Security Model – Free

ObjectiveResourcesKey Facts
Describe the core principles of the security model.Who Sees What: Data Visibility How to Series
[Must / ~50m / Salesforce.com]
[Who Sees What: Organization Access repeated from User Setup & Login Process – Free]

(This series is also available via Vidyard but does not appear to contain the entire series.)
The "Who Sees What" series is a great introduction to Salesforce security. If you have not watched the series before, I recommend watching these videos in order. Objectives and resources to follow will expand on these concepts.
Describe the capabilities of the User Sharing feature.Understanding User Sharing
[Could / Long / Salesforce.com]
User Sharing allows an administrator to set the user object org-wide default (OWD) to private. This feature is enabled by default for orgs created after the Winter 14 Release. To enable this feature in an existing org, contact Salesforce.com support.
Describe how access to data and functionality is structured within Salesforce.Security Overview
[Must / Medium / CertifiedOnDemand.com]
Organization Security: When (Login Hours), where (Login IP Ranges), and how (UI/API/etc.) a user can login.

Object Security: What actions a user can take on the records of a particular object (in conjunction with record security).

Record Security: What actions a user can take on an existing record (in conjunction with object security).

Field-Level Security: Determines which fields a user can view and update for each object.

Folder Security: Determines access to a variety of information including reports, dashboards, email templates, and more.
Explain who can delete records in Salesforce.

Security Overview
[Repeated]

To delete a record, the user must have the "Delete" object permission (profile or permission set) and "Full Access" to the record. "Full Access" is typically granted to the record owner, users higher in the role hierarchy than the record owner, and system administrators.
Describe profiles and their influence on security.Profiles
[Must / Short / CertifiedOnDemand.com]

User Permissions
[Must / Medium / Salesforce.com]

Who Sees What: Object Access
[Repeated]

Each user is assigned one profile, which is instrumental in determining a user’s functional access (apps, tabs, object-level permissions), how information is displayed to the user (page layouts, record types, field-level security), and a wide range of other permissions.
List and describe the standard profiles.Standard Profiles
[Should / Medium / Salesforce.com]

Who Sees What: Object Access
[Repeated]

Ensure that you understand the Salesforce license standard profiles:
Contract Manager
Marketing User
Read Only
Solution Manager
Standard User
System Administrator
Explain when to create a custom profile.

Profiles
[Repeated]

As customization of standard profiles is limited, create custom profiles prior to assigning users to profiles.
Describe permission sets, and common use cases where they are appropriate.Permission Sets
[Must / Short / CertifiedOnDemand.com]

Overview of User Permissions
[Must / Short / Salesforce.com]

Winter '12: Efficient, Manageable Security Policies with Permission Sets
[Should / Medium / Salesforce.com]

The Permissioner
[Could / Package / Appexchange.com]

Who Sees What: Permission Sets
(Repeated from Who Sees What Series above)

User Permissions
[Repeated]

Whereas the profile is used to set the foundation for a user's privileges, permission sets are optionally used to extend a user's privileges.

Permission sets can drastically reduce the number of custom profiles required in an org.

Two common use cases:

1. One-off cases where a user needs privileges not granted by their profile (e.g. extending the delete leads permission to one inside sales team, while the rest of the team cannot delete leads).

2. Extending privileges to users that are assigned different profiles (e.g. access to a 3rd party application).
Describe how Organization-Wide Defaults (OWDs) influence security.Sharing Default Access Settings
[Must / Medium / Salesforce.com]

Default Organization-Wide Sharing Settings
[Should / Short / Salesforce.com]

Who Sees What: Org-Wide Defaults
[Repeated]

Organization-wide default settings determine the default record-level permissions granted to all users for all records within each object. For instance, setting the Account object to "Public Read/Write" will ensure that all users have "Read/Write" record-level permissions to all account records.

