Data Security
1. What
is OWD?
Answer: Organization-Wide
Defaults(OWD) are used to control access for any object. While setting OWD for
a particular object, we also define whether access is provided within the role
hierarchy or not.
We have majorly three levels of access controls. Private Public read-only
Public Read/Write
2. Can
we disable access via role hierarchy?
Answer: Yes, we can for custom
objects but not for standard objects.
3. What
is a public group?
Answer: Public group consists of
users, roles, or “roles and subordinates.” Sharing rule is defined using public
groups. Records that match certain conditions allocated to users in public
groups through Sharing Rules.
4. What
is the difference between a public group and a Queue?
Answer: Major difference between
Queue and the public group is queues are used as owners of records to share
workload while groups are used for security, i.e., to open up access for a set
of users.
5. Who
can manually share the record?
Answer: Record Owner, Any user
above the role hierarchy or Administrator, can manually share the record.
6. When
is the button to share the record manually available?
Answer: Button is available only
when OWD is not a public read-write, plus you should have access to share the
record.
7. Can
we create a user without a role and profile?
Answer: Profile is mandatory
while creating the user, while the role can be left blank.
8. How
is the access of detail objects in the case of master relationship controlled?
Answer: OWD of the child is
controlled by the parent, and the parent object’s access to the detail object
is controlled only; while defining the relationship, you select either option
to define the access.
If a user has minimum read access on the parent record, they can edit the child
record.
They can edit the child record, If the user has edit access on the parent
record only.
Remember, users also need to have access at the profile level to edit the
object.
9. What
is public read-write transfer available on specific objects in OWD?
Answer: This option is available
only for the case and lead objects, along with users being able to read and write
the record. They can also transfer ownership of the record depending on whether
they have appropriate access to the profile.
10. What
will happen to child records if we delete a parent record in Lookup
Relationship?
Answer: When we define a lookup
relationship between two objects, we choose an outcome for if the parent record
is deleted what should happen with lookup value will be cleared, or we will
restrict the user from deleting the parent record itself.
Note: We can’t select the first option, i.e., clear the value of a field if the
field is marked as required.
11. What
will happen to child records if we delete a parent record in case of a
Master-Detail Relationship?
Answer: All the child object
records will be deleted if we delete the parent object record.
12. If
we restore the master record, does it also restore the detail records?
Answer: Yes
13. What
is “View all” and “Modify All” permission?
Answer: View all and modify all
fields trump everything in the system, i.e., irrespective of OWD, what sharing
rules are set up in system user with this permission will be able to see or
edit all the records present in the system for a particular object. It gives a
user the ability to mass update, mass transfer, and mass delete records.
14. What
will happen if a field is hidden through Field level security and the user
searches for values in that field?
Answer: Field-level security
doesn’t prevent users from searching on the values in a field. When search
terms match field values protected by field-level security, the associated
records are returned without the protected fields and their values in the
search results.
15. Can
we restrict permissions using a permission set?
Answer: No permission sets are
used to extend the access, not restrict it.
16. If
a user doesn’t have access to a record type, can they still see the records of
that record type?
Answer: Yes, they will be able
to see it; they just won’t be able to create records of that particular record
type.
17. Can
we restrict users logging in from unauthorized IP addresses?
Answer: Yes, we can define what
IP addresses are valid, and if users of that particular profile try to login IP
addresses outside of those defined, they will be denied access.
18. What
is the difference between defining IP ranges in network access and on profile?
Answer: IP ranges that we define
in-network access. Just tell us a list of secure IPs that don’t require any
login challenges, like receiving an OTP, while IP ranges are defined on the
profile. It will restrict the user from logging in other IPs other than described
on the profile.
19. Can
we restrict the login of users based on time?
Answer: Yes, it can be done, but
only at the profile level is there a related list under each profile called
login hours, where we can define the start and end time for each day.
Answer: Yes, we can define our password policies where we can choose complexity requirements for each password, length and force the user to change the password every 30 days
0 Comments