Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
66 Cards in this Set
- Front
- Back
|
Explain the concept of record ownership. |
Every record in Salesforce must have an owner. Records can be owned by either users or queues. By default, the user that creates the record is the owner. Record owner is typically used to determine responsibilities (e.g. I manage the leads that I own), reporting (I am credited for the opportunities that I own), record security, and for a variety of other purposes. |
|
|
Describe the capabilities of the User Sharing feature. |
User Sharing allows an administrator to set the user object org-wide default (OWD) to private. This feature is enabled by default for orgs created after the Winter 14 Release. |
|
|
Describe how access to data and functionality is structured within Salesforce. |
Organization Security: When (Login Hours), where (Login IP Ranges), and how (UI/API/etc.) a user can login. |
|
|
Explain who can delete records in Salesforce. |
To delete a record, the user must have the "Delete" object permission (profile or permission set) and "Full Access" to the record. "Full Access" is typically granted to the record owner, users higher in the role hierarchy than the record owner, and system administrators. |
|
|
Describe profiles and their influence on security. |
Each user is assigned a one profile, which is instrumental in determining a user’s functional access (apps, tabs, object-level permissions), how information is displayed to the user(page layouts, record types, field-level security), and a wide range of other permissions. |
|
|
List and describe the standard profiles. |
Ensure that you understand the Salesforce license standard profiles: |
|
|
Explain when to create a custom profile. |
As customization of standard profiles is limited, create custom profiles prior to assigning users to profiles. |
|
|
Describe permission sets, and common use cases where they are appropriate. |
Whereas the profile is used to set the foundation for a user's privileges, permission sets are optionally used to extend a user's privileges. |
|
|
Describe how Organization-Wide Defaults (OWDs) influence security. |
Organization-wide default settings determine the default record-level permissions granted to all users for all records within each object. For instance, setting the Account object to "Public Read/Write" will ensure that all users have "Read/Write" record-level permissions to all account records. |
|
|
Describe roles and their influence on security. |
A user's role sets the foundation for what records and folders they can access. Users are granted full access to records owned by users in subordinate roles on objects where "Grant Access Using Hierarchies" is enabled. |
|
|
Describe groups and their influence on security. |
Public groups are used to streamline the process of sharing access to records and folders. A group is compromised of users, roles, and other groups. |
|
|
Describe sharing rules, and when their usage is appropriate. |
Sharing rules are used to extend record access to users within specified roles or groups. |
|
|
Describe a queue's influence on security. |
Ensure that you understand the fundamentals of queues - see User Setup & Login Process – Free for more. |
|
|
Explain how manual sharing can be used to extend record access. |
Users can manually share access to records that they own with other users, roles, and groups. |
|
|
Describe delegated administration. |
Whereas profiles and permission sets grant the ability to administer all users and objects, delegated administration allows administration of only specified users (based on roles/profiles) and specified custom objects. |
|
|
Describe the resources to monitor Salesforce system performance and security. |
Use trust.salesforce.com to monitor system and security status, as well find best practices from Salesforce. |
|
|
What is manual record sharing? |
By clicking “Sharing”, a user can manually share access to this record with other groups, roles, and users. The user must first have “Full Access” to the record. |
|
|
How do you view who has access to a particular record and it's related information and records? |
On the desired record, click 'Sharing' then 'Expand List'. You can click 'Why?' next to a user's name to see the reason the user has access to the record. |
|
|
What is Delegated Administration? |
Delegated administration allows named users to manage other users within selected roles and profiles, as well as manage fields on selected custom objects.Correct – a delegated admin cannot manage the FIELDS on a standard object. A delegated administrator cannot be delegate admin for system administrator bc system admin has more rights. |
|
|
Why use Delegated Administration? |
Delegated administration allows you to specify which users (based on role/profile) and custom objects (standard objects excluded) a delegated administrator can manage. |
|
|
What is trust.salesforce.com? |
Trust.salesforce.com is the salesforce.com community's home for real-time information on system performance and security. |
|
|
When can you log in as another user? How? |