The most commonly used settings are:
Private: No record access granted
Public Read Only: Read only record access granted
Public Read/Write: Read/Write record access granted
Public Read/Write/Transfer (Cases, Leads): Full record access granted
Controlled by Parents (Contacts, Activities): Parent record controls access
Describe roles and their influence on security.Roles
[Must / Short / CertifiedOnDemand.com]

Who Sees What: Access via Roles
[Repeated]

A user's role sets the foundation for what records and folders they can access. Users are granted full access to records owned by users in subordinate roles on objects where "Grant Access Using Hierarchies" is enabled.
Describe public groups and their influence on security.Groups
[Must / Short / CertifiedOnDemand.com]
Public groups are used to streamline the process of sharing access to records and folders. A group is comprised of users, roles, and other groups.
Describe manager groups and their influence on security.Sharing Records with Manager Groups
[Should / Medium / Salesforce.com]
Manager Groups are used to share access to records based on the user's manager (specified via the manager field on user record).

Manager Groups is disabled by default, but can be easily enabled by the system administrator.
Describe sharing rules, and when their usage is appropriate.

Who Sees What: Record Access via Sharing Rules
[Repeated]

Sharing rules are used to extend record access to users within specified roles or groups.

Records can be shared either based on record owner (role, group) or record criteria (known as a criteria-based sharing rule; e.g. all accounts in state "OH").

Sharing rules can extend either Read Only or Read/Write access.
Describe a queue's influence on security.

User Setup & Login Process – Free
[Repeated]

Ensure that you understand the fundamentals of queues - see User Setup & Login Process – Free for more.

When a user is a member of a queue and a record is owned by a queue, then the user will inherit "Full Access" to that record.
Explain how manual sharing can be used to extend record access.Manual Record Sharing & Auditing
[Must / Short / CertifiedOnDemand.com]

Viewing Which Users Have Access
[Must / Medium / Salesforce.com]
Users can manually share access to records that they own with other users, roles, and groups.
Describe delegated administration.Delegated Administration
[Must / Short / CertifiedOnDemand.com]
Whereas profiles and permission sets grant the ability to administer all users and objects, delegated administration allows administration of only specified users (based on roles/profiles) and specified custom objects.
Describe the capabilities of Custom Permissions.Custom Permissions Overview
[Could / Short / Salesforce.com]
Custom permissions can be used to define permissions within a custom application or process.

For example, your organization has implemented a custom application in Salesforce to track leave requests. One of the buttons in the application invokes a custom process (apex/VisualForce code) to mass approve leave requests.

Previously, if a developer wanted to define a permission to mass approve leave requests, this was often configured through the use of a custom field on the user object (e.g. checkbox "Can Mass Approve Leave Requests") or via the use of a hierarchy-based custom setting. Both of these approaches have limitations.

With custom permissions, a developer can define a permission to represent the user's ability to mass approve leave requests. This custom permission can then be assigned through the use of a profile or permission set, like any standard Salesforce permission.

Creating and defining custom permissions would be performed by a developer. However, administrators should be aware of custom permissions and the potential security implications when used.
Describe the capabilities of Single Sign-On (SSO).About Single Sign-On
[Should / Medium / Salesforce.com]

Single Sign-On Implementation
Guide

[Could / Long / Salesforce.com]
Single Sign-On provides the capability for a user to login to one system and have access to one more additional systems facilitated systematically as a result. For example, a user may authenticate to their network through Active Directory (Microsoft Windows) and thereby be granted access to Salesforce.com without providing a username and password.
Describe the capabilities of the Salesforce App Launcher.Setting up the App Launcher
[Could / 6m / CTOBuddy]
The Salesforce App Launcher is a single sign-on portal, allowing users to launch both Salesforce and external applications (external apps via single sign-on).
Describe the resources to monitor Salesforce system performance and security.Trust.Salesforce.com
[Must / Short / Salesforce.com]
Use trust.salesforce.com to monitor system and security status, as well find best practices from Salesforce.
Given a scenario, determine the appropriate security configuration.Security: Scenario 1
[Must / ~10m / CertifiedOnDemand.com]

Security: Scenario 2
[Must / ~10m / CertifiedOnDemand.com]

Security: Scenario 3
[Must / ~10m / CertifiedOnDemand.com]

Security: Scenario 4
[Must / ~15-30m / CertifiedOnDemand.com]

All Objectives Met

Security Matrix
[Should / Short / CertifiedOnDemand.com]

A Guide to Sharing Architecture
[Could / Long / Salesforce.com]

Record-Level Access: Under the Hood
[Could / Long / Salesforce.com]

Workshop: What's Possible with Salesforce Data Access and Security
[Could / 2h9m / Salesforce.com]

Nailing the “Gotcha” Questions
[Must / Medium / CertifiedOnDemand.com]

Security: Quiz
[Must / Short Quiz / CertifiedOnDemand.com]

Security: Advanced Quiz
[Must / Short Quiz / CertifiedOnDemand.com]

Security: Feedback
[Should / Feedback / CertifiedOnDemand.com]
Finished this section?  Next section: Data Model - Free

89 Responses to “Security Model – Free”

  1. adjoam December 18, 2016 at 4:01 pm #

    hi john
    is it possible for a user to own a record but not be able to see it?

