Salesforce Sharing and Visability
what is the territory model
A territory model represents a complete territory system. Modeling allows you to create and preview multiple territory structures and user/account assignments before activating the model.
sharing between accounts and child records
Access to a parent account—If you have access to an account's child record, you have implicit Read Only access to that account. Access to child records—If you have access to a parent account, you have access to the associated child records. The account owner's role determines the level of access to child records.
what versions of off line access is available with the mobile app
Offline access isn't supported in all versions of the downloadable mobile apps. Users must have version 10.0 or later of the Salesforce for Android app or the Salesforce for iOS app. Offline access isn't available in the mobile browser app.
how can you create an external profile
Purchasing a community license also allows you to create external profiles (beyond the guest user profile) to access your communities.
what added security feature in regard to contacts is available for mobile
Select Allow Salesforce to import Contacts from mobile device Contacts lists to let users in your organization import the contacts in their phone into the Salesforce app. Deselect this option to prevent users from importing contacts.
who can have a super user acess
anyone with partner community or customer community plus license
what are two types of partners
app exchange and consulting
what 3 objects does community super user access give
cases , leads and opportunities
what does the run as method do
change user context : to new or existing user the run as method doesnt enforce user permissions or field level permissions, only sharing. users can be created in run as even without availabel license
How do you run filter-based opportunity territory assignment?
click "run opportunity filter" on the territory hierarchy page
Do your users need access to leads , opps and campaigns : NO ? what license options are available
do you need sharing , reports or dashboards NO: customer community Yes:customer community plus
Under the setup menu, what page can be accessed by an admin to determine profiles, layouts and record types are assigned to certain fields
field accessibility
What is user managed sharing
User managed sharing allows the record owner or any user with Full Access to a record to share the record with a user or group of users. This is generally done by an end user, for a single record. Only the record owner and users above the owner in the role hierarchy are granted Full Access to the record.
what object gets created when you use territory management
UserTerritory2Association
where can you create territory roles
UserTerritory2Association object has a pick list field called Role in Territory. This field allows you to create picklist values to later assign and assign users to the role
what do sharing rows grant access to
Users and groups
Territory management has two default access levels for account what are they
users can view and edit view edit transfer and delete
how does the data cache work with the mobile app
users can create records for cached objects, edit and delete cached records, and keep track of all offline changes from a central place. And when the Salesforce app is back online, it automatically syncs pending changes to Salesforce an
why use a share group for high volume community users
users don't have roles, performance issues associated with role hierarchy calculations are eliminated. Use a share group to share records owned by high-volume community and portal users.
what are the 4 segments a reprot or folder can be shared with
users, groups , roles or territories
t/f you must turn on territory management
yes, From Setup, enter Territory in the Quick Find box, and then select Territory Settings. Click Enable Enterprise Territory Management.
Can you enable offline access for the mobile app
yes, data is cached securely on the device.
with the mobile app can you remotely wipe the data on the phone
yes, data wipe is available
do you have to enable Salesforce mobile web for users
yes, it is on by default
by default community license users only have access to records they own( a case created by them in portal) how can you expand that access
you can create a sharing set in the Communities settings select profile select objects to share Objects with an organization-wide sharing setting of Public Read/Write Custom objects that don't have an account or contact lookup field external sharing can not be more permissive than internal
session based permission sets
you can limit functional access for select permissions in a permission set to an activated session. When a session ends for any reason, a session-based permission set must be activated again before the user can access restricted resources.
if you have set OWD to private what options do you have to open up record access
you can use the role hierarchy or sharing rules
how do territories structures get created
you create a type then a territory hierarchy model within that you create nested territories like current year east coast
To create an account team what access must you have on the account
you must have edit on the account. to edit or delete an account team you must be the account owner above owner in role hierarchy granted full access admin
how can you share records programmatically
you must use the share object associated with the standard or custom object for which you want to share. For example, AccountShare is the sharing object for the Account object, Job__Share is the sharing record for the Job object
when setting up an opportunity team what are some considerations
you set read write access or read access for team members only opportunity owners or users above the owner can add or remove team members you can add account team to the opportunity
how does filter based opportunity work
you use an apex class and job to auto assign opportunity based on number scale and then
can you use territory as a criteria for sharing something
no, but you can use a sharing rule based on record ownership. If you are in "A" territory "B" can see your record.
