Salesforce Sharing and Visability

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

what is the territory model

A territory model represents a complete territory system. Modeling allows you to create and preview multiple territory structures and user/account assignments before activating the model.

sharing between accounts and child records

Access to a parent account—If you have access to an account's child record, you have implicit Read Only access to that account. Access to child records—If you have access to a parent account, you have access to the associated child records. The account owner's role determines the level of access to child records.

what versions of off line access is available with the mobile app

Offline access isn't supported in all versions of the downloadable mobile apps. Users must have version 10.0 or later of the Salesforce for Android app or the Salesforce for iOS app. Offline access isn't available in the mobile browser app.

how can you create an external profile

Purchasing a community license also allows you to create external profiles (beyond the guest user profile) to access your communities.

what added security feature in regard to contacts is available for mobile

Select Allow Salesforce to import Contacts from mobile device Contacts lists to let users in your organization import the contacts in their phone into the Salesforce app. Deselect this option to prevent users from importing contacts.

who can have a super user acess

anyone with partner community or customer community plus license

what are two types of partners

app exchange and consulting

what 3 objects does community super user access give

cases , leads and opportunities

what does the run as method do

change user context : to new or existing user the run as method doesnt enforce user permissions or field level permissions, only sharing. users can be created in run as even without availabel license

How do you run filter-based opportunity territory assignment?

click "run opportunity filter" on the territory hierarchy page

Do your users need access to leads , opps and campaigns : NO ? what license options are available

do you need sharing , reports or dashboards NO: customer community Yes:customer community plus

Under the setup menu, what page can be accessed by an admin to determine profiles, layouts and record types are assigned to certain fields

field accessibility

What is user managed sharing

User managed sharing allows the record owner or any user with Full Access to a record to share the record with a user or group of users. This is generally done by an end user, for a single record. Only the record owner and users above the owner in the role hierarchy are granted Full Access to the record.

what object gets created when you use territory management

UserTerritory2Association

where can you create territory roles

UserTerritory2Association object has a pick list field called Role in Territory. This field allows you to create picklist values to later assign and assign users to the role

what do sharing rows grant access to

Users and groups

Territory management has two default access levels for account what are they

users can view and edit view edit transfer and delete

how does the data cache work with the mobile app

users can create records for cached objects, edit and delete cached records, and keep track of all offline changes from a central place. And when the Salesforce app is back online, it automatically syncs pending changes to Salesforce an

why use a share group for high volume community users

users don't have roles, performance issues associated with role hierarchy calculations are eliminated. Use a share group to share records owned by high-volume community and portal users.

what are the 4 segments a reprot or folder can be shared with

users, groups , roles or territories

t/f you must turn on territory management

yes, From Setup, enter Territory in the Quick Find box, and then select Territory Settings. Click Enable Enterprise Territory Management.

Can you enable offline access for the mobile app

yes, data is cached securely on the device.

with the mobile app can you remotely wipe the data on the phone

yes, data wipe is available

do you have to enable Salesforce mobile web for users

yes, it is on by default

by default community license users only have access to records they own( a case created by them in portal) how can you expand that access

you can create a sharing set in the Communities settings select profile select objects to share Objects with an organization-wide sharing setting of Public Read/Write Custom objects that don't have an account or contact lookup field external sharing can not be more permissive than internal

session based permission sets

you can limit functional access for select permissions in a permission set to an activated session. When a session ends for any reason, a session-based permission set must be activated again before the user can access restricted resources.

if you have set OWD to private what options do you have to open up record access

you can use the role hierarchy or sharing rules

how do territories structures get created

you create a type then a territory hierarchy model within that you create nested territories like current year east coast

To create an account team what access must you have on the account

you must have edit on the account. to edit or delete an account team you must be the account owner above owner in role hierarchy granted full access admin

how can you share records programmatically

you must use the share object associated with the standard or custom object for which you want to share. For example, AccountShare is the sharing object for the Account object, Job__Share is the sharing record for the Job object

when setting up an opportunity team what are some considerations

you set read write access or read access for team members only opportunity owners or users above the owner can add or remove team members you can add account team to the opportunity

how does filter based opportunity work

you use an apex class and job to auto assign opportunity based on number scale and then

can you use territory as a criteria for sharing something

no, but you can use a sharing rule based on record ownership. If you are in "A" territory "B" can see your record.

