Salesforce?

It enables users to inherit record access from their subordinates.

Which of the following best describes the purpose of Public Groups?

They facilitate record access through sharing rules and can include various member types.

What are Sharing Rules used for in Salesforce?

They are used to apply record access based on ownership or field criteria.

What is a key characteristic of Manual Sharing?

It is user-driven and ideal for occasional, one-off access needs.

What does a Restriction Rule do in Salesforce?

It removes access to records that do not meet specific criteria.

What is the function of Custom Permissions in Salesforce?

To control access to specific custom operations and customizations.

How does the Role Hierarchy limit record sharing in Salesforce?

It only allows sharing to subordinates under a manager's role.

What types of objects do Sharing Rules support?

Both custom and standard objects.

What is a Queue in Salesforce primarily used for?

To group users who can share ownership of a record.

Which statement best represents the function of User Licenses?

They determine the maximum features and functionalities a user can access in Salesforce.

How do Profiles and Permission Sets differ in managing user permissions?

Profiles are mandatory, while Permission Sets are optional adjustments.

Which of the following is NOT a characteristic of Restriction Rules?

They grant higher access privileges to certain users.

What aspect of sharing does the 'Grant Access Using Hierarchies' checkbox influence?

It determines if record access propagates up the role hierarchy.

What type of sharing access do criteria-based Sharing Rules provide?

Read or read/write access depending on criteria.

What is the primary function of Organization-Wide Defaults (OWDs) in Salesforce?

To set the default level of record access for all users

How does the Role Hierarchy in Salesforce affect record access?

Record access is inherited vertically among users

What is a key difference between Owner-based sharing rules and criteria-based sharing rules?

Criteria-based rules grant access based on record field values

Which type of sharing allows users to grant access to records on a case-by-case basis?

Manual Sharing

How do Profiles and Permission Sets differ in terms of user access?

Profiles limit access while permission sets add additional permissions

What is the purpose of a custom permission in Salesforce?

To control access to customizations or operations not covered by existing permissions

What does a feature license do compared to a permission set license?

Directly grants access to specific Salesforce features

Which statement about Object Level Security is true?

It controls access to standard and custom objects

What is the impact of field level security in Salesforce?

It allows administrators to control visibility and edit access to individual fields

How are Public Groups used in Salesforce?

To allow collection of users that can be granted record access through sharing

When using queues in Salesforce, what is their primary purpose?

To collectively distribute ownership of records among a group of users

What is the role of a Permission Set License?

To expand the possible permissions a user can have beyond their user license

What is a significant limitation of the sharing model in Salesforce?

Sharing only propagates vertically in the Role Hierarchy

Study Notes

User Licenses and Permissions

• User licenses define the maximum features accessible within Salesforce.
• A license is required for login.
• Types include Salesforce License (most access) and Platform License (limited access).
• License assignment is made when creating/editing a user record.
• License dictates possible access; actual access is determined by profiles & permission sets.

Extending User Access

• Feature Licenses: Grant specific feature access beyond the user's base license.
• Permission Set Licenses: Allow access to add-on products (e.g., Field Service) but require associated permission sets for feature access.
• Feature licenses grant direct access; permission set licenses require a permission set.
• Both enable access to features without needing a more expensive license.

Profiles

• Profiles define features and operations accessible to users.
• Each user has exactly one profile.
• Manage org access, user interface, objects, fields, and administrative settings.
• Standard profiles have limited customization; custom profiles are created by cloning and customizing.
• Permissions assigned via profiles cannot be revoked by other means.

Permission Sets

• Permission sets grant additional permissions besides the profile.
• Control user interface, objects, and fields (standard and custom).
• Permission sets can be grouped together.
• Muting option within a permission set group can disable permissions.
• Users can have multiple permission sets for temporary or specific needs.

Organization-Level Security

• Org-level security controls access to the Salesforce organization.
• Components include password policies, login hours, login IP ranges, MFA, and trusted IP ranges.
• Strong org security protects against unauthorized access.
• MFA is mandated by Salesforce in late 2023.

