Universal Containers maintains Job information in a Custom Object that contains sensitive information. The only users who should be able to view and edit Job records are the user who owns the record and all users in the Delivery profile. Which three platform sharing tools are required to support the above requirements? Choose 3 answers.
A. Grant access Using Hierarchy sharing setting on the Job Object set to false.
B. "Modify All" permission for Job Object on the Delivery Profile.
C. Criteria-Based sharing rule for the Delivery Profile on the Job Object.
D. Organization-Wide Default sharing setting of Private on the Job Object.
E. "View All Data" profile permission on the Delivery Profile.
Explanation:
To support the requirement of allowing only the owner and users in the Delivery profile to view and edit Job records, you need to use three platform sharing tools:
Organization-Wide Default sharing setting of Private on the Job Object: This will restrict access to Job records to only the owner by default.
Grant access Using Hierarchy sharing setting on the Job Object set to false: This will prevent users above the owner in the role hierarchy from accessing Job records.
“Modify All” permission for Job Object on the Delivery Profile: This will grant users in the Delivery profile full access to all Job records regardless of ownership.
Criteria-Based sharing rule and “View All Data” profile permission are not required for this scenario. Criteria-Based sharing rule would grant additional access to users who meet certain criteria, which is not necessary. “View All Data” profile permission would grant access to all data in the organization, which is too broad and may violate data security.
To grant Universal Containers sales managers access to shipment records properly it was necessarily to the IT Team is worried about improper access to records. Which two features and best practices should a Salesforce architect recommended to mitigate the risk?
A. USe isShareable keyword in Apex classes to assure record visibility will be followed
B. Use runAs system method in test classes to test using different users and profiles.
C. Use with Sharing keyword in Apex classes to assure record visibility will be followed
D. User isAccessable keyword Apex classes to assure recor visibility will be followed.
Explanation:
According to this source, the runAs system method in test classes can be used to test using different users and profiles, and the with sharing keyword in Apex classes can be used to enforce record visibility rules. The other options are not valid keywords in Apex
Universal Containers wants to create a way to store sensitive Invoice Data in Salesforce. A User who owns an Account should not see every Invoice, but only invoices that they or their subordinates own. Which two features should be considered during this solution implementation?
Choose 2 answers.
A. Deploy the Relationship between Accounts and the Invoices Object as Master-Detail.
B. Ensure that the Organization-Wide Default sharing for Invoices is set to Private.
C. Create a Workflow that populates the Invoice sharing object upon Insert.
D. Deploy the Relationship between Accounts and the Invoices Object as Lookup.
Explanation:
To store sensitive invoice data in Salesforce, the architect should consider using a master-detail relationship between accounts and invoices, and setting the organization-wide default sharing for invoices to private. This would ensure that only the owners of the invoices and their subordinates can see them, and that the invoices inherit the sharing settings of the accounts. A workflow that populates the invoice sharing object upon insert is not necessary if the master-detail relationship is used. A lookup relationship between accounts and invoices would not enforce the same level of security and visibility as a master-detail relationship3
Universal Containers (UC) wants to reduce the amount of redundant leads entered into the system. UC also only edited/reassigned by the lead owner. What organization-wide default (OWD) approach should be recommended to help UC implement these requirements?
A. Implement a Public Read Only OWD on Lead.
B. Implement a Public Read Only/Transfer OWD on Lead
C. Implement a private OWD on Lead.
D. Implement a Public Read/Write OWD on Lead.
Explanation:
To reduce redundant leads and restrict their editing and reassignment, a Salesforce Architect should recommend implementing a private OWD on Lead. A private OWD means that only the owner of the lead record and users above them in the role hierarchy can view, edit, or transfer the lead. This will prevent duplicate leads from being created by other users, and also ensure that only the lead owner can modify or reassign the lead. Implementing a public read only OWD on Lead will not work, as it will allow other users to view the lead records, which may lead to duplication. Implementing a public read only/transfer OWD on Lead will not work, as it will allow other users to transfer the lead records to themselves or others. Implementing a public read/write OWD on Lead will not work, as it will allow other users to edit or reassign the lead records.
Universal Containers has the following requirements:
A. Private Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Role(s) and Consumer Sales Role(s) to Commercial Support Role(s).
B. Private Account Sharing with Sharing Rules from Commercial support Role(s) to Commercial Support Role(s) and Consumer Sales Role(s) to Consumer Support Role(s).
C. Read-Only Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Group(s) and Consumer Sales Role(s) to Commercial Support Groups(s).
D. Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Groups(s) and Consumer Sales Group(s) to Consumer Support Group(s).
Explanation:
Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Group(s) and Consumer Sales Group(s) to Consumer Support Group(s) is the recommended Org-Wide Sharing Default for Accounts and the way to enable proper Commercial and Consumer Sales to Support Account Sharing for this scenario. This way, the sales and support departments can share their customers with each other, but not with the other departments. The other options are incorrect because they either do not allow the sales and support departments to share their customers (A and B) or they allow too much access to the accounts ©.
