11729435
Description
Flashcards by Curtis Cadwallader, updated more than 1 year ago
|
Created by Curtis Cadwallader
over 6 years ago
|
|
| Question | Answer |
| Where are the primary object permissions defined? | In the User's Profile |
| How should permissions be set in the profile, permissive or restrictive? | Restrictive. Set the lowest permission in the profile and expand permissions using Permission Sets. |
| What permissions can be set in the User Profile? | Read Create Edit Delete View All Modify All |
| How many Profiles can a unique user have? | Only one at a time. |
| What is a Permission Set? | A permission set is a collection of settings and permissions that give users access to various tools and functions. Permission sets extend users’ functional access without changing their profiles. |
| What is the limit on permission sets that a user can have? | A user can have multiple permissions sets. The limit is determined by their SF license type. |
| If you were hiring temporary help and wanted them to have read access to all records, but have the ability to also Edit and Create Lead records, what Profile would you assign? | Clone the Read-Only profile, modify it to allow Edit and Create permissions on the Lead object, and save it as TempHelp. Then assign it to the temporary employees. |
| What do the settings in a user's profile determine? | The settings in a user’s profile determine whether she can see a particular app, tab, field, or record type. |
| What do the permissions in a user's profile determine? | The permissions in a user’s profile determine whether she can create or edit records of a given type, run reports, and customize the app. |
| What do the permissions View All Data and Modify All Data do? | These permissions override all other sharing settings, so use caution when assigning them to any profile other than System Administrator. |
| How do you edit the object permissions on a standard profile? | You can’t edit the object permissions on a standard profile. However, you can clone any existing profile, and use that as the basis for a new profile, adjusting the apps and system settings as needed. |
| How do you deny a user an object permission that is granted in a standard profile? | You can't. You must create a new, more restrictive, profile to remove a permission and use Permission Sets to grant additional permissions. |
| How would you grant a user temporary access to edit an object or field? | Create a Permission Set to allow that permission and assign it to the user. Then, when the need is no longer present, remove that permission set from the user. |
| What is Field Level Security (or field permissions) used for? | Field-level security settings—or field permissions—control whether a user can see, edit, and delete the value for a particular field on an object. |
| What control do page layouts provide in allowing or denying a user to see information? | Page layouts only control the visibility of fields on detail and edit pages. Data is still visible on reports and in searches. |
| How does Field Level Security (FLS) improve upon page layouts in terms of restricting access to field data? | To make absolutely sure that a user can't access a particular field, it's important to use the field-level security page for a given object to restrict access to the field. |
| How do you apply field level security? | You apply field settings by modifying profiles or permission sets. |
| Can you modify field permissions on Standard Profiles? | Yes, you can modify field permissions, but you cannot modify object permissions. |
| True or False: A permission set can be used to restrict a user's permissions. | False. A permission set is for expanding a user’s access to fields that are restricted in their profile. |
| After setting Object and Field Level Security permissions, what is the 3rd level of data access control? | Record Level Security Determining which records the user has access to. |
| What is Record Access? | Record access determines which individual records users can view and edit in each object they have access to in their profile. |
| How are permissions on a record evaluated? | The permissions on a record are always evaluated according to a combination of object-level, field-level, and record-level permissions. When object-level permissions conflict with record-level permissions, the most restrictive settings win. |
| How do you control Record Access? | You use org-wide defaults to lock down your data to the most restrictive level, and then use the other record-level security tools to grant access to selected users, as required. |
| What are the 4 record level security tools? | Org-wide defaults Role hierarchies Sharing rules Manual sharing |
| What are the key principles to record access? | A user’s profile sets baseline permissions to objects. Permission sets expand the baseline permissions defined in the profile. Org-wide defaults set access to records a user does not own. Role Hierarchy increases record access. Sharing rules expand access to additional groups of users. Record owners can manually share individual records with other users. |
| Can Org-wide sharing be set differently for different objects? | Yes. |
| How are permissions set for a Detail record in a Master-Detail relationship. | The Detail record inherits the sharing setting of its parent. |
| How do you disable automatic access using hierarchies? | Deselect Grant Access Using Hierarchies for any custom object that does not have a default access of Controlled by Parent. |
| Who has access to a record when the Grant Access Using Hierarchies checkbox is de-selected? | If you deselect this checkbox for a custom object, only the record owner and users granted access by the org-wide defaults receive access to the records. |
| Who do you assign Permission Sets to, Users, Public Groups, or Roles? | You assign Permission Sets to Users. |
| What is assigned to Public Groups and Roles? | Sharing Rules are assigned to Public Groups, Roles, or Roles & Subordinates |
| What access is assigned in Sharing Rules? | Only two: Read Access or Read/Write Access |
| When is it not a good idea to use sharing rules? | When the user or group requiring access only requires access to a subset of ALL the records. (ex: Ben only needs access to the interview records of the applicants he's interviewed). |
| When is it a good idea to use sharing rules? | When Hiring managers need read and update access on every job application and review record. (the key word is "every") |
| What is a Public Group? | A public group is a collection of individual users, other groups, individual roles, and/or roles with their subordinates that all have a function in common. |
| What is a good rule of thumb for when to create a public group? | Create a public group if you want to define a sharing rule that encompasses more than one or two groups or roles, or any individual. |
| Who are Permission Sets assigned to, Users, Public Groups, or Roles? | Users |
| How many User Accounts can you add at one time? | Up to 10 accounts |
| What is the effect if you set a trusted IP Range for: A) Whole Org B) A given User Profile | A) Users outside of trusted range are prompted for authentication. B) Users outside of trusted range are locked out. |
| What happens when users are logged in past their assigned login hours? | If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action. |
| How do Permission Sets work with Profiles? | A user can have one profile and many permission sets. A user’s profile determines the objects they can access and the things they can do with any object record (such as create, read, edit, or delete). Permission sets grant additional permissions and access settings to a user. |
| What does the Profile control vs the Permission Set? | The settings in a user’s profile determine whether she can see a particular app, tab, field, or record type. The permissions in a user’s profile determine whether she can create or edit records of a given type, run reports, and customize the app. |
| How do you restrict field visibility in related lists, list views, reports, and search results? | Use Field Level Security on the Profile to restrict visibility. |
| How are Object, Field, & Record level permissions evaluated and applied? | The permissions on a record are always evaluated according to a combination of object-level, field-level, and record-level permissions. When object-level permissions conflict with record-level permissions, the most restrictive settings win. |
| If you disable the Grant Access Using Hierarchies option on a customer object, how are users impacted? | In the Organization-Wide Defaults related list, if the Grant Access Using Hierarchies option is disabled for a custom object, only the record owner and users granted access by the org-wide defaults receive access to the object's records. |
| When using Roles, what does a higher level role see when observing subordinates data? | Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the role hierarchy, unless your sharing model for an object specifies otherwise. |
| Can you change the Grant Access Using Hierarchies setting on Standard Objects? | No. Only on custom objects. |
| What are the 3 components of sharing rules? | 1) Share which records (Criteria or owner based) 2) With which users (Role or Public Group) 3) What access (Read or Read/Write) |
| Who can be members of a Public Group? | Individual Users Other groups Individual Roles Roles with Subordinates |
Want to create your own Flashcards for free with GoConqr? Learn more.