does the run as method enforce user permissions or field level permissions

no, only record shares

what is the method for determining if data derived from a processed visual force page or controller can be updated by the user. how can you check if the user has update access to the Contact.Name field

schema.sobjecttype.contact.fields.name.iSuPDATEABLE()

what is the method for determining if data derived from a processed visual force page or controller can be created by the user. how can you check if the user has create access to the Contact.Name field

schema.sobjecttype.contact.fields.name.isCreatable()

when creating a territory type what other option do you have to set

the priority 1 to 100, this is used to make a scheme or heiarchy

what is customize app

this permission will allow users to do many things including set field level security, create record types and view encrypted data.

what is the object record table

this table indicated which user , group or queue own each record

What objects support External Org-Wide Defaults?

- Accounts (and associated contracts and assets) - Cases - Contacts - Opportunities - Custom Objects - Users

how do you disable HTML encoding

<apex:outputText escape="false"> Hello {!$CurrentPage.parameters.userName} </apex:outputText>

how can you add an extra layer to data protection on mobile app

2fa enforce pin code (app-specific PIN code for the Salesforce app so it locks after a period of inactivity)

what are member-based license

A Community member-based license works like a standard Salesforce internal license: external users with a member-based license are able to access a community as many times as they want. The only difference is that external users do not have access to the internal org.

What are partner-based licenses?

A partner-based license is considered an external license, and gives you the power to buy a specific number of licenses for your partner accounts. Each partner account with an assigned license is given up to 40 partner users. User licenses are pooled, making it less likely for individual partners to exceed their user limits. Additional users, beyond the typical 40, can be purchased if necessary.

what runs in user context

A user browses the application via the standard Salesforce-provided UI A user views a Visualforce page that uses a standard controller A user views a Visualforce page that references objects with standard object notation The platform executes Anonymous Apex via console or API calls An application on the platform makes a standard API call

when a mobile user looses the device what options are available

AWhen a user's device is lost or stolen, it's best to revoke their access to the Salesforce app. Revoking access ends the user's current session and wipes the data from the device.

what are the two tokens used in OAuth

Access Token A value used by the Salesforce app to gain access to Salesforce on behalf of the user, instead of using the user's Salesforce credentials. The access token is a session ID Refresh Token If a user's session has expired, the Salesforce app attempts to use the refresh token to obtain a new access token so the user doesn't have to reauthenticate.

Sharing behavior for portal users

Account and case access—An account's portal user has Read Only access to the parent account and to all of the account's contacts. Management access to data owned by Service Cloud portal users—Since Service Cloud portal users don't have roles, portal account owners can't access their data via the role hierarchy. To grant them access to this data, you can add account owners to the portal's share group where the Service Cloud portal users are working. This step provides access to all data owned by Service Cloud portal users in that portal. Case access—If a portal or customer community plus user is a contact on a case, then the user has Read and Write access on the case.

what is the difference between a sharing set and a sharing group

After creating a share set you select the share group settings and activate. you can add group members from public groups, roles , territories and users. Also, the share groups functionality isn't available to users with Customer Community Plus and Partner Community licenses.

what is Oauth

An open http authentication framework based on RFC 6749 which provides third-party applications delegated access to resources without passing user credentials.

what runs in system context

Apex Classes (including web services) Apex Triggers Apex web services called from the API

What is Apex managed sharing?

Apex managed sharing enables developers to programmatically manipulate sharing to support their application's behavior through Apex or the SOAP API. (Maintained across record ownership changes.)

where are apex sharing reasons displayed

Apex sharing reasons are defined on an object's detail page

List three impacts of XSS against internal users.

Arbitrary requests — An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download — XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. Log keystrokes — The attacker can monitor keyboard entries, possibly finding usernames and passwords to access accounts at later dates.

what are characteristics of high volume community users

Are contacts enabled to access a community. Are assigned to the Customer Community, High Volume Customer Portal, or Authenticated Website license. Only share the records they own with Salesforce users in sharing groups.

what is a service provider in regard to SSO

Authenticated users can flow from an external identity provider into Salesforce. In this case, Salesforce is a service provider—users want to get access to this service, and their identity provider allows them to do so. This Salesforce configuration is common because often your company is already using an identity provider. The identity provider could be one of several on the market, like Microsoft's Active Directory Federation Services (ADFS), Ping Identity's PingFederate, open-source Shibboleth, or ForgeRock's OpenAM.