does the run as method enforce user permissions or field level permissions
no, only record shares
what is the method for determining if data derived from a processed visual force page or controller can be updated by the user. how can you check if the user has update access to the Contact.Name field
schema.sobjecttype.contact.fields.name.iSuPDATEABLE()
what is the method for determining if data derived from a processed visual force page or controller can be created by the user. how can you check if the user has create access to the Contact.Name field
schema.sobjecttype.contact.fields.name.isCreatable()
when creating a territory type what other option do you have to set
the priority 1 to 100, this is used to make a scheme or heiarchy
what is customize app
this permission will allow users to do many things including set field level security, create record types and view encrypted data.
what is the object record table
this table indicated which user , group or queue own each record
What objects support External Org-Wide Defaults?
- Accounts (and associated contracts and assets) - Cases - Contacts - Opportunities - Custom Objects - Users
how do you disable HTML encoding
<apex:outputText escape="false"> Hello {!$CurrentPage.parameters.userName} </apex:outputText>
how can you add an extra layer to data protection on mobile app
2fa enforce pin code (app-specific PIN code for the Salesforce app so it locks after a period of inactivity)
what are member-based license
A Community member-based license works like a standard Salesforce internal license: external users with a member-based license are able to access a community as many times as they want. The only difference is that external users do not have access to the internal org.
What are partner-based licenses?
A partner-based license is considered an external license, and gives you the power to buy a specific number of licenses for your partner accounts. Each partner account with an assigned license is given up to 40 partner users. User licenses are pooled, making it less likely for individual partners to exceed their user limits. Additional users, beyond the typical 40, can be purchased if necessary.
what runs in user context
A user browses the application via the standard Salesforce-provided UI A user views a Visualforce page that uses a standard controller A user views a Visualforce page that references objects with standard object notation The platform executes Anonymous Apex via console or API calls An application on the platform makes a standard API call
when a mobile user looses the device what options are available
AWhen a user's device is lost or stolen, it's best to revoke their access to the Salesforce app. Revoking access ends the user's current session and wipes the data from the device.
what are the two tokens used in OAuth
Access Token A value used by the Salesforce app to gain access to Salesforce on behalf of the user, instead of using the user's Salesforce credentials. The access token is a session ID Refresh Token If a user's session has expired, the Salesforce app attempts to use the refresh token to obtain a new access token so the user doesn't have to reauthenticate.
Sharing behavior for portal users
Account and case access—An account's portal user has Read Only access to the parent account and to all of the account's contacts. Management access to data owned by Service Cloud portal users—Since Service Cloud portal users don't have roles, portal account owners can't access their data via the role hierarchy. To grant them access to this data, you can add account owners to the portal's share group where the Service Cloud portal users are working. This step provides access to all data owned by Service Cloud portal users in that portal. Case access—If a portal or customer community plus user is a contact on a case, then the user has Read and Write access on the case.
what is the difference between a sharing set and a sharing group
After creating a share set you select the share group settings and activate. you can add group members from public groups, roles , territories and users. Also, the share groups functionality isn't available to users with Customer Community Plus and Partner Community licenses.
what is Oauth
An open http authentication framework based on RFC 6749 which provides third-party applications delegated access to resources without passing user credentials.
what runs in system context
Apex Classes (including web services) Apex Triggers Apex web services called from the API
What is Apex managed sharing?
Apex managed sharing enables developers to programmatically manipulate sharing to support their application's behavior through Apex or the SOAP API. (Maintained across record ownership changes.)
where are apex sharing reasons displayed
Apex sharing reasons are defined on an object's detail page
List three impacts of XSS against internal users.
Arbitrary requests — An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download — XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. Log keystrokes — The attacker can monitor keyboard entries, possibly finding usernames and passwords to access accounts at later dates.
what are characteristics of high volume community users
Are contacts enabled to access a community. Are assigned to the Customer Community, High Volume Customer Portal, or Authenticated Website license. Only share the records they own with Salesforce users in sharing groups.
what is a service provider in regard to SSO
Authenticated users can flow from an external identity provider into Salesforce. In this case, Salesforce is a service provider—users want to get access to this service, and their identity provider allows them to do so. This Salesforce configuration is common because often your company is already using an identity provider. The identity provider could be one of several on the market, like Microsoft's Active Directory Federation Services (ADFS), Ping Identity's PingFederate, open-source Shibboleth, or ForgeRock's OpenAM.
