68 terms

Salesforce Certified Sharing and Visibility Designer

STUDY
PLAY
Who can see a Private file?
File owner and users with the Modify All or View All Data permissions.
*If file is in a Private library, only file owner has access.
Who can see a Privately Shared file?
Only the file owner, users with "Modify All Data" or "View all Data" permission, and specific file viewers can find and view this file.
When does a File have a Sharing Setting of Private?
1. Upload it in Files Home
2. Publish it to your Private Library
3. Sync a file in your Salesforce Files Sync folder
4. Stop sharing it with everyone (Make Private)
5. Delete posts that include the file and the file isn't shared anywhere else
When does a File have a Sharing Setting of Privately Shared?
1. Only shared with specific people or a private group
2. Posted to a private group
3. Shared via link
4. Posted to a feed on a record
5. Published to a shared library
When does a File have a Sharing Setting of Your Company?
1. Posted to a feed that all users can see, a profile, a record, or a public group
Which permissions does a File Viewer have?
1. View or Preview
2. Download
3. Share
4. Attach a File to a Post
5. Sync a File
Which permissions does a File Collaborator have?
1. View or Preview
2. Download
3. Share
4. Attach a File to a Post
5. Sync a File
6. Upload New Version
7. Edit Details
8. Change Permission
T/F Do records have viewer permission for files posted to their feeds?
True
Which permission is needed to sync files?
Sync Files
Who can grant access to a record?
1. The record owner
2. A user in a role above the owner in the hierarchy
3. Any user granted Full Access to the record
4. An administrator
To whom can you grant access to a record?
1. Managers Group
2. Manager Subordinates Groups
3. Public Groups
4. Personal Groups
5. Users
6. Roles
7. Roles and Subordinates
8. Roles and Internal Subordinates
9. Roles and Internal and Portal Subordinates
10. Territories
11. Territories and Subordinates
T/F You can share an opportunity or case to users without Read access on the Account and where you do not have the ability to share the Account.
False
What are the three key components of the ownership-based architecture?
1. Owner field for all records
2. Object share tables
3. Group membership tables
Which fields does a row in an object share table contain?
1. ID of the record being shared
2. ID of the user or group being granted access
3. Level of access
4. Reason the access is being granted
How many sharing records are created when a group of 5 users is granted access?
One. A single sharing record is created for groups in the object share table.
Describe the process followed when a user requests access to a record.
1. First, it checks whether a profile, permission set, or OWD setting already gives the user the level of access requested.
2. If the user does not have that level of access, the system queries the object share table to see if there is a row in which the record's ID and user's ID appears.
3. Next, it queries the group membership table to identify all groups that could provide access to the user.
4. It then scans the object share table again to see if there is a row in which any of these groups has already been granted access.
5. Finally, it compares the level of access granted directly to the user with the levels of access granted to the groups the user belongs to, giving the user the least restrictive level of access.
What are role groups?
Role groups gives users assigned to a role access to records owned by or shared to members of subordinate roles, and records shared to the subordinate roles themselves.
What security tactic should you employ if you don't want anyone including the record owner, to be able to delete or share the record?
Create a "dummy" or "integration" user to own the data, then use sharing rules or apex to share data to the appropriate groups.
What functions are granted with the Manage Salesforce CRM Content permission?
1. Create, edit, and delete libraries
2. Edit library permission
*inclusive of the other CRM Content user permissions
What functions are granted with the Manage Content permission?
1. Create, edit, and delete library permissions
What functions are granted with the Manage Content Properties permission?
1. Create, edit, and delete custom fields CRM Content
What functions are granted with the Manage record types and layouts for Files permission?
1. Create, edit, and delete record types in CRM Content
2. Create, edit, and delete page layouts in CRM Content
What is a library permission?
A group of privileges assigned to each CRM Content library member. It determines which tasks a member can perform in a particular library.
*A user can have a different library permission in each of their libraries.
How do you create a library permission?
Setup > Content Permissions > Add a Library Permission
What permissions does the Manage Library privilege grant?
Perform any action in the library.
*Required to edit libraries' name and description, add or remove library members, or delete a library
What permissions does the Add Content privilege grant?
Publish new content to the library, upload new content versions, or restore archived (deleted) content. Content authors can also change any tags associated with their content and archive or delete their own content.
What permission does the Deliver Content privilege grant?
Create a content delivery using any files in the library.
What permissions does the Attach or Share Content within Chatter privilege grant?
Make content from this library accessible in Chatter. Within Chatter, select a file from the library and attach it to a post or share it.
What are the org-wide default options for content-delivery password protection?
1. Password protection is optional and defaults to OFF
2. Password protection is optional and defaults to ON
3. Password protection is required
How many content-delivery views are allowed within a 24-hour period?
20,000
How much bandwidth is allocated to content deliveries within a 24-hour period?
10 GB
Which file type of content delivery are not supported for online views?
Any document over 25 MB is not supported.
