Security & Access - Salesforce Admin Exam
Validation Rules
A function that prevents a users from creating or updating a record if particular conditions haven't been met
Event monitoring
A security setting that enables login forensics
2 places you can assign permission sets
Add a list of users from permission set, add one user from the user detail page
If someone needs read/edit access to accounts and related opportunities, you need to...
Add them to the account team
if someone needs read access to Accounts and edit access to Opportunities, you need to...
Add them to the opportunity team
Permission sets
Additive permissions on top of your profile. Similar to an "And" Ex. Sales profile AND Outreach Event
Public default
All data is shared
Sharing rules
Allow users to share information horizontally. example- allowing sales managers to see eachother's deals
Controlled by Parent is...
An OWD (Sharing setting) that indicates access to a child record is controlled by the parent record
Activations
An area of security section where the admin activates particular IPs or browsers
Session management
An area of security section where you can see who is currently logged into your salesforce org
Login history
An area under the identity section to see who has been logging in from where, when, and which device they are using
Remote site settings
Area of Security settings that shows the list of websites that salesforce is allowed to contact for any given process
Session settings
Area on the profile to set rules for when and where users can log in from
Three items that record types control
Business processes, page layouts, and picklist values
General user permissions
Checkboxes on the profile that allow view all/modify all access to various features. They can be overwritten by FLS.
System settings
Consist of login hours, IP ranges and system permissions, which range across the entire system
Types of basic access object permissions
Create, Read, Edit, Delete
Profiles
Determine what users can do in Salesforce and classify access requirements for different types of users. Come with a set of permissions which grant access to particular objects, fields, tabs, and records. Assignment should be based on user job function. 1 per user.
Roles
Determine what users can see in Salesforce based on where they are located in the hierarchy. Users at the top can see all data owned by users below them, but others can't see data shared by users above or in other branches unless they are granted access via sharing rules.
User licenses
Determine which set of profiles and features the user can have or access in Salesforce.
Org Access login hours are used for _____
Enforcing specified work hours at the profile level
Field level security grants access at the ____ level
Field
FLS levels
Hidden, Read-Only, Visible
If a field is hidden using FLS ONLY...
It won't appear anywhere for users with the specified profiles
Page layouts
Let you select and organize sets of field related to an object
Private default
Lock information down initially, then strategically open it up to people who need it
High risk security settings
Max invalid login attempts, minimum password length
Criteria based sharing
Method of determining which records should be shared based on certain criteria on a record
Username attributes
Must be formatted like an email address and be unique across all Salesforce organizations
Profiles grant access at the _____ level
Object
Role Hierarchy
Offers various access levels to other user's data based on level. It also offers an opportunity to roll up access to records on objects.
App settings
On the profile. Determine what apps are available, what objects and tabs, and app specific permissions
Org wide defaults (Sharing settings) are used to...
Open up access to users for records they don't own
Sharing rules are used for _____
Opening up record access horizontally to users when org wide defaults are more restrictive than public read/write
Three main features for record level sharing are...
Org wide defaults, sharing rules, roles
Basis for sharing rules
Owner, or values within each record
How to give users access to Health Check
Profile > Administrative Permissions > Health Check
A default record type is set up in...
Profile > user settings
Org wide default sharing settings
Public Read/write/transfer, Public read/write, public read only, private
Role hierarchy grants access at the ___ level
Record
Step up authentication
Requiring authentication for access to reports or custom apps or other areas of Salesforce
Org access IP Ranges are for _____
Restricting users by profile to a set of IP ranges in order to log in to Salesforce
My Domain
Salesforce identity feature that lets you personalize your org by creating a subdomain within the Salesforce domain
Alias
Short name to identify a user on list pages, reports, or other places where the entire name doesn't fit. ex Asmit
Two factors of user authentication
Something you know, Something you have
Standard profiles
Standard user, solution manager, marketing user, contract manager, read only, system administrator
Picklist value
The options available for a given picklist. There is a master list with all possible choices, and you can use record types to display a subset
SAML
The protocol that Salesforce Identity uses to implement SSO
System permissions
The specific permissions around features in Salesforce at the profile level
Feature Permissions
These appear on the user record and are feature specific
Business processes
These are represented by picklist fields that capture the lifecycle of a custom or standard object. They are available on cases, leads, opportunities, and
Organization Wide Defaults
These help to show your data model - Public, Private, or Hybrid. How you configure this affects the rest of your security settings
Network based security
This allows limits to be set on where/when users can log in. It covers IP range restrictions, profile based IP restrictions, and login hours.
Manual Sharing
This allows users to share records on a one by one basis
View set up audit trail
This area of the security section allows users to see which changes have been made to the set up
Login IP Ranges
This feature allows only users with a set IP range
Login Access policies
This feature under the security section allows admins to log in as any user
Trusted IP Ranges
This org level security access control allows you to define a list of IP addresses from which users can log in without receiving a login challenge for verification of their identity, such as a code sent to their mobile phone.
Password policies
This org level security access control sets restrictions and login lockout policies for all users in a given profile
Health check
This routinely flags risky security or sharing access
Network access
This security feature allows the admin to whitelist a set of IP addresses
Platform Encryption
This security setting will encrypt select fields in Salesforce at large scale
Expire all passwords
This will force all users to re-set their login information, a good idea after a security breach
To restrict access to an object and its tabs for a certain profile, you need to...
Uncheck the 'visible' box for the app on the profile
Inbound SSO
Users log in somewhere else like an on-premises app and then access Salesforce without logging in
Outbound SSO
Users log in to Salesforce and then access other services without logging in again
When fields are hidden on a page layout ONLY...
Users will still be able to see and access them elsewhere
Sharing settings can open up records to ____
Users, public groups, roles, territories
Role hierarchy access levels
View & edit, view only, no access
The Data Administration Standard Object permissions are...
View all/Modify all. Assigned at profile level.
Benefits of my domain
controlling login process and simplifying authentication process
Role based sharing
method of determining which records to share based on role in hierarchy