Common XSS Mitigations
Blacklisting — Specific "bad" characters or combinations of characters are banned, meaning they can't be entered or stored. The developer creates a list of known bad characters (such as HTML or script tags) and throws an error if any bad characters are in the input. Whitelisting — Only characters or words from a known list of entries are permitted, preventing malicious input. For example, if the user enters anything besides numbers in a phone number field, the application throws an error.
what is object level security refered to in salesfroce
CRUD : create read update delete. this is applied at the profile level and can restrict actions useres take on objects
what are the benefits of caching mobile app
Caching data on the device improves the overall performance of the Salesforce app. The app is faster when retrieving records that have previously been cached. Even if you disable offline, we strongly recommend leaving caching enabled unless your company's security policy explicitly prohibits data caching on mobile devices.
What are Apex Sharing reasons?
Can be created declaratively but are used by developers to define reasons for access. Apex sharing reasons can be also selected when manually sharing a record. Exist only for custom objects.
what are the standard field encryption restrictions
Cannot be unique, have an external ID, or have default values. For leads are not available for mapping to other objects. Are limited to 175 characters because of the encryption algorithm. Are not available for use in filters such as list views, reports, roll-up summary fields, and rule filters. Cannot be used to define report criteria, but they can be included in report results. Are not searchable, but they can be included in search results. Are not available for: Connect Offline, Salesforce for Outlook, lead conversion, workflow rule criteria or formulas, formula fields, outbound messages, default values, and Web-to-Lead and Web-to-Case forms.
what are 3 use cases for communties
Connecting with customers Driving sales with partners Interacting with employees
Creating Apex Managed Sharing for Customer Community Plus users
Customer Community Plus users are previously known as Customer Portal users. Share objects, such as AccountShare and ContactShare, aren't available to these users. If you must use share objects as a Customer Community Plus user, consider using a trigger, which operates with the without sharing keyword by default. Otherwise, use an inner class with the same keyword to enable the DML operation to run successfully. A separate utility class can also be used to enable this access.
six Communities licenses for external users
Customer Community, Customer Community Plus, Partner Community, Lightning External Apps Starter, Lightning External Apps Plus, and Channel Account.
what is DOM based XSS
DOM-based XSS occurs when an attack payload is executed as a result of modifying the web page's document object model (DOM) in the victim user's browser. The web page itself is not changed, but its client-side code executes in a malicious way because of these DOM changes
what class includes a number of helper functions you can use to verify user access level
DescribeSObjectResult
how can you avoid data skew
Design architecture to limit account objects to 10,000 children. Some possible methods include creating a pool of Accounts and assigning children in a round robin fashion or using Custom Settings for the current Account and the number of children. If possible, consider a Public Read/Write sharing model in which the parent account stays locked, but sharing calculations don't occur. If you have a skewed account, redistribute child objects in chunks during off-peak hours to lessen the impact of record-level lock contention. Batch Apex or the Bulk API are useful ways to re-parent.
what are Configure Mobile Compliance Policies
Disable the ability to copy and paste from Salesforce to other mobile apps. Prevent the ability to print from the Salesforce app. Require the use of a specific mobile email client for Salesforce. Disable file sharing from Salesforce to other mobile apps.
What are the different community license types?
Each community license can be either a member-based license or a login-based license, totaling nine different community licenses:
what is the encryption type for standard fields
Encrypted fields are encrypted with 128-bit master keys and use the Advanced Encryption Standard (AES) algorithm. You can archive, delete, and import your master encryption key. To enable master encryption key management, contact Salesforce.
Do I need communities licenses in my org to give access to communities?
Even without communities licenses, external users have some access to your communities. Purchase Community Cloud licenses to allow members to log in or give access to Salesforce objects based on your business needs. If you intend to use your community as a public knowledge base for unauthenticated (or guest) users, you can do so without purchasing communities licenses. For example, guest users can access publicly available community pages to read content, review knowledge articles, and perform tasks which do not require them to log in (such as creating cases).
how does the flow of events during OAuth authorization depend on the state of authentication on the device.