If you are system administrator, you can log in as another user. Go to Users then click the 'Login' link next to the user's name. |
|
|
What is a group? |
A group is comprised of users, roles, and other groups. There are two types of groups: Public groups and personal groups. |
|
|
What is a public group? |
Public groups are created and maintained by administrators, and can be referenced in org-wide configuration (such as sharing rules). |
|
|
What is a personal group? |
Personal groups are created and maintained by users, and can only be referenced in select configuration (such as Outlook contact synchronization). |
|
|
Why use public groups? |
Use public groups to streamline the process of sharing access to records and folders with a collection of users. |
|
|
When would you use public groups? |
1. Sharing access to records or folders with named users 2. Sharing access to several resources to the same collection of users within specified roles. (You could configure the sharing criteria for multiple folders, or create a public group with the roles, and share access to each folder with the group.) |
|
|
Name 2 important considerations when creating and using groups. |
1. There is no way to monitor where groups are referenced (e.g. you have to view each individual report folder, sharing rules, etc.). For this reason, make sure to have a clear documentation and usage strategy for groups (or at a minimum, a very clear naming convention). |
|
|
What is the role hierarchy? |
The role hierarchy provides a framework to structure access to records and folders in your organization. |
|
|
What is the significance of a user’s role? |
Each user is assigned one role, which sets the foundation for their access to records and folders. |
|
|
What is “Grant Access Using Hierarchies”? |
“Grant Access Using Hierarchies” is a setting for configuring organization-wide defaults (Setup –> Security Controls –> Sharing Settings). For most standard objects, the option is always enabled. For custom objects, it is enabled by default but can be disabled. Users are granted full access (create, read, edit, delete) record-level permissions to the records meeting both criteria: * The record is owned by a user in a subordinate role. |
|
|
What is a permission set? |
Permission sets are optionally assigned to a user to grant them privileges in addition to their profile. |
|
|
Why use permission sets? |
Using permission sets effectively can help you reduce the number of profiles needed in your Salesforce org, which can dramatically reduce administrative overhead in some scenarios. |
|
|
When is the use of permission sets appropriate? |
Use the profile to set the foundation for a user’s privileges. Then use permission sets to grant additional privileges for one-off cases, or instances where the same set of privileges must be granted for users that are assigned to different profiles (e.g. providing access to a 3rd party application shared by several departments). |
|
|
Describe a scenario in which it would be appropriate to use permission sets. |
1) Your standard profile of Inside Sales Rep may not include the ability to delete leads, but you have one sales rep who needs to be able to delete leads. Instead of creating a new customer profile just for this sales rep, you can create a permission set (ie "Delete leads") and add this permission set to her user record in order to give her this ability while the other Inside Sales Rep profiles will not have that ability.
2) Your organization has an application to track job applicants, which multiple departments will be using. If you were using just profiles, you would have to create a new one for each user by cloning the existing assigned profile and then adding the required privileges. Instead, you could create a single permission set that grants the appropriate privileges and grant that permission set to each user as needed. |
|
|
Can permission sets grant and revoke privileges? |
No, permission sets can only grant, NOT revoke, privileges. You can remove the permission set to revoke that access that permission set gave. |
|
|
Are permission sets optional? |
Yes, permission sets are optional |
|
|
Can a user be assigned more than 1 permission set? |
A user is assigned 0 to many permission sets. |
|
|
Does the profile control elements that a permission set cannot influence? |
Yes, the profile controls some elements such as the page layout assignment that a permission set cannot influence. |
|
|
What is a profile? |
A profile is a collection of permissions and settings that is instrumental in determining a user’s functional access (apps, tabs, object-level permissions), how information is displayed to the user (page layouts, record types, field-level security), and a wide range of other permissions. |
|
|
True/false: Each user must be assigned one profile. |
TRUE: Each user must be assigned one profile. |
|
|
What’s the difference between standard and custom profiles? |
Standard profiles are included with Salesforce. Object-level and user permissions cannot be changed on these profiles. Standard profiles cannot be deleted.
