Data Security
1.What is Profile?
Ans: A Profile is a Collection of settings and permissions that determines the user functional access(apps,tabs,object level permission), and how the information is displayed(page layout,record types, field level security) and wide range of other permissions.
A profile controlls the following permissions and settings.
- App setting
- Tab settings
- Page layout settings
- Record type settings
- Field level security
- Administrative permissions
- General user permissions
- Object permissions
- Session settings
- Password policies
- Login hours
- Login IP ranges
- Enabled apex class access
- Enabled visualforce access
- Named credentials
- Custom Permissions
- Enabled service presence status access
- One profile can be assigned to multiple users, but one user can have only one profile.
- Profile can not be deleted if it is assigned to a user.
Standard Profile: The Profile which are already available in salesforce created by salesforce by default.
* Standard profiles can not be deleted.
* We can change standard profile settings like App settings and Tab settings only.
* We can not change any other permission like Administrative permission , general user permissions etc.
List of Some Standard Profiles
- System Administrator
- Standard Platform User
- Standard Platform One App user
- Standard User
- Customer Community User
- Contract Manager
- Read Only
- Solution Manager
- Work.com Only User
- Identity User
- Partner Community User
- Partner Community Login User
Custom Profile: The Profile which is created by the System Administrator is called Custom Profile
* Custom profiles can be edited and deleted.
* Permissions(functionalities) availability in the custom profile is based on the selected salesforce license.
Standard and Custom Object Permissions:
Create: Users can create records
Read: Users can view their own records only
Edit: Users can edit their own records only
Delete: Users can delete their own records
View All: Users can view entire data in the object
Modify All : Users can edit entire data in the object
View All Data(Administrative Permissions) : Users can view entire Salesforce Data.
Modify All Data(Administrative Permissions) : Users can edit entire Salesforce Data.
2. What is Role?
Ans: A Role is level designation in the Role hierarchy. A role shows the level of accessbility that has given to users. "Role" plays the important role to access the data in Salesforce.
* In Salesforce roles are defined so as to increase the data visibility a particular user has.
* In OWD we have an option called "Grant Access Using Hierarchies" which is by default enabled to Standard objects we can not change it, but we can change(Enable and Disable) for Custom objects. If you check that checkbox then only the records will be shared to superiors else records will not be shared.
* Role hierarchy could not be used to restrict the access level instead it is used to extend the access level to superiors from subordinates.
3. What is Permission Set?
Ans: Permission Set is a group of settings and permissions which is used to extend the functionality of Profile. Lot of functions in Profile can be found in Permission Set as well.
* We can Provide more functionalities to group of users which are not provided in their Profile.
* One Permission Set can be assigned to multiple users.
* One user can have multiple Permission Sets
* Using Permission Set we can only extend the functionality, but we can not restrict the Permission.
4. User in Salesforce?
Ans: User is a Person or an Organization who has valid credentials to login into salesforce.
* While creating a user Profile is mandatory but Role is not mandatory.
* Without a profile user cannot be created.
* User should be active to login into Salesforce.
* A user can have multiple Permission Sets.
* Organization should have available licenses to create a user.
We have 4 types of Status to a User in Salesforce
Active: If user is active then he will be able to login and access the Salesforce Application.
Inactive: If the User is inactive, the License will be removed and the user can not access the application.
Freeze : If the User is in Freeze he will not able to access the application but his License will not be removed.
Unfreeze: If user is unfreezed he will be able to access the application.
5. What is OWD?
Ans: OWD means Organization Wide Defaults. Whenever a user login into the salesforce what are the default access we have to provide to that user can be maintained in this OWD.
- Organization Wide Defaults(OWD) in salesforce is the baseline level of access that the most restricted user should have.
- OWD are used to restrict the access. You can grant access through other means like(Sharing rules, Role hierarchy, Manual sharing, Apex sharing).
- In Simple words OWD specify the default level of access users have to each other's records.
OWD has different types access for objects
- Private: Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.
- Public Read Only: All users can view and report on records, but only the owner, and users above that role in the hierarchy can edit them.
- Public Read/Write: All users can view, edit, and report on all records.
- Public Read/Write/Transfer: It is only available for Leads and cases.
- Use, No Access, View Only for Price book.
Note: Object level Permissions determine the baseline level of access for all the records in an Object.
OWD modify those permissions for records a users doesn't own.
- Profile and Permission Set are Object Level access.
- OWD and Role-Hierarchy are Record Level access
- Public Group : Groups which are created by administrators and this groups can be available for entire organization. Everyone in the organization can use this Public group
- Private Group: Groups which are created by users for their personal use. For example certain records are always shared within A specified workgroup.