First Time Authorization User opens the Salesforce app. An authentication page appears. User enters their username and password. The Salesforce app sends the user's credentials to Salesforce and, in return, receives a session ID as confirmation of successful authentication. The app starts. Ongoing Authorization User opens the Salesforce app. If the session is active, the app starts immediately. If the session has expired, the Salesforce app uses the refresh token from its initial authorization to get an updated session ID. (However, if the refresh token has expired, the user must reenter their credentials.) The app starts.
what is the difference between field level security and accessibility
From the field accessibility grid, you can click any field access setting to change the field's accessibility in the page layout or in field-level security. The Access Settings page then lets you modify the field access settings.
What is a high volume community user
High-volume community users are limited-access users intended for orgs that have thousands to millions of communities users.high-volume community users don't have roles, which eliminates performance issues associated with role hierarchy calculations. High-volume community users include the Customer Community, High Volume Customer Portal, and Authenticated Website license types.
what limitations impact high volume community users access
High-volume community users can't manually share records they own or have access to. You can't transfer cases from non-high-volume community users to high-volume community users. High-volume community users can't own accounts. You can't add case teams to cases owned by high-volume community users. You can't include high-volume community users in: Personal groups or public groups. Sharing rules. Account teams, opportunity teams, or case teams. Salesforce CRM Content libraries. These limitations also apply to records owned by high-volume community users. You can't assign high-volume community users to territories.
what is the method for determining if data derived from a processed visual force page or controller can be displayed to the user. how can you check if the user has read access to the Contact.Name field
If(!schema.sobjecttype.contact.fields.name.isaccessible()) Return
what 2 options are available for using the salesforce mobile app
Implement the app on its own using connected app policies. Implement the app with an MDM solution.
what is a identity provider in regard to SSO
In the process of authenticating users, SAML exchanges identity information between the holder of the information, called an identity provider (IdP), and the desired service, called a service provider. In the case where a user logs in to Salesforce and then accesses Gmail, Salesforce is the identity provider, and Google is the service provider. Salesforce can be both a service provider and identity provider.
what are the 4 methods of DescribeSObjectResult
IsCreateable() IsAccessible() IsUpdateable() IsDeleteable()
what is my domain
It's a Salesforce Identity feature that lets you personalize your Salesforce org by creating a subdomain within the Salesforce domain you are required to use my domain for sso auth providers lightining components
what is OPen ID Connect
Like SAML, OpenID Connect is a protocol based on OAuth 2.0 that sends identity information from one service to another. Unlike SAML, OpenID Connect is built for today's world of social networks. Have you ever installed a new app and come across a prompt like "Log in with your Google account"? That app is using the OpenID Connect protocol. When you sign in with Google, you're not creating an account and another password. Only Google holds that information.
What is Managed sharing
Managed sharing involves sharing access granted based on record ownership, the role hierarchy, and sharing rules:
why use a territory model
Modeling allows you to create and preview multiple territory structures and user/account assignments before activating the model.
what are core principles for group sharing
Moving users from one group to another trigger organization wide group membership locks, so highly dynamic groups can have a negative impact on performance. The use case which will provide peak performance includes a group of users who share the same visibility and don't frequently move from one group to another via an automated process. The sharing performance benefit will decrease as the number of group members decreases, and the frequency of user movement within the groups increases.
what is the difference between portal and community licenses
NOTE If your org has legacy portal licenses, you don't need to purchase communities licenses to use communities.
what are the levels / heiarchy for record level sharing
Organization-wide defaults • Role hierarchy • Territory hierarchy • Sharing rules • Teams • Manual sharing • Programmatic sharing
Do your users need access to leads , opps and campaigns : YES ? what options are available
Partner Community
what is reflective xss
Reflected XSS occurs when malicious input is sent to a server and reflected back to the user on the response page.
what 4 options are available for selection on refresh token policy
Refresh token is valid until revoked Immediately expire refresh token Expire refresh token if not used for X Expire refresh token after X
What are three protocols that salesforce and other identity vendors use
SAML OAuth 2.0 OpenID Connect
What Does Salesforce Identity Do?