T/F Customer Portal and Partner Portal users can create content deliveries?
False
What are your options when restricting the record types available in the library?
1. Allow content with any record type to be linked to this library
*Enable content published in other libraries to be shared to the library with the record type restrictions
2. Do not apply record type restrictions to existing content
*Select if you do not want to receive warnings regarding existing content. You will not be notified that if existing content uses record types that are now restricted.
What happens when there are no record types in common between a user profile and a library?
The default record type of the library becomes available to the users with that user profile who are sharing files with the library.
What are the available library tagging rules?
1. Open Tagging - no restrictions
2. Guided Tagging - contributors may enter any tag they would like, but a list of suggested tags are offered.
3. Restricted Tagging - contributors must select from a list of suggested tags
What can a Portal user without a Salesforce CRM Content feature do with Content?
Download, rate, comment on, and subscribe to content if they have the "View Content on Portals" user permission. Content delivery unavailable.
What can a Portal user with a Salesforce CRM Content feature do with Content?
1. Access all CRM Content features granted by their library permission(s), including contributing content, moving and sharing content among libraries, and deleting content.
2. View CRM Content reports
Content delivery feature unavailable.
Why would you need to use a custom permission?
Although permission sets and profile settings include access settings to many things (like objects, fields, etc.), they don't include access for some custom processes and apps. Use custom settings when standard functionality isn't enough.
What are custom permissions?
They let you define access checks that can be assigned to users via permission sets or profiles.
What is an example of a custom permission?
You can define access checks in Apex that make a button a VF page available only if a user has the appropriate custom permission.
What is an external object?
They are similar to custom objects, except they map to data that's stored outside of Salesforce. They enable your users to to search and interact with external data.
What are the four types of Access Grants?
1. Explicit Grants
2. Group Membership Grants
3. Inherited Grants
4. Implicit Grants
What is an Explicit Grant?
Records are shared directly to users or groups
(Ex:
- A user or queue becomes the owner of a record.
- A sharing rule shares the record to a public group, queue, role, or territory
- An assignment rule shares a record to a user)
What is a Group Membership Grant?
A grant that occurs when a user, public group, queue, role, or territory is a member of a group that has explicit access to the record.
What is an Inherited Grant?
A grant that occurs when a user, group, queue, role, or territory inherits access through a role or territory hierarchy.
What is an Implicit Grant?
A grant that occurs when a built-in record sharing behavior provides access to a record.
(Ex:
- Users can view a parent record if they have access to its child opportunity.
- If a User has access to a parent account record, they also have access to its child opportunity, case, and contact records.
Which three tables does Salesforce use to store access grants?
1. Object Record Tables
2. Object Sharing Tables
3. Group Maintenance Tables
What information do the Object Sharing Tables contain?
The tables store data that supports explicit and implicit grants. Each object has its own Object Sharing Table unless it is a detail in a master-detail relationship.
What information do the Group Maintenance Tables contain?
The tables store data supporting group membership and inherited access grants
(Ex: If the Object Sharing Table grants access to a specific User, Salesforce checks the Group Maintenance Table to determine which users inherit access from Bob and grants these users access to the record.
What do sharing rows do?
Grant users or groups access to a specific record.
What do sharing rows include?
1) Record ID
2) User or Group ID
3) Level of Access
4) Row Cause
What are the three system-defined groups in Group Maintenance Tables?
1) Roles
2) RolesandSubordintates
3) RolesandInternalSubordinates
T/F Removing someone from an Account Team removes them from the Opportunity Team?
False
Which fields does the Account Team contain?
1) Account Access
2) Case Access
3) Contact Access
4) Opportunity Access
5) Team Member
6) Team Role
Which permissions do you need to create custom list views?
1) Read access on the object
2) Create and Customize List Views
Which permission do you need to create, edit, or delete public list views?
1) Manage Public List Views
To what can you share a report folder?
1) User
2) User Group
3) Role
4) Role and Subordinate
Which access levels can be granted for a report folder?
1) Viewer
2) Editor
3) Manager
What is the difference in report folder permissions between Editor and Manager?
Managers can do everything Editors can do AND control who has access to the folder, delete it, and change its properties.
If you have access to an account's child record, what permission does that grant you to the account?
Read Only
If you have access to an account, what permission does that grant you to its children (Contacts, Cases, Opportunities)?
Depends on the account owner's role
What are the three Communities User Licenses?
1) Customer Community
2) Customer Community Plus
3) Partner Community
What is the Customer Community license best used for?
B2C with large number of external users (up to 10 million users)
What is the Customer Community Plus license best used for?
B2B for support and non-sale scenarios (up to 1 million users)
What is the Partner Community license best used for?
B2B that need access to sales data (up to 1 million users)
What is a sharing set?
Grants HVC access to any account or contact that matches the user's contact or account. Also supports indirect lookups
What is a share group?
Because HVC don't have roles, share groups are used to specify the other external users that should have access to HVC owned records.