Common XSS Mitigations

Blacklisting — Specific "bad" characters or combinations of characters are banned, meaning they can't be entered or stored. The developer creates a list of known bad characters (such as HTML or script tags) and throws an error if any bad characters are in the input. Whitelisting — Only characters or words from a known list of entries are permitted, preventing malicious input. For example, if the user enters anything besides numbers in a phone number field, the application throws an error.

what is object level security refered to in salesfroce

CRUD : create read update delete. this is applied at the profile level and can restrict actions useres take on objects

what are the benefits of caching mobile app

Caching data on the device improves the overall performance of the Salesforce app. The app is faster when retrieving records that have previously been cached. Even if you disable offline, we strongly recommend leaving caching enabled unless your company's security policy explicitly prohibits data caching on mobile devices.

What are Apex Sharing reasons?

Can be created declaratively but are used by developers to define reasons for access. Apex sharing reasons can be also selected when manually sharing a record. Exist only for custom objects.

what are the standard field encryption restrictions

Cannot be unique, have an external ID, or have default values. For leads are not available for mapping to other objects. Are limited to 175 characters because of the encryption algorithm. Are not available for use in filters such as list views, reports, roll-up summary fields, and rule filters. Cannot be used to define report criteria, but they can be included in report results. Are not searchable, but they can be included in search results. Are not available for: Connect Offline, Salesforce for Outlook, lead conversion, workflow rule criteria or formulas, formula fields, outbound messages, default values, and Web-to-Lead and Web-to-Case forms.

what are 3 use cases for communties

Connecting with customers Driving sales with partners Interacting with employees

Creating Apex Managed Sharing for Customer Community Plus users

Customer Community Plus users are previously known as Customer Portal users. Share objects, such as AccountShare and ContactShare, aren't available to these users. If you must use share objects as a Customer Community Plus user, consider using a trigger, which operates with the without sharing keyword by default. Otherwise, use an inner class with the same keyword to enable the DML operation to run successfully. A separate utility class can also be used to enable this access.

six Communities licenses for external users

Customer Community, Customer Community Plus, Partner Community, Lightning External Apps Starter, Lightning External Apps Plus, and Channel Account.

what is DOM based XSS

DOM-based XSS occurs when an attack payload is executed as a result of modifying the web page's document object model (DOM) in the victim user's browser. The web page itself is not changed, but its client-side code executes in a malicious way because of these DOM changes

what class includes a number of helper functions you can use to verify user access level

DescribeSObjectResult

how can you avoid data skew

Design architecture to limit account objects to 10,000 children. Some possible methods include creating a pool of Accounts and assigning children in a round robin fashion or using Custom Settings for the current Account and the number of children. If possible, consider a Public Read/Write sharing model in which the parent account stays locked, but sharing calculations don't occur. If you have a skewed account, redistribute child objects in chunks during off-peak hours to lessen the impact of record-level lock contention. Batch Apex or the Bulk API are useful ways to re-parent.

what are Configure Mobile Compliance Policies

Disable the ability to copy and paste from Salesforce to other mobile apps. Prevent the ability to print from the Salesforce app. Require the use of a specific mobile email client for Salesforce. Disable file sharing from Salesforce to other mobile apps.

What are the different community license types?

Each community license can be either a member-based license or a login-based license, totaling nine different community licenses:

what is the encryption type for standard fields

Encrypted fields are encrypted with 128-bit master keys and use the Advanced Encryption Standard (AES) algorithm. You can archive, delete, and import your master encryption key. To enable master encryption key management, contact Salesforce.

Do I need communities licenses in my org to give access to communities?

Even without communities licenses, external users have some access to your communities. Purchase Community Cloud licenses to allow members to log in or give access to Salesforce objects based on your business needs. If you intend to use your community as a public knowledge base for unauthenticated (or guest) users, you can do so without purchasing communities licenses. For example, guest users can access publicly available community pages to read content, review knowledge articles, and perform tasks which do not require them to log in (such as creating cases).

how does the flow of events during OAuth authorization depend on the state of authentication on the device.