Salesforce Identity lets you give the right people the right access to the right resources at the right time. You control who can access your orgs and who can use apps running on the Salesforce Platform, on-premises, in other clouds, and on mobile devices.
when you are ready to build a community what are two standard options do you have for building
Salesforce Tabs + Visualforce Pros templates
how does Salesforce prevent XSS
Salesforce automatically HTML encodes any values and merge fields placed in HTML context. This includes all standard functionality, as well as Visualforce pages and components The platform changed "<" and "<" into "<" and ">" by automatically HTML encoding the special characters.
What is SAML
Security Assertion Markup Language - is an XML based data format used for SSO on web browsers When you want users to move seamlessly between Salesforce orgs and applications without logging in repeatedly, you set up single sign-on (SSO). Security Assertion Markup Language (SAML) is the protocol that makes it happen.
What Features Does Salesforce Identity Provide?
Single sign-on Connected apps Social sign-on Two-factor authentication My Domain Centralized user account management User provisioning Identity Connect App Launcher
what is the benefit to temporarily blocking a connected app / mobile app
Some updates to connected app policies—like the custom attributes, for example—only take effect after users log out of the app and log back in. By blocking the app and then reenabling it, you can force all mobile users to reenter their credentials. This ensures your latest and greatest security settings have been applied.
what is stored xss
Stored XSS occurs when a malicious input is permanently stored on a server and reflected back to the user in a vulnerable web application. This often occurs when a malicious value can be stored in a database and retrieved, such as with a message board post or data in a user profile.
Define the three types of XSS attacks.
Stored XSS —. Reflected XSS DOM-based XSS
what are the Mobile Session Settings
TIMEout policy : if you do not set this value it defaults to the user profile value High assurance session required
how do you enable Enable Filter-Based Opportunity Territory Assignment
Territory Settings, Select the checkbox to enable filter-based opportunity territory assignment. Enter the class name : pTerrAssignDefaultLogicFilter.
where in the soap api can you activate a session for a permission set
The PermissionSet object in the Soap API contains a field called HasActivationRequired, a boolean that indicates whether the permission set requires an associated active session (true) or not (false). Insert a record into the SessionPermSetActivation object with the combination of session ID and permission set to achieve the activation
what is the trust status
The Recent System Status section shows information from trust.salesforce.com about your instance's system performance over the last 24 hours. Trust.salesforce.com is Salesforce's website to provide transparency around service availability, performance, security, privacy, and compliance. Trust status gives you a quick and easy way to see if your org performance has been affected so you can let your users know of any changes.
To add an account team member, you must have edit access on the account. To edit or delete an account team member, you must be one of the following.
The account owner Above the owner in the role hierarchy Any user granted full access to the record An admin
Warning on setting external OWD
The default external access level must always be more restrictive or equal to the default internal access. When you're setting up your external org-wide defaults, you can't give your community member more access to an object than you do to an internal Salesforce org user. A best practice is to always have external org-wide defaults set to private.
Why do objects on the detail side of a master detail relationship not have sharing object
The detail record's access is determined by the master's sharing object and the relationship's sharing setting
what is granular locking
The system employs additional logic to allow multiple updates to proceed simultaneously if there is no hierarchical or other relationship between the roles or groups involved
what is territory model state
The territory model state indicates whether a territory is in the planning stage, in active use, or archived.
what records can high volume community users access
They can access their own account and contact records, based on implicit sharing. They have "Read" access on the account they belong to. They can access a record's parent, and the organization-wide sharing setting for that record is Controlled by Parent. The organization-wide sharing setting for the object is Public Read Only or Public Read/Write. Admins can create sharing sets to grant high-volume community users additional access to records
why use territory roles
To track user functions within territories, you can create territory roles such as Territory Owner, Sales Manager, or Sales Representative, and assign them to territory users as needed. Users can even have different roles in different territories.
What are login-based licenses?