Universal Containers (UC) has a requirement to expose a web service to their business partners. The web service will be used to allow each business partner to query UC's Salesforce instance to retrieve the status of orders. The business partner should only be allowed access to orders for which the business partner is the fulfillment vendor. The Architect does not want the business partners to utilize the standard APIs and would prefer a custom API be developed. Which three design elements should the Architect consider in order to ensure the data security of the solution?
Choose 3 answers
A. Query the Orders object with Dynamic SOQL based upon the fulfillment ID.
B. Set the Orders object's sharing settings to Private in the Org-Wide Defaults
C. Provide each partner with their own Salesforce login set to API Enabled on the profile.
D. Develop a custom Apex web service with a fulfillment ID input attribute
E. Develop a custom Apex web service using the "With Sharing" keyword.
Explanation:
To ensure the data security of the custom web service, the Architect should consider the following design elements:
Query the Orders object with Dynamic SOQL based on the fulfillment ID: This will allow the web service to filter the orders based on the input parameter and return only the relevant records to the business partner.
Set the Orders object’s sharing settings to Private in the Org-Wide Defaults: This will restrict access to the Orders object to only the owner and users above them in the role hierarchy by default, and prevent unauthorized access from other internal or external users.
Develop a custom Apex web service using the “With Sharing” keyword: This will enforce the sharing rules defined for the Orders object and respect the record-level access of the web service user.
Universal Containers (UC) has implemented Service Cloud. There is a flag field on the case object that marks a case as (Sensitive). UC requested that this flag can be viewed by all users who have access to the case but only be edited by the assigned case assessor. The case assessor is a lookup field on the case object. How can an architect achieve this requirement?
A. Permission Set.
B. Object Permissions.
C. Custom Lightning Component.
D. Field-level security
Explanation:
The architect can achieve this requirement by using a permission set. A permission set is a collection of settings and permissions that give users access to various tools and functions3. The architect can create a permission set that grants edit access to the flag field on the case object, and assign it to the users who are assigned as case assessors. Object permissions control the access level that users have to records, not fields. A custom lightning component is not necessary for this requirement, as it can be done declaratively. Field-level security controls the visibility of fields on page layouts and reports, not the editability.
A sales rep at Universal Containers was added to an opportunity team with Read/Write permissions. Which action is she allowed to perform in the opportunity?
A. Add/remove members in the opportunity team.
B. Replace opportunity owner.
C. Update opportunity stage.
Explanation:
A sales rep who is added to an opportunity team with Read/Write permissions can perform actions such as updating opportunity fields, adding products, creating tasks, and logging calls4. Therefore, updating opportunity stage is an action that she is allowed to perform in the opportunity. Adding or removing members in the opportunity team is an action that only the opportunity owner or users above the owner in the role hierarchy can perform. Replacing opportunity owner is an action that only the current owner or users above the owner in the role hierarchy can perform.
Which option is recommended to implement this requirement?
A. Use a custom LWC to override the view action of WorkOrder with custom metadata type defining relevant fields per WorkOrder type
B. Use different page layouts per work order type with different sections representing key information about the specific work order type.
C. Use Dynamic form to add different page sections and control visibility of sections by Work Order RecordType value,
Explanation:
Using Dynamic Form to add different page sections and control visibility of sections by Work Order RecordType value is the best option to implement this requirement, as it will allow field agents to see only required information specific to the WorkOrder type they are addressing, without creating multiple page layouts or custom components. Using a custom LWC to override the view action of WorkOrder with custom metadata type defining relevant fields per WorkOrder type will work, but it will require additional development and maintenance. Using different page layouts per work order type with different sections representing key information about the specific work order type will work, but it will require creating multiple record types and page assignments.
At Universal Containers, users should only see Accounts they or their subordinates own. All Accounts with the custom field "Kay Customer" should be visible to all Senior Account Managers. There is a custom field on the Account record that contains sensitive information and should be hidden from all users, except 3 designated users who require view and edit access. These three users come from different user groups, and will change occasionally. Which three platform security features are required to support these requirements with the minimum amount of effort?
Choose 3 answers
A. Criteria-Based Sharing Rules
B. Owner-Based Sharing Rules
C. Role Hierarchy
D. Apex Managed Sharing
E. Permission Sets
Explanation:
To support the requirements with the minimum amount of effort, three platform security features that are required are criteria-based sharing rules, role hierarchy, and permission sets. Criteria-based sharing rules can be used to share all accounts with the custom field “Kay Customer” to all senior account managers based on a filter condition. Role hierarchy can be used to grant access to accounts that users or their subordinates own based on the ownership and role level. Permission sets can be used to grant view and edit access to the custom field that contains sensitive information to the three designated users, regardless of their user groups or profiles
| Page 3 out of 7 Pages |
| Previous |
Copyright © - All Rights Reserved