First Time Authorization User opens the Salesforce app. An authentication page appears. User enters their username and password. The Salesforce app sends the user's credentials to Salesforce and, in return, receives a session ID as confirmation of successful authentication. The app starts. Ongoing Authorization User opens the Salesforce app. If the session is active, the app starts immediately. If the session has expired, the Salesforce app uses the refresh token from its initial authorization to get an updated session ID. (However, if the refresh token has expired, the user must reenter their credentials.) The app starts.

what is the difference between field level security and accessibility

From the field accessibility grid, you can click any field access setting to change the field's accessibility in the page layout or in field-level security. The Access Settings page then lets you modify the field access settings.

What is a high volume community user

High-volume community users are limited-access users intended for orgs that have thousands to millions of communities users.high-volume community users don't have roles, which eliminates performance issues associated with role hierarchy calculations. High-volume community users include the Customer Community, High Volume Customer Portal, and Authenticated Website license types.

what limitations impact high volume community users access

High-volume community users can't manually share records they own or have access to. You can't transfer cases from non-high-volume community users to high-volume community users. High-volume community users can't own accounts. You can't add case teams to cases owned by high-volume community users. You can't include high-volume community users in: Personal groups or public groups. Sharing rules. Account teams, opportunity teams, or case teams. Salesforce CRM Content libraries. These limitations also apply to records owned by high-volume community users. You can't assign high-volume community users to territories.

what is the method for determining if data derived from a processed visual force page or controller can be displayed to the user. how can you check if the user has read access to the Contact.Name field

If(!schema.sobjecttype.contact.fields.name.isaccessible()) Return

what 2 options are available for using the salesforce mobile app

Implement the app on its own using connected app policies. Implement the app with an MDM solution.

what is a identity provider in regard to SSO

In the process of authenticating users, SAML exchanges identity information between the holder of the information, called an identity provider (IdP), and the desired service, called a service provider. In the case where a user logs in to Salesforce and then accesses Gmail, Salesforce is the identity provider, and Google is the service provider. Salesforce can be both a service provider and identity provider.

what are the 4 methods of DescribeSObjectResult

IsCreateable() IsAccessible() IsUpdateable() IsDeleteable()

what is my domain

It's a Salesforce Identity feature that lets you personalize your Salesforce org by creating a subdomain within the Salesforce domain you are required to use my domain for sso auth providers lightining components

what is OPen ID Connect

Like SAML, OpenID Connect is a protocol based on OAuth 2.0 that sends identity information from one service to another. Unlike SAML, OpenID Connect is built for today's world of social networks. Have you ever installed a new app and come across a prompt like "Log in with your Google account"? That app is using the OpenID Connect protocol. When you sign in with Google, you're not creating an account and another password. Only Google holds that information.

What is Managed sharing

Managed sharing involves sharing access granted based on record ownership, the role hierarchy, and sharing rules:

why use a territory model

Modeling allows you to create and preview multiple territory structures and user/account assignments before activating the model.

what are core principles for group sharing

Moving users from one group to another trigger organization wide group membership locks, so highly dynamic groups can have a negative impact on performance. The use case which will provide peak performance includes a group of users who share the same visibility and don't frequently move from one group to another via an automated process. The sharing performance benefit will decrease as the number of group members decreases, and the frequency of user movement within the groups increases.

what is the difference between portal and community licenses

NOTE If your org has legacy portal licenses, you don't need to purchase communities licenses to use communities.

what are the levels / heiarchy for record level sharing

Organization-wide defaults • Role hierarchy • Territory hierarchy • Sharing rules • Teams • Manual sharing • Programmatic sharing

Do your users need access to leads , opps and campaigns : YES ? what options are available

Partner Community

what is reflective xss

Reflected XSS occurs when malicious input is sent to a server and reflected back to the user on the response page.

what 4 options are available for selection on refresh token policy

Refresh token is valid until revoked Immediately expire refresh token Expire refresh token if not used for X Expire refresh token after X

What are three protocols that salesforce and other identity vendors use

SAML OAuth 2.0 OpenID Connect

What Does Salesforce Identity Do?

Salesforce Identity lets you give the right people the right access to the right resources at the right time. You control who can access your orgs and who can use apps running on the Salesforce Platform, on-premises, in other clouds, and on mobile devices.

when you are ready to build a community what are two standard options do you have for building

Salesforce Tabs + Visualforce Pros templates

how does Salesforce prevent XSS

Salesforce automatically HTML encodes any values and merge fields placed in HTML context. This includes all standard functionality, as well as Visualforce pages and components The platform changed "<" and "<" into "&lt;" and "&gt;" by automatically HTML encoding the special characters.