  2. trpbt December 17, 2016 at 6:53 am #

    hi john,l

    Which of the following is the best way to make the Field Mandatory for everyone?

    A. Page Layout
    B. Validation Rule
    C. Roles & Profiles
    D. Field Level Security

    • adjoam December 18, 2016 at 4:05 pm #

      i think it’s B ..

      A. Page Layout – would only make it mandatory on specific page layouts
      B. Validation Rule
      C. Roles & Profiles – not applicable
      D. Field Level Security – not applicable as this only determines whether fields are visible/read only/hidden

  3. aventadorkinnu December 13, 2016 at 9:31 pm #

    Quick question regarding IP address. A company has an IP range set up and a user’s profile has a specific IP address. If the user moves out of that IP range but is still under the company’s IP address range, will the user be denied access, granted access or will be required to enter a security code ?
    -Thanks

    • JohnCoppedge December 16, 2016 at 11:49 pm #

      There are two types of IP ranges:

      trusted and login ranges

      if they login outside of trusted, then they need to activate
      if they login outside of login ip ranges, then login will be denied

      login ip ranges (restrictions) will override trusted ranges

  4. lauriebayles1@gmail.com November 19, 2016 at 3:57 pm #

    This link appears to be empty. Winter ’12: Efficient, Manageable Security Policies with Permission Sets

  5. CarlosSiqueira May 27, 2016 at 5:46 pm #

    I just can’t. Since this is a training environment, I removed all the permission sets associated with Opportunity. Now, when I log as Matt and try to share the Opportunity, I can only share with user Matt. I created a permission set for the role EMEA Sales Rep (Karen’s role) and then I can share the Opp with Karen, but all EMEA Sales rep get the same access. I will try to remove some other stuff and see if works. I tried similar scenario on a Production environment and it worked fine. Really strange because Matt and Karen have the same profile and Matt owns both the Account and the Opportunity, still unable to share either with Karen.

  6. CarlosSiqueira May 25, 2016 at 1:37 pm #

    I have 2 users with profile as Sales User. OWD for Opportunity is private. Matt has a role as US Sales Rep and Karen has a role as EMEA Sales Rep. Under Security Control/Sharing Settings/Opportunity sharing rules, I see a Global Sales Rep Group which contains ALL Sales reps (US, EMEA, APAC) sharing ALL Opportunities with ALL Sales Rep as read only. When I login as any user with a profile Sales User, I can see any Opportunities (US, EMEA, APAC) regardless of owner/role.
    When I login as Matt, I want to share all his Opportunities with Karen or at least one Opportunity.
    I tried a permission set with read/edit access to Opportunities and added Karen, when I log as Karen, I can read but can’t edit Matt’s Opportunities. I logged again as Matt, chose one Opportunity and clicked on Sharing. I can pick Public Groups, Roles, Roles & Subordinates, Users. When I try to chose Users hoping to be able to pick Karen, it shows me only 5 users: One VP of Marketing (role) Excutive User (profile), one APAC Sales Rep (role) Sales User (profile), 2 Marketers (Role) General Marketing User (profile) and one Marketing Director (Role) General Marketing User (profile). All these 5 users were grated read only access thru existing Opportunity Sharing rules. If I chose Roles and pick EMEA Sales Rep with read/edit acces, Karen gets edit access to this Opportunity but ALL other EMEA Sales Reps get the same. How can I give access ONLY to Karen to edit this Opportunity that belongs to Matt? I thought manual sharing was exactly that. Sorry for the long question.

    • JohnCoppedge May 27, 2016 at 3:18 pm #

      You should be able to share the record directly with Karen – does Karen already have access to the record? If not have you tried specifically searching for her name?