To use a Community login-based license, you first purchase a specific number of logins to be used every month. External users associated with that license consume one login each time they log into a community. However, logging in multiple times during the same day still only consumes one login and, once logged in, switching between communities doesn't consume extra logins. This type of login is referred to as a daily unique login. The ratio between the number of monthly logins you purchase and the number of login licenses that are provisioned in your org is 1 to 20. For example, if you purchase 1,000 monthly logins, then 20,000 login licenses are provisioned in your org. If you want to assign more than 20,000 login licenses, purchase more logins. Why the big ratio? We want to make sure that you have enough licenses to assign to all the login-based users you may potentially create.
what is account data skew
Understanding architecture designs and data distributions that can contribute to reduced database concurrency and lock contention which occurs when an Account's parent object has more than 10,000 child objects. How might account data skew happen?
when enabling a community what permission is available to assign to internal users that need access to the external community
View Global Header permission to internal users who need access to the community. The global header allows users to easily switch between their internal org and any community they're a member of
is sharing inherited in an inner class
When working with classes that define an inner class, make sure you apply sharing to both class definitions. Sharing isn't inherited from an outer class.
how is social sign on different than SSO
With social sign-on, users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google. this is specially useful for for Salesforce Community
what a cross-site scripting vulnerability is.
XSS is an injection vulnerability that occurs when an attacker can insert unauthorized JavaScript, VBScript, HTML, or other active content into a web page. When other users view the page, the malicious code executes and affects or attacks the user.
what are the classic encryption for custom fields notes
You can use encrypted fields in email templates but the value is always masked regardless of whether you have the "View Encrypted Data" permission. If you have created encrypted custom fields, make sure that your organization has "Require secure connections (HTTPS)" enabled. If you have the "View Encrypted Data" permission and you grant login access to another user, the user can see encrypted fields in plain text. Only users with the "View Encrypted Data" permission can clone the value of an encrypted field when cloning that record. Only the <apex:outputField> component supports presenting encrypted fields in Visualforce pages.
what are two versions of the mobile app
a downloadable app for iOS and Android, and a mobile browser app
What is Community super user access
access for partner users in communities, this allows partner user to view data of other users in the same role in the hierarchy.
what selections are available under territory settings
account access level (r and edit ) or ( view edit transfer delete) case Not access cases that they do not own that are associated with accounts in the territory View all cases associated with accounts in the territory, regardless of who owns the cases View and edit all cases associated with accounts in the territory, regardless of who owns the cases Enable Filter-Based Opportunity Territory Assignment Apex Class Name: Run filter-based opportunity territory assignment job when opportunities are created
when creating an account team what objects can you set crud access for
account, contact, opportunity, case. team role when setting these. If the contact is set to controlled by parent the option will not show
What does a Salesforce admin have to do before users can assign territories manually on opportunitie
add territory field to the opportunity layout
How do you set up manual exclusion of opportunities from filter-based territory assignment?
add the exclude from territory assignment filter logic to opportunity layout and select box when creating opp or before you run the assignment job
when configuring the OAuth policy what are two options for permitted users
all users must self authorize (Users must approve the app the first time they access it.) admin approved users are pre-authorized (Mobile access is limited to users with the appropriate profile or permission set.)
what is the base function of the granular locking feature
allows additional logic to allow multiple group updates to proceed if there is no hierarchical or other relations between roles or groups in the updates
what is the apex author permission
allows user to create classes and triggers requires additonal permissions such as view setup and config and modify metadata. this permission allows you to view encrypted fields
what is a connected app
an external application that communicates with Salesforce through APIs
What is OAuth 2.0 Protocol
an open protocol used to allow secure data sharing between applications. The user works in one app but sees the data from another. For example, you're logged in to your Salesforce mobile app and see your data from your Salesforce org. the apps perform a kind of handshake and then ask the user to authorize this data sharing. A mobile app that pulls contacts from a Salesforce org uses OAuth. A Salesforce org gets contacts from another service also uses OAuth.
if you do not want the share record deleted when ownership changes hands what should the row cause be set to
by default sharing via apex or soap the row cause is set to manual, you can set the apex sharing reason for the share object to a custom reason. this can be done ton the detail page of the custom object. only available on custom objects
what is parallel sharing rule calculation
can be used to process sharing rules asynchronously by splitting them into multiple threads
steps to set up sso with a third party provider
configuring inbound SSO with a third-party identity provider. Create a Federation ID for each user. Set up SSO settings in Salesforce. ( saml settings ) Set up Salesforce settings in the SSO provider.
when an external community user owns a record like an account or case and an internal user needs access what options do you have
create a sharing group : Simply put, a share group allows you to share records owned by Customer Community License holders with internal and external users in your community.