What is SAML

Security Assertion Markup Language - is an XML based data format used for SSO on web browsers When you want users to move seamlessly between Salesforce orgs and applications without logging in repeatedly, you set up single sign-on (SSO). Security Assertion Markup Language (SAML) is the protocol that makes it happen.

What Features Does Salesforce Identity Provide?

Single sign-on Connected apps Social sign-on Two-factor authentication My Domain Centralized user account management User provisioning Identity Connect App Launcher

what is the benefit to temporarily blocking a connected app / mobile app

Some updates to connected app policies—like the custom attributes, for example—only take effect after users log out of the app and log back in. By blocking the app and then reenabling it, you can force all mobile users to reenter their credentials. This ensures your latest and greatest security settings have been applied.

what is stored xss

Stored XSS occurs when a malicious input is permanently stored on a server and reflected back to the user in a vulnerable web application. This often occurs when a malicious value can be stored in a database and retrieved, such as with a message board post or data in a user profile.

Define the three types of XSS attacks.

Stored XSS —. Reflected XSS DOM-based XSS

what are the Mobile Session Settings

TIMEout policy : if you do not set this value it defaults to the user profile value High assurance session required

how do you enable Enable Filter-Based Opportunity Territory Assignment

Territory Settings, Select the checkbox to enable filter-based opportunity territory assignment. Enter the class name : pTerrAssignDefaultLogicFilter.

where in the soap api can you activate a session for a permission set

The PermissionSet object in the Soap API contains a field called HasActivationRequired, a boolean that indicates whether the permission set requires an associated active session (true) or not (false). Insert a record into the SessionPermSetActivation object with the combination of session ID and permission set to achieve the activation

what is the trust status

The Recent System Status section shows information from trust.salesforce.com about your instance's system performance over the last 24 hours. Trust.salesforce.com is Salesforce's website to provide transparency around service availability, performance, security, privacy, and compliance. Trust status gives you a quick and easy way to see if your org performance has been affected so you can let your users know of any changes.

To add an account team member, you must have edit access on the account. To edit or delete an account team member, you must be one of the following.

The account owner Above the owner in the role hierarchy Any user granted full access to the record An admin

Warning on setting external OWD

The default external access level must always be more restrictive or equal to the default internal access. When you're setting up your external org-wide defaults, you can't give your community member more access to an object than you do to an internal Salesforce org user. A best practice is to always have external org-wide defaults set to private.

Why do objects on the detail side of a master detail relationship not have sharing object

The detail record's access is determined by the master's sharing object and the relationship's sharing setting

what is granular locking

The system employs additional logic to allow multiple updates to proceed simultaneously if there is no hierarchical or other relationship between the roles or groups involved

what is territory model state

The territory model state indicates whether a territory is in the planning stage, in active use, or archived.

what records can high volume community users access

They can access their own account and contact records, based on implicit sharing. They have "Read" access on the account they belong to. They can access a record's parent, and the organization-wide sharing setting for that record is Controlled by Parent. The organization-wide sharing setting for the object is Public Read Only or Public Read/Write. Admins can create sharing sets to grant high-volume community users additional access to records

why use territory roles

To track user functions within territories, you can create territory roles such as Territory Owner, Sales Manager, or Sales Representative, and assign them to territory users as needed. Users can even have different roles in different territories.

What are login-based licenses?

To use a Community login-based license, you first purchase a specific number of logins to be used every month. External users associated with that license consume one login each time they log into a community. However, logging in multiple times during the same day still only consumes one login and, once logged in, switching between communities doesn't consume extra logins. This type of login is referred to as a daily unique login. The ratio between the number of monthly logins you purchase and the number of login licenses that are provisioned in your org is 1 to 20. For example, if you purchase 1,000 monthly logins, then 20,000 login licenses are provisioned in your org. If you want to assign more than 20,000 login licenses, purchase more logins. Why the big ratio? We want to make sure that you have enough licenses to assign to all the login-based users you may potentially create.

what is account data skew

Understanding architecture designs and data distributions that can contribute to reduced database concurrency and lock contention which occurs when an Account's parent object has more than 10,000 child objects. How might account data skew happen?

when enabling a community what permission is available to assign to internal users that need access to the external community

View Global Header permission to internal users who need access to the community. The global header allows users to easily switch between their internal org and any community they're a member of

is sharing inherited in an inner class

When working with classes that define an inner class, make sure you apply sharing to both class definitions. Sharing isn't inherited from an outer class.

how is social sign on different than SSO

With social sign-on, users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google. this is specially useful for for Salesforce Community

what a cross-site scripting vulnerability is.