  7. bilabongster April 11, 2016 at 3:23 pm #

    Hey John,

    I have troubles understanding something.

    While in the Salesforce video that explains role hierarchy, it shows view/edit access can be controlled through roles as well. But when looking at dev org, there is no option to choose whether we can control view / edit access through roles as well.

    • JohnCoppedge April 13, 2016 at 9:02 pm #

      Access is granted via the role hierarchy (those in higher roles auto inherit access to records owned by those below) and through sharing rules to grant additional access. You are correct that there is a limited impact to security by configuring the role directly.

  8. Kat Radzetskaya March 30, 2016 at 3:54 pm #

    If I update the password in Salesforce,will SSO reflect it and the other way around it. If I update the password in SSO will the password be update in SFDC?

    • Kat Radzetskaya April 1, 2016 at 1:43 pm #

      John, any thoughts?

      • JohnCoppedge April 10, 2016 at 11:01 pm #

        I don’t think you have a password at all with sso enabled. Your source system(eg active directory) performs the authentication. The password is not stored in salesforce in that scenario. Not an expert here, but that’s what I’ve seen working with clients that have it enabled (you will get an error in salesforce if you try to reset the password of a user that has an sso enabled profile).

  9. tejalr8@gmail.com February 4, 2016 at 8:26 pm #

    Hi john,
    Finally stated working with my first ever free app i got from here “The Permissioner” and its awesome.
    Thank you again.
    Tejal.

  10. g.levy@mamacash.org February 4, 2016 at 6:22 pm #

    Hi John,

    I am not clear about the difference between:
    Role Hierarchy and Sharing Records with Manager Groups

    If an object has Private setting on OWD, the role hierarchy will allow higher roles in the hierarchy of the record owner to access it. Why would i use “Sharing Records with Manager Groups” than?

    Thank you,
    Gil

    • JohnCoppedge February 4, 2016 at 7:28 pm #

      Manager groups depend on the Manager lookup field on the user.

      E.g.

      Bob (reports to) –> Jim

      Jim (for whatever reason) is not above Bob in the role hierarchy. The Manager group allows you to declare sharing based on the manager field, rather than the role hierarchy (e.g. direct reports only… versus all those lower in the role hierarchy).

  11. g.levy@mamacash.org January 30, 2016 at 4:05 pm #

    Hi John,

    What are External users? what licence to they have to my org. instance?
    What is partner (user)?

    User sharing for external users
    Users with the “Manage External Users” permission have access to external user records for Partner
    Relationship Management, Customer Service, and Customer Self-Service portal users, regardless of
    sharing rules or organization-wide default settings for User records. The “Manage External Users”
    permission does not grant access to guest or Chatter External users.

    Regards,

    Gil

    • JohnCoppedge January 31, 2016 at 5:28 pm #

      External users would be customer/partner/community licenses- users in these categories are typically enabled from an existing account/contact record (the resulting user record is linked back to the contact that it was created from).

      If you are curious about this I would suggest enabling communities in your org – create a test account/contact and then grant access. DE orgs have community licenses to test with.

  12. tejalr8@gmail.com January 25, 2016 at 12:23 pm #

    Hi john,
    It might be a silly question at this stage , but want t know that record access level , sharing rules can only be defined by ADMIN in ur org, ?

    —————————————————————————————————————————————————————————————————–
    OR
    Record owner can also define there sharing rules , to whom they want to share with.
    and further in sharing rules and manual sharing ,,,,and hierechy,

    another question is …when i have OWD more restricted then public Read/Write…

    Hierarchy :
    there is a hierarchy and , if i m a subordinate of manager, and as the rule define at Role hierechy my manager can access my roles..so how much manager access allowed for a record at that point( i means is he able to vie,edit,delete,share to others in org.?)

    Sharing Rule:
    same for sharing rule (how much access to the person have with my record access), can he view,edit,delete,or further can share my record to others?
    and same question for manual sharing of my owned record. if i share manually to some user who w/o considering hierarchy…

    Manual sharing:
    how much access do he have with my record which one shared manually with him?
    can he view ,edit, delete, or further share to other user in org.?

    at this point , i m really craving for answer related to effect of security model(profile,Sharing settings and again it relate to one of my question on reports and dashboard).

    you answers Really helping me gain confidence with my Salesforce learning.
    Thank you for putting such an effort to direct learners to the right direction.
    Thank you .Thank you .
    Tejal.
    Tejal.