what is the apex crypto class for
creating digests message authentication codes, signatures and encrypt decrypt info
what is defered sharing maintenance
defer processing of group maintenance and sharing rule calculations
what feature can be utilized to turn off processing of sharing rule calculations
deferred sharing maintenance
when managing the OAuth restrictions on IP what are options
enforce IP restrictions— Enforce IP restrictions, but relax for refresh tokens—During initial login, Salesforce app users are subject to the org's IP restrictions, such as IP ranges set in the user's profile. However, these restrictions are relaxed when the app is using a refresh token to obtain a new access token. Relax IP restrictions for activated devices—Users accessing Salesforce from a verified browser or device bypass the org's IP restrictions. If they access Salesforce from a new browser or device, they bypass IP restrictions after they successfully complete an identity verification. Relax IP restrictions—Users aren't subject to any IP restrictions.
what information must be entered for a custom permission
enter the permission information: Label—the permission label that appears in permission sets Name—the unique name that's used by the API and managed packages Description—optionally, a description that explains what functions the permission grants access to, such as "Approve time-off requests." Connected App—optionally, the connected app that's associated with this permission
why would you consider using groups for record sharing
every user who has access to a restricted record gets a row in the object share table. this can be millions of records. using a group for common access results in only one row in the sharing table.
what are 3 ways that you can kick off a session based permission set
flow soap api (HasActivationRequired, SessionPermSetActivation ( session ID , permission set name) ) lightning page ( kicking off a flow )
how do you configure mobile compliance policies
go to connected apps , custom attributes section there is a key value pair that you can enforce KEY : FORCE_EMAIL_CLIENT_TO VALUE : googlegmail:///co?to=
what tables store membership data for salesforce groups including system defined groups
group maintenance tables
what are valid reasons for using granular locking
groups in separate hierarchies can be manipulated concurrently public groups and roles that do not include territories are no longer blocked by territory operations users can be added concurrently to territories and groups user provisioning can occur in parallel a long running proccess(role delete) only blocks a subset of operations
mployee Community licenses are supported by two underlying licenses
he Salesforce Platform user license and the Company Community for Lightning Platform permission set license. To assign a Lightning Platform Starter or Lightning Platform Plus license to a user, first assign the Salesforce Platform user license. Then assign them the Company Community for Lightning Platform permission set license (you may have to create the permission set before you can assign the license).
in apex how do you see if a current user can delete the object
if (!Lead.sObjectType.getDescribe().isDeleteable()){ delete l; return null; }
what is a well formed apex check to see if a field is updateable
if(!Schema.sObjectType.Opportunity.fields.StageName.isUpdateable()){
what interface allows you to create territory assignment rules in apex
implement the OpportunityTerritory2AssignmentFilter Apex interface that allows an implementing class to assign a single territory to an opportunity. Method called by Opportunity Territory Assignment job to assign territory to opportunity. Input is a list of (up to 1000) opportunityIds that have IsExcludedFromTerritory2Filter=false. Returns a map of OpportunityId to Territory2Id, which is used to update the Territory2Id field on the Opportunity object. OpportunityTerritory2AssignmentFilter Methods
where can you set up 2 factor authentication
in permission set under system permissions select "Two-Factor Authentication for User Interface Logins."
what object level permissions can we control as admins
in the profile cred , modify all and view all field level include read / edit on the object field level security visible / read only
where can field level security be used to restrict access to specific fields
in the profile for the object: this will restrict access to the field in the detail and edit pages , list views and reports
what is the runas() METHOD USED FOR
is a test method to change the user context to an existing user so the record sharing is enforced
when creating a nested territory what selections must be made
label name territory type parent territory account access level(view edit or view, edit, transfer delete)
What is filter based opportunity territory assignment
lets you use a simple job to assign territories to opportunities. We provide code foran Apex class that you can use as-is or modify as needed based on our guidelines. After you create and deploy the class, run the jobto complete the assignment process. Job options include making assignments within date ranges and assigning territories to openopportunities only. You can also configure your settings to run the job every time an opportunity is create
if a user needs to create and edit territory assignment rules shat permission should they have
manage territories and view all on accounts
what 3 types of sharing does the sharing object support
managed sharing, user managed sharing, and Apex managed sharing.