Object Level Security

• Object-level security controls access to standard and custom objects.
• Determines actions users can take on these objects (Read, Create, Edit, Delete, etc.).
• View All/Modify All permissions override record-level security.
• Permissions required for object actions regardless of record/field permissions.

Field Level Security

• Field-level security controls user access to specific fields on records.
• Access levels include No access, Read, and Read/Edit.
• Managed via profiles, permission sets, and field creation settings.
• Protects sensitive information with granular data visibility.

Record Level Security

• Record-level security controls access to specific records.
• Permissions include Read, Edit, Transfer, Delete, and Share.
• Each record has an owner with full access.
• Sharing models (OWDs, Roles, Groups, Sharing Rules, Manual Sharing) determine access for non-owners.

Organization-Wide Defaults (OWDs)

• OWDs define default record access for all users in an organization.
• Access levels include Private, Public Read Only, and Public Read/Write.
• Set on an object-by-object basis, affecting master-detail relationships.
• OWDs are the most restrictive element of the sharing model.

Role Hierarchy

• A representation of the company's organizational structure.
• Users in higher roles inherit record access from lower roles.
• Key element for record-level security, propagating full record access vertically.
• Control with "Grant Access Using Hierarchies" checkbox on Sharing Settings.

Public Groups

• Public groups are collections of users for targeted sharing.
• Members can be users, roles, roles and subordinates, and other groups.
• Access propagation through the role hierarchy can be controlled.
• Useful for shared report/dashboard access.

Sharing Rules

• Rules grant record access based on ownership or field criteria.
• Types include owner-based and criteria-based.
• Supported for custom and standard objects (except Campaigns).
• Access granted through sharing rules propagates up the role hierarchy.

Manual Sharing

• Allows users with full record access to share with others (read or read/edit).
• User-driven, ideal for one-time sharing.
• Access revoked when record owner changes.

Restriction Rules

• Filters that remove access to records that don't meet criteria.
• User-based and record-based filtering for custom/external objects.
• Restriction rules remove access, they don't grant access.

Custom Permissions

• Permissions created for specific customizations or operations.
• Granular control over customizations.
• Created in Setup, assigned in profiles/permission sets.

Queues

• Queues are user groups for record ownership or distribution.
• Members have full record access and can take ownership.

Quiz Questions and Answers

(summarized):

• User Licenses: Defines maximum features; base security setting, dictates possible access.
• OWDs: Default level record access; determines initial record access.
• Role Hierarchy: Inherits record access; vertical propagation of access.
• Public Groups: Collections of users for access control; easier bulk sharing.
• Sharing Rules: Conditions for record access; expands OWDs/Role Hierarchy.
• Manual Sharing: User-driven record sharing; provides one-time access.
• Restriction Rules: Removes access; filters based on criteria.
• Custom Permissions: Tailored permissions for customizations; granular control.
• Feature/Permission Set Licenses: Feature licenses grant specific access, permission set licenses grant access to add-on products.
• Profiles/Permission Sets: Profiles grant base access; permission sets add extra access; cannot remove base access with permission sets.

Essay Questions (summarized):

• Combination of OWDs, Role Hierarchy, and Sharing Rules: Integrated approach for record level security in Salesforce; provides diverse access level settings.
• Profiles vs. Permission Sets: Profiles provide baseline access while permission sets add extra access based on need; explain muting permission sets for efficiency.
• Org Level Security: Components like password policies, login hours, trusted IP addresses, MFA; provides necessary authentication and restriction to protect data from unauthorized access.
• Object/Field Level Security: Encourages a layered approach for access control.
• Sharing Model: Sharing model with its components (OWDs, Rules, Roles, Hierarchy, Queues, etc.); discusses its limitations.

Glossary of Key Terms (summarized):

(Each term is defined concisely as in the provided glossary).

Description

Test your knowledge on user licenses, permissions, and profiles within Salesforce. This quiz covers the types of licenses, feature licenses, and how profiles dictate access to features within the platform. Understand the differences between various licensing options and their impact on user capabilities.