    • JohnCoppedge January 25, 2016 at 7:19 pm #

      Sharing rule = defined by admin
      Record level sharing = defined by a user that has full access to the record

      Role hierarchy grants full access for records owned by users below in the role hierarchy (where grant access via hierarchies is enabled, which is the case for standard objects)

      Sharing rule only grants up to read/write (not full access, which grants delete)

      Manual sharing also grants up to read/write (read or read/write)

      Cheers,

      John

      • tejalr8@gmail.com January 25, 2016 at 7:33 pm #

        Thank you john,
        this will help .
        Tejal.

  13. soraya.attia@papilioconsulting.be November 17, 2015 at 4:44 pm #

    Hi John,
    The following video has been removed, a shame, I saved it to watch it later now that I have completed your guide but it is gone 🙁
    “I love Permission Sets: A Deep Dive Into Profiles 2.0”

  14. chris.jenkinson@hotmail.com.au November 2, 2015 at 11:09 pm #

    in the Who Sees What: Data Visibility How To Series, the first video “Who sees what: Overview” won’t load. I get an error “Error Code: 200
    : NetStream.Play.StreamNotFound”

    • Celso_Garcia November 3, 2015 at 6:37 pm #

      Works for me. I have a pc using chrome

  15. soraya.attia@papilioconsulting.be October 30, 2015 at 1:21 pm #

    Hi John,

    I have a question regarding email notifications I receive as a system admin when OWD settings are changed in SF. How can this be switched off?
    Is this setting only valid when changing OWD or also other config?

    Secondly, the abbreviation SFDC is mentioned quite a lot, what does it stand for?

    Thanks,

    Soraya.

    • Rena Bennett-Dellwo October 30, 2015 at 2:59 pm #

      Soraya,

      SFDC stands for Salesforce Dot (.) Com. Sometimes people just say SF instead.

      Hope this helps. (I don’t have the answer to your other question at the moment. Hopefully someone else does.)

      Rena

      • soraya.attia@papilioconsulting.be November 4, 2015 at 11:02 am #

        Thanks Rena!

  16. Bilal Nawaz October 20, 2015 at 5:27 am #

    Hey John can you please help me to understand this question.

    Accounts teams are used for the following reasons: (Select all that apply)

    a. Share roles with the sales team

    b. Are used for collaborative account management

    c. Are used for sharing and reporting purposes

    d. Are used for splitting of account credit if needed

    what his mean by “Accounts teams”
    its answer is a,b,c but I’m missing something here.

  17. Sps October 19, 2015 at 10:37 am #

    Hello John,

    Thank you for this excellent Website.

    Would appreciate if you could explain or provide a link explaining the difference between team and group in Salesforce. I understand where groups are to be used but no clear understanding on how and when to use teams in sharing.

    Thank You

    • Munira Majmundar October 20, 2015 at 1:31 pm #

      That is a good question. I think Group is mainly used in Chatter and comprises of folks who share common interest or would like to keep themselves abreast on a particular topic; and Team mainly comprises of a group of people, across various teams/departments, that work on specific project. But, it would be great to get more info. on these for clarification.

    • Munira Majmundar October 20, 2015 at 1:36 pm #

      Hello Sps:

      Here is a link that helps clarify the concepts

      https://success.salesforce.com/answers?id=90630000000DEbTAAW

    • JohnCoppedge October 22, 2015 at 3:11 am #

      Teams are defined for select objects (e.g. accounts, opportunities) and are used to designate which users are involved on the record (e.g. an account team indicates who is involved in managing that accounts) – teams also provide access by sharing the record to the user (so that if you are a member of the account team you can view the record).

      Groups are multi-purpose and are generally leveraged for purposes (e.g. within a sharing rule).

  18. Munira Majmundar September 29, 2015 at 12:06 am #

    John:

    I think the answer is A.
    B. can only read , edit their own opportunities , but can view every one else
    VIEW EVERYONE ELSE? Does not make sense.

    Answer A should be correct because it says
    Can read,Edit and view their own and every one else opportunities

    It specifies EVERY ONE ELSE OPPORTUNITIES.