Custom profiles are created by an administrator and can be fully customized. Custom profiles can be deleted. |
|
|
When should I create custom profiles? |
Generally speaking you’ll want to create custom profiles prior to assigning users to profiles. As you have limited ability to change standard profiles, it is generally a best practice to assign all users (with the exception of the system administrator) to custom profiles, in case you have to make changes to the profile later. |
|
|
True/false: One user record can only be assigned to one profile. |
TRUE: One user record can only be assigned to one profile. It is possible to create more than one user with the same email address – however, the username (which is typically the user’s email address) must be unique across all orgs. |
|
|
Why wouldn't you use a standard profile and then add permission sets as needed? |
You cannot modify most of the standard profiles. Yes, using permission sets for everything would create significant overhead managing all of the permissions on a per user basis. |
|
|
Name the 5 main types of security in Salesforce. |
* Organization Security
* Object Security * Record Security * Field Security * Folder Security |
|
|
What is Organization Security? |
Org-level permissions determines under what conditions a user can login to Salesforce, for example:
* When users can login (Login Hours) |
|
|
What is Object Security? |
Object-level permissions determines what actions (Create, Read, Edit, Delete) a user can perform on records of each object. |
|
|
What kind of permission does a user need to create a record of any object type? |
Create permission on the object level (ie Create permission on Accounts in order to create new Account records.) |
|
|
What kind of permission does a user need in order to perform an action on an existing record? |
The user needs the corresponding object-level permissions and record-level permissions. |
|
|
What is record security? |
The level of security placed on each record. |
|
|
Why are the 3 tiers of record-level permissions? |
* Read Only
* Read/Write * Full Access |
|
|
"Full Access" is granted to: |
*The record owner *Users higher in the role hierarchy than the record owner )when "Grant Access Using Hierarchies" is enabled) *Users with "Modify All" object-level permissions (including system administrators) *Members of a queue to all records owned by the queue |
|
|
True/False: You can share "Full Access" via sharing rules. |
False. It is not possible to share “Full Access” via sharing rules or other mechanisms at this time. |
|
|
If a user has edit permissions on a record, but not delete permissions, is there a way they can still delete that record? |
Yes. Beware that if they have the permission to 'transfer record', then they can transfer it to themselves to become the owner of that record, and then delete it. |
|
|
Name an object that does not have record owners and will not adhere to the record owner rules because of this. |
Products |
|
|
What 2 settings do field-level permissions have? |
*Visible *Read-Only |
|
|
What types of data are secured using folders? |
*Reports *Dashboards *Email templates *Documents *Similar to list views as well |
|
|
True/False: Read/write and full access are the same. |
False. Read/Write allows you to edit the record. Full access allows you to delete it. |
|
|
What are user permissions? |
User permissions specify what tasks users can perform and what features users can access. |
|
|
Describe Queues. |
Queues are used for a variety of purposes. Each queue can include multiple users, and is assigned to one or more objects. Members of the queue can then take ownership of a queue's records.
Example: leads generated from the company's website are routed to a lead queue. Members of the sales team then take ownership of leads owned by the queue as they have availability to call additional leads. |
|
|
What are Custom Permissions? |
Custom permissions can be used to define permissions within a custom application or process. A developer can define a permission to represent the user's ability to perform an action. This custom permission can then be assigned through the use of a profile or permission set. |
|
|
Describe the capabilities of Single Sign-On (SSO.) |
Single Sign-On provides the capability for a user to login to one system and have access to more additional systems facilitated systematically as a result. |
|
|
What is an example of SSO? |
A user may authenticate to their network through Active Directory and thereby be granted access to Salesforce.com without providing a username and password. |
|
|
What is the Salesforce App Launcher? |
The Salesforce App Launcher is a single sign-on portal, allowing users to launch both Salesforce and external applications (external apps via single sign-on.) |
|
|
How can you monitor Salesforce system performance and security? |
Trust.salesforce.com offers monitoring of system and security status, as well as finding best practices from Salesforce. |