XSS is an injection vulnerability that occurs when an attacker can insert unauthorized JavaScript, VBScript, HTML, or other active content into a web page. When other users view the page, the malicious code executes and affects or attacks the user.

what are the classic encryption for custom fields notes

You can use encrypted fields in email templates but the value is always masked regardless of whether you have the "View Encrypted Data" permission. If you have created encrypted custom fields, make sure that your organization has "Require secure connections (HTTPS)" enabled. If you have the "View Encrypted Data" permission and you grant login access to another user, the user can see encrypted fields in plain text. Only users with the "View Encrypted Data" permission can clone the value of an encrypted field when cloning that record. Only the <apex:outputField> component supports presenting encrypted fields in Visualforce pages.

what are two versions of the mobile app

a downloadable app for iOS and Android, and a mobile browser app

What is Community super user access

access for partner users in communities, this allows partner user to view data of other users in the same role in the hierarchy.

what selections are available under territory settings

account access level (r and edit ) or ( view edit transfer delete) case Not access cases that they do not own that are associated with accounts in the territory View all cases associated with accounts in the territory, regardless of who owns the cases View and edit all cases associated with accounts in the territory, regardless of who owns the cases Enable Filter-Based Opportunity Territory Assignment Apex Class Name: Run filter-based opportunity territory assignment job when opportunities are created

when creating an account team what objects can you set crud access for

account, contact, opportunity, case. team role when setting these. If the contact is set to controlled by parent the option will not show

What does a Salesforce admin have to do before users can assign territories manually on opportunitie

add territory field to the opportunity layout

How do you set up manual exclusion of opportunities from filter-based territory assignment?

add the exclude from territory assignment filter logic to opportunity layout and select box when creating opp or before you run the assignment job

when configuring the OAuth policy what are two options for permitted users

all users must self authorize (Users must approve the app the first time they access it.) admin approved users are pre-authorized (Mobile access is limited to users with the appropriate profile or permission set.)

what is the base function of the granular locking feature

allows additional logic to allow multiple group updates to proceed if there is no hierarchical or other relations between roles or groups in the updates

what is the apex author permission

allows user to create classes and triggers requires additonal permissions such as view setup and config and modify metadata. this permission allows you to view encrypted fields

what is a connected app

an external application that communicates with Salesforce through APIs

What is OAuth 2.0 Protocol

an open protocol used to allow secure data sharing between applications. The user works in one app but sees the data from another. For example, you're logged in to your Salesforce mobile app and see your data from your Salesforce org. the apps perform a kind of handshake and then ask the user to authorize this data sharing. A mobile app that pulls contacts from a Salesforce org uses OAuth. A Salesforce org gets contacts from another service also uses OAuth.

if you do not want the share record deleted when ownership changes hands what should the row cause be set to

by default sharing via apex or soap the row cause is set to manual, you can set the apex sharing reason for the share object to a custom reason. this can be done ton the detail page of the custom object. only available on custom objects

what is parallel sharing rule calculation

can be used to process sharing rules asynchronously by splitting them into multiple threads

steps to set up sso with a third party provider

configuring inbound SSO with a third-party identity provider. Create a Federation ID for each user. Set up SSO settings in Salesforce. ( saml settings ) Set up Salesforce settings in the SSO provider.

when an external community user owns a record like an account or case and an internal user needs access what options do you have

create a sharing group : Simply put, a share group allows you to share records owned by Customer Community License holders with internal and external users in your community.

what is the apex crypto class for

creating digests message authentication codes, signatures and encrypt decrypt info

what is defered sharing maintenance

defer processing of group maintenance and sharing rule calculations

what feature can be utilized to turn off processing of sharing rule calculations

deferred sharing maintenance

when managing the OAuth restrictions on IP what are options

enforce IP restrictions— Enforce IP restrictions, but relax for refresh tokens—During initial login, Salesforce app users are subject to the org's IP restrictions, such as IP ranges set in the user's profile. However, these restrictions are relaxed when the app is using a refresh token to obtain a new access token. Relax IP restrictions for activated devices—Users accessing Salesforce from a verified browser or device bypass the org's IP restrictions. If they access Salesforce from a new browser or device, they bypass IP restrictions after they successfully complete an identity verification. Relax IP restrictions—Users aren't subject to any IP restrictions.