    View ALL permission is on Opportunity Object. So, the User will be able to View Opportunities they own AND ALL OTHER RECORDS ON THE OPPORTUNITY OBJECT that others own.

    Pl. correct me if I am wrong.

    • JohnCoppedge September 30, 2015 at 6:49 pm #

      Correct- but if OWD is set to private, then they would not have read/write to all other opportunity records (view all providing only read access)… its not a very clearly worded question though.

      • Munira Majmundar September 30, 2015 at 7:10 pm #

        If so, then, you may want to change your answer to A

        JohnCoppedge September 3, 2015 at 1:32 pm #
        Oh I didn’t see ‘view all’ my mistake – the answer would be b then

        • JohnCoppedge October 2, 2015 at 3:48 pm #

          I still think the answer would be B. OWD private means that they would only be able to edit and read their own opportunities, then view all would open up view access to all opportunities.

  19. Dharani Animireddy September 1, 2015 at 12:14 pm #

    Not sure it notified as a duplicate, so i just to be on the safer side i am posting only the question ..

    1) when the user profile on the opportunity was set to Edit and read , and view all .OWD is set to private ,The user can

    a)Can read,Edit and view their own and every one else opportunities
    b)can only read , edit their own opportunities , but can view every one else
    c)can only Read, view , edit their own opportunities and they can’t view other opportunities

    My answer is ‘b’ but the answers seems to be ‘a’ .

    I am confused now , can you please help me here???

    • Dharani Animireddy September 2, 2015 at 10:34 am #

      hi can some one help me on the questions please?

      • JohnCoppedge September 2, 2015 at 12:19 pm #

        It depends on where the user is in the role hierarchy. The closest answer is probably c.

        If the OWD is private, that means that the user won’t be able to view or edit opportunity in the same role as they are assigned or any roles above that role. They will be able to view and edit (granted access via the role hierarchy) records owned by users in roles below theirs.

        • Dharani Animireddy September 2, 2015 at 4:26 pm #

          hi John,
          Yes i agree with you depends on Role hierarchy, but if the role hierarchy was not enabled . And the OWD is private.
          But the User profile has ‘View all’ option , that means they can view all other opportunities .

          am i missing some thing here ?

          • JohnCoppedge September 3, 2015 at 1:32 pm #

            Oh I didn’t see ‘view all’ my mistake – the answer would be b then

  20. Thepride21 August 21, 2015 at 1:56 am #

    I am unable to see the videos, they seem to be private. Is there any other source which can help me view these?

  21. Celso_Garcia August 20, 2015 at 2:32 pm #

    This is unfortunate. Yesterday all but one video was view-able. Today only 3 are available. I was only on like the 3rd one in the series and the were great. Why do they keep making them private then public?

  22. Ezekiel Apte July 6, 2015 at 6:10 am #

    This resources provides a visual perspective on Salesforce Security:
    https://chendamok.files.wordpress.com/2014/11/salesforce-security-sharing-model-layer-of-visibility-new-page2.png

  23. bsnavle July 2, 2015 at 7:16 pm #

    Wow… Just loved it. Thanks for letting me know John.

  24. Basava Salini Atluri July 2, 2015 at 1:55 am #

    HI John,

    Who Sees What: Data Visibility How To’s — these videos are made private in you tube. can not access all of them. only 3 videos are made available.

  25. bsnavle July 2, 2015 at 12:42 am #

    Thanks Patrick.
    Only 3 are available.

  26. patrick_j July 2, 2015 at 12:03 am #

    All but three of the videos in the “Who Sees What: Data Visibility How To’s” youtube playlist are now private.

  27. bsnavle July 1, 2015 at 9:23 pm #

    Hello John – I am not able to see all the videos in ” Who Sees What”. It says the videos are Private.
    Do I need any specific user credentials to view those videos ? Please help.

  28. Rena Bennett-Dellwo May 1, 2015 at 12:11 pm #

    I thought I’d posted this yesterday, but now I can’t seem to find it. I apologize in advance if, in fact, it is a duplicate post.
    For some reason, I’m having problems with this concept, and I’m taking my cert exam next week so I’m more than a little nervous :-).
    If someone has limited or no access at the profile level to an object and – therefore – to records they own, can the OWDs/Role Hierarchy/Sharing Rules/Etc. give them more access to objects and records that they don’t own?
    My instinct would be to say that if you can’t see/edit/etc. your own records at the profile level you can’t see/edit/etc. someone else’s records.