how can you assign accounts to a territory
manually or with assignment rules
what api can be used to set the default level of access for accounts that are assigned to a territory, when using territory management
metadata api can retrieve or deploy customizations for salesforce. Using the territory2 object gives meta data associated with a sales territory. The accountaccesslevel field specifies if users can access
what is High assurance session required
mobile users to log in to the Salesforce app using two-factor authentication. Two-factor authentication (2FA) enhances your org's security by requiring a second level of authentication for every user login. When mobile users log in to the Salesforce app for the first time, they are prompted to set up an identity verification method if you haven't already configured one for them.
what are some added features original territory management and enterprise territory management
multiple terrritories / hierarchy teritory list view territory models territory management is scheduled for retirement
what are the three table types that salesforce stores access grants
object record table object sharing table group maintenance table
where can you set field level security
on the object in a profile in setup under field accessibility
what 2 objects are used in territory management
opportunities and accounts
when viewing an account share record what related objects are listed explicity
opportunity case contact
Salesforce levels of data access
org , object , field , record
what is the difference between the original territory management and version 2.0
original territory management feature lets you grant users access to accounts basedon criteria such as postal code, industry, revenue, or a custom field relevant to your business.Enterprise Territory Management builds upon the original feature by introducing territory types,territory models, and territory model states.
record level access
owd, role , sharing rules, manual sharing
in a page layout you have the ability to set read only or required on a field. Where does this control work. Contrast that with setting field level security elsewhere
page layouts, only control the visibility of fields on detail and edit pages for a page layout. field-level security controls the visibility of fields in any part of the app, including related lists, list views, reports, and search results.
what features scan be used when recaculating sharing rules for large record sets to reduce time spent
parallel sharing calculation : async granular locking : multiple threads deferred sharing maintenance:
what are the different territory model states
planning active archived error conditions include : activation failed and archiving failed
sharing model settings for object
private , public read , read write , controlled by parent
what features use system defined groups as opposed to user defined groups
queues, hierarchies
what two options are available when modifying field level security
read and edit
what is the streaming api for
recieve near real time streams of data that are based on changes to records
what is record ownership
records owned by user or queue. this is for custom objects cases and leads. record owner is granted full access allowing them to view edit transfer share or delete
what features use system defined groups in Salesforce
role hierarchy territory hierarchy queue
what is a prerequisite for service provider initiated login
set up a domain with my domain
creating user managed sharing using apex
share a record using apex and schema.job_share.rowcause.manual when the ownership changes the shares are removed
what is managed sharing
sharing through record ownership , the role hierarchy and sharing rules
what sections are available when you select a territory under setup territory modle
territory detail system information access level assigned users manually assigned accounts inherited rules assignment rules
after you enable territories what 2 options become available
territory models and territory types
when making changes to roles or groups what table is locked by the lightning platform, what is the effect
the group membership table is locked and makes it impossible to process group changes in multiple threads
why use a territory type priority
to reflect sales strategy : Your organization expects more opportunities within the US east coast than the US westcoast in the coming year, so the East Coast territory type is assigned priority 001 and theWest Coast territory type is assigned 005
what is a territory type
types used for organizing and creating territories they dont appear on territory models and are only available in version 2.0
When using role hierarchy with multiple branches and multiple roles, what happens if I create an additional role, (What groups does salesforce create)
up to 3 groups are created when you create a new role. system defined role group system defined role and subordinates If external org wide defaults are enabled ( roles and internal subordinates)
what is the tooling api
used to integrate salesforce metadata with other systems
guide lines for adding users
username: Each user must have a username that is unique across all Salesforce organizations (not just yours). Username Format: Users must have a username in the format of an email address (that is, [email protected]), but they don't have to use a real email address. (They can use their email address if they wish as long as their email address is unique across all Salesforce orgs.) Email: Users can have the same email address across organizations. Passwords: Users must change their password the first time they log in. Login Link: Users can only use the login link in the sign-up email once. If a user follows the link and does not set a password, you (the admin) have to reset their password before they can log in.
open access : what do the view all and modify all object permissions provied
users access to all of an object's records, regardless of record-level access settings
when enabling account teams what option must you select
what layouts you would like the related list to appear on. team roles : appear as picklist values and include options like account manager , channel manager , lead qualifier
Where can you select session based permission set
when creating the permission set you hit a checkbox
when is granular locking used
when there is frequent and persistent locking that restricts the ability to perform manual and auto updates at the same time
what is the apex soap api used for
when you need to expose apex methods as web service