what information must be entered for a custom permission

enter the permission information: Label—the permission label that appears in permission sets Name—the unique name that's used by the API and managed packages Description—optionally, a description that explains what functions the permission grants access to, such as "Approve time-off requests." Connected App—optionally, the connected app that's associated with this permission

why would you consider using groups for record sharing

every user who has access to a restricted record gets a row in the object share table. this can be millions of records. using a group for common access results in only one row in the sharing table.

what are 3 ways that you can kick off a session based permission set

flow soap api (HasActivationRequired, SessionPermSetActivation ( session ID , permission set name) ) lightning page ( kicking off a flow )

how do you configure mobile compliance policies

go to connected apps , custom attributes section there is a key value pair that you can enforce KEY : FORCE_EMAIL_CLIENT_TO VALUE : googlegmail:///​co?to=

what tables store membership data for salesforce groups including system defined groups

group maintenance tables

what are valid reasons for using granular locking

groups in separate hierarchies can be manipulated concurrently public groups and roles that do not include territories are no longer blocked by territory operations users can be added concurrently to territories and groups user provisioning can occur in parallel a long running proccess(role delete) only blocks a subset of operations

mployee Community licenses are supported by two underlying licenses

he Salesforce Platform user license and the Company Community for Lightning Platform permission set license. To assign a Lightning Platform Starter or Lightning Platform Plus license to a user, first assign the Salesforce Platform user license. Then assign them the Company Community for Lightning Platform permission set license (you may have to create the permission set before you can assign the license).

in apex how do you see if a current user can delete the object

if (!Lead.sObjectType.getDescribe().isDeleteable()){ delete l; return null; }

what is a well formed apex check to see if a field is updateable

if(!Schema.sObjectType.Opportunity.fields.StageName.isUpdateable()){

what interface allows you to create territory assignment rules in apex

implement the OpportunityTerritory2AssignmentFilter Apex interface that allows an implementing class to assign a single territory to an opportunity. Method called by Opportunity Territory Assignment job to assign territory to opportunity. Input is a list of (up to 1000) opportunityIds that have IsExcludedFromTerritory2Filter=false. Returns a map of OpportunityId to Territory2Id, which is used to update the Territory2Id field on the Opportunity object. OpportunityTerritory2AssignmentFilter Methods

where can you set up 2 factor authentication

in permission set under system permissions select "Two-Factor Authentication for User Interface Logins."

what object level permissions can we control as admins

in the profile cred , modify all and view all field level include read / edit on the object field level security visible / read only

where can field level security be used to restrict access to specific fields

in the profile for the object: this will restrict access to the field in the detail and edit pages , list views and reports

what is the runas() METHOD USED FOR

is a test method to change the user context to an existing user so the record sharing is enforced

when creating a nested territory what selections must be made

label name territory type parent territory account access level(view edit or view, edit, transfer delete)

What is filter based opportunity territory assignment

lets you use a simple job to assign territories to opportunities. We provide code foran Apex class that you can use as-is or modify as needed based on our guidelines. After you create and deploy the class, run the jobto complete the assignment process. Job options include making assignments within date ranges and assigning territories to openopportunities only. You can also configure your settings to run the job every time an opportunity is create

if a user needs to create and edit territory assignment rules shat permission should they have

manage territories and view all on accounts

what 3 types of sharing does the sharing object support

managed sharing, user managed sharing, and Apex managed sharing.

how can you assign accounts to a territory

manually or with assignment rules

what api can be used to set the default level of access for accounts that are assigned to a territory, when using territory management

metadata api can retrieve or deploy customizations for salesforce. Using the territory2 object gives meta data associated with a sales territory. The accountaccesslevel field specifies if users can access

what is High assurance session required

mobile users to log in to the Salesforce app using two-factor authentication. Two-factor authentication (2FA) enhances your org's security by requiring a second level of authentication for every user login. When mobile users log in to the Salesforce app for the first time, they are prompted to set up an identity verification method if you haven't already configured one for them.