    • Rena Bennett-Dellwo May 1, 2015 at 3:00 pm #

      I don’t think I clicked on “Notify me…”

      • JohnCoppedge May 1, 2015 at 6:40 pm #

        Correct – you are granted the lowest combination of all of the permissions.

        E.g. in order to edit a record, you need edit at the object level and edit access to the record. So if your profile is read only on the account object, you will never be allowed to edit account records.

  29. Kevin Brown March 11, 2015 at 5:45 pm #

    Needs editing:

    Each user is assigned a one profile

    …should read

    Each user is assigned a one profile

    Also, a space needs to be between “user(page” in the same paragraph.

  30. Velma McConnell February 20, 2015 at 6:39 pm #

    I’m finding that the user interface screens in the video do not match what I’m currently seeing in the developer or my Enterprise edition. It’s making it a bit more difficult to follow along and find these fields. For instance, there are drop down arrows in the profile settings, but links instead.

    Any idea when SFDC will be updating these fields?

    • JohnCoppedge February 20, 2015 at 6:49 pm #

      You should be able to turn off the new UI:

      Instructions within this guide make the assumption that the Improved Setup User Interface is disabled.

      I suggest you double-check your org settings by navigating to Setup –> Customize –> User Interface; ensure “Enable Improved Setup User Interface” is not checked.

      If you enable this feature, step-by-step instructions within scenarios and exercises will not line up correctly (as the setup navigation menus will be different).

  31. Jasmin Akerele January 16, 2015 at 10:56 pm #

    Hi John,
    In the section “Describe the capabilities of the Salesforce App Launcher”, the link is damaged:
    [sc:youtubelink id=1_cTGhxPJHQ text=”Setting up the App Launcher”]

    BTW, thanks for creating this site…I’m working my way through…

  32. Jeanne Busch October 20, 2014 at 8:59 pm #

    The repeated links for object access still needs to be updated to: https://www.youtube.com/embed/9hxRSxWRmAc

  33. Lisa Seyler October 6, 2014 at 9:24 pm #

    I found a typo – I think you meant to say “comprised” -> “A group is compromised of users, roles, and other groups.”

  34. Kim Snyder September 6, 2014 at 7:12 pm #

    It looks like a number of these have changed. Here’s the new list of these revised videos –
    https://www.youtube.com/playlist?list=PL6747B4DAE356E17C&src_vid=5KLTcu02nfY&feature=iv&annotation_id=annotation_3297769117

  35. Kim Snyder September 6, 2014 at 6:54 pm #

    John,

    The Who Sees What Organization-wide Defaults video has been updated – here’s the new link – https://www.youtube.com/watch?v=8rzn-DtG8nc&src_vid=u9PHTLwtomo&feature=iv&annotation_id=annotation_2699026523

    Thanks so much for this training series!

  36. Algy George August 21, 2014 at 11:50 pm #

    Why is it showing only opportunity access and case access options while defining role?

    • JohnCoppedge August 24, 2014 at 11:39 pm #

      The relationship between accounts, opportunities, and cases is unique and configured in this fashion. Other objects are not influenced by their relationship to accounts in this fashion.

  37. James MacRae June 17, 2014 at 12:29 pm #

    I recently took the exam and was asked the question.

    Whats is the Salesforce default OWD for accounts?

    Could be worth researching all the OWD defaults for the exam.

  38. Frank van Meegen December 3, 2013 at 8:31 am #

    What is your best practice regarding the organization-wide defaults? E.g. do you change these settings as soon as you start a new instance? Or do you keep these settings default?

    • JohnCoppedge December 3, 2013 at 12:41 pm #

      Generally you want to figure out what security settings will apply to the whole organization and then implement them after that is fully understood. If you need a private sharing model, it is generally best to implement sharing rules first – so that when you turn off org-wide access to the object the users will already have rules in place to grant access where needed.

  39. Rennie July 25, 2013 at 1:13 am #

    In the “List and describe the standard profiles” section, you have “Solution Manager” listed twice.

Leave a Reply