what are some added features original territory management and enterprise territory management

multiple terrritories / hierarchy teritory list view territory models territory management is scheduled for retirement

what are the three table types that salesforce stores access grants

object record table object sharing table group maintenance table

where can you set field level security

on the object in a profile in setup under field accessibility

what 2 objects are used in territory management

opportunities and accounts

when viewing an account share record what related objects are listed explicity

opportunity case contact

Salesforce levels of data access

org , object , field , record

what is the difference between the original territory management and version 2.0

original territory management feature lets you grant users access to accounts basedon criteria such as postal code, industry, revenue, or a custom field relevant to your business.Enterprise Territory Management builds upon the original feature by introducing territory types,territory models, and territory model states.

record level access

owd, role , sharing rules, manual sharing

in a page layout you have the ability to set read only or required on a field. Where does this control work. Contrast that with setting field level security elsewhere

page layouts, only control the visibility of fields on detail and edit pages for a page layout. field-level security controls the visibility of fields in any part of the app, including related lists, list views, reports, and search results.

what features scan be used when recaculating sharing rules for large record sets to reduce time spent

parallel sharing calculation : async granular locking : multiple threads deferred sharing maintenance:

what are the different territory model states

planning active archived error conditions include : activation failed and archiving failed

sharing model settings for object

private , public read , read write , controlled by parent

what features use system defined groups as opposed to user defined groups

queues, hierarchies

what two options are available when modifying field level security

read and edit

what is the streaming api for

recieve near real time streams of data that are based on changes to records

what is record ownership

records owned by user or queue. this is for custom objects cases and leads. record owner is granted full access allowing them to view edit transfer share or delete

what features use system defined groups in Salesforce

role hierarchy territory hierarchy queue

what is a prerequisite for service provider initiated login

set up a domain with my domain

creating user managed sharing using apex

share a record using apex and schema.job_share.rowcause.manual when the ownership changes the shares are removed

what is managed sharing

sharing through record ownership , the role hierarchy and sharing rules

what sections are available when you select a territory under setup territory modle

territory detail system information access level assigned users manually assigned accounts inherited rules assignment rules

after you enable territories what 2 options become available

territory models and territory types

when making changes to roles or groups what table is locked by the lightning platform, what is the effect

the group membership table is locked and makes it impossible to process group changes in multiple threads

why use a territory type priority

to reflect sales strategy : Your organization expects more opportunities within the US east coast than the US westcoast in the coming year, so the East Coast territory type is assigned priority 001 and theWest Coast territory type is assigned 005

what is a territory type

types used for organizing and creating territories they dont appear on territory models and are only available in version 2.0

When using role hierarchy with multiple branches and multiple roles, what happens if I create an additional role, (What groups does salesforce create)

up to 3 groups are created when you create a new role. system defined role group system defined role and subordinates If external org wide defaults are enabled ( roles and internal subordinates)

what is the tooling api

used to integrate salesforce metadata with other systems

guide lines for adding users

username: Each user must have a username that is unique across all Salesforce organizations (not just yours). Username Format: Users must have a username in the format of an email address (that is, [email protected]), but they don't have to use a real email address. (They can use their email address if they wish as long as their email address is unique across all Salesforce orgs.) Email: Users can have the same email address across organizations. Passwords: Users must change their password the first time they log in. Login Link: Users can only use the login link in the sign-up email once. If a user follows the link and does not set a password, you (the admin) have to reset their password before they can log in.

open access : what do the view all and modify all object permissions provied

users access to all of an object's records, regardless of record-level access settings

when enabling account teams what option must you select

what layouts you would like the related list to appear on. team roles : appear as picklist values and include options like account manager , channel manager , lead qualifier

Where can you select session based permission set

when creating the permission set you hit a checkbox

when is granular locking used

when there is frequent and persistent locking that restricts the ability to perform manual and auto updates at the same time

what is the apex soap api used for

when you need to expose apex methods as web service


Ensembles d'études connexes

14 stress, lifestyle, and health

View Set

Nursing Application: Antidiarrheals

View Set

Ethics and values ch.22 review questions

View Set

Lab Simulation 10-2: Use Windows Defender Firewall to Block Specific Connections: Network+

View Set

Chapter 28: The Child with Hematologic or Immunologic Dysfunction

View Set

MANA3335 MindTap Learn It: Chapter 12: Communication in Organizations

View Set

LinkedIn Marketing Solutions Fundamentals Certification

View Set

HACC A&P 1 appendicular skeleton

View Set