- Roles(Users who has specific role).
- Roles and Subordinates(Manager and Subordinates).
- Users(Individual Users).
- Public Groups(Which are already exist).
- To set up default sharing access through a Sharing Rule.
- Groups are used in Sharing Rules, Apex sharing, Manual sharing.
- Groups are mainly used to share data to group of members.
- Queue has a list of specified objects and users where queue can be assigned as a owner for those specified objects.
- Queues are used in Assignment Rules.
- Queue cannot be deleted if it is assigned as owner for any record.
- Roles
- Roles and Subordinates
- Users
- Public Groups
- Sharing button would be enabled on Page layout to share the records.
- Roles
- Roles and Subordinates
- users
- Manager Groups
- Manager Groups and Subordinates.
- Criteria Based Sharing rule
- Owner Based Sharing rule
- Public Groups
- Roles
- Roles and Subordinates
- Manager Subordinate Groups
- Do Not Reassign Owner : Specifies that the current owner on a lead or case will not be reassigned to the lead or case when it is updated.
- An Approval Process specifies the steps necessary for a record to be approved and who must approve at each step.
- An Approval Process also specifies the actions to take when a record is Approved, Rejected, Recalled, or First submitted for Approval.
- We can create Approval Process in Two Steps.
- Use Jump Start Wizard(Single step Approval Process)
- Use Standard Jump Wizard(Multi Step Approval Process).
- Approval Process has some actions which are
- Initial Submission actions.
- Approval actions
- Rejection actions
- Final Approval actions
- Final Rejection actions
- Recall actions
- We can have 4 actions at each step.
- Email alert
- Field Update
- Task Creation
- Outbound Message
- We can upload upto 50000 records using Import Wizard.
- We can Turn-off Triggers and Workflows while uploading the data
- It allows only CSV(Comma Separated Value) to upload.
- In Import Wizard, It is not possible to Insert a record in two Objects, We can Insert record only in Single Object but in the combination of Accounts and Contacts we can Insert.
- Trigger Workflow and Process is the check box for skipping triggers and workflows.
- One more advantage in Import Wizard is we can select the Record type(for which record type we can insert the records) as well.
- It is used to upload the data more than 50000 records.
- We can set the batch size from 1 to 2000, by default it takes the size of 200.
- If we choose Bulk API option then batch size is 10000
- Using Data Loader we can upload upto 5lakh records.
- Reports can run on both Standard objects and Custom objects.
- Reports can be stored in folders, users with access to this folders can run the reports.
- Folders can be public, hidden or shared and we can set report Read only or Read/Write.
- We can make a folder available for your entire organization, or make it private so that only the owner has access.
- Tabular Report: This is the most basic report. It displays just the row of records in a table like format with grand total.
- Summary Report: This is the most commonly type of report. It allows grouping of rows of data.
- Matrix Report: It allows records to be grouped by both columns and rows.
- Joined Report: It is the combination of both Summary Report and Matrix report.
- Printable View: Export report with formatting into Excel.
- Export Details: Export raw data.
- We can use the same report in multiple dashboard components on a single dashboard(Eg: use of same report in both pie chart and bar chart).
- Like reports, dashboards are stored in folders, which control who has access. If you have access to a folder, you can view its dashboards.
- To view the dashboard components, we need access to the underlying reports as well.
- Dashboard display data as per last time report was run.
- We cannot schedule Dynamic dashboard.
- A dashboard can have up to 20 components.
- Per Organization we can have 5 Dynamic Dashboards.
- Primary object with related object—Records returned are only those where the primary object has at least one related object record. In our example of Opportunities with Products, the only records that would be displayed on the report would be opportunities that have at least one related product record.
- Primary object with or without related object—Records returned are those where the primary object may or may not have a related object record. If we were to create a custom report type, Opportunities with or without Products, then opportunities would be displayed whether or not they have a related product record.
- If we write a validation rule then it is applicable only when you are creating or editing, validation rule won't check for previous records.
- If we write Duplicate rule then it check for previous records also, which are in database.
- There is limitation for duplicate rule, when we are inserting records through import wizard, Dataloader in bulk at that time it won' work.
- Bucket field can group only three data types of fields
- Picklist
- Number
- Text
- It supports only Tabular, Summary and Matrix reports. It does not support for Joined reports.
- Let us consider i have 500 records, i need to insert records from 501. Through data loader we can insert from 501 we have start row in dataloader.
- In Dataloader if you use bulk API, then triggers, workflows, process builders and all will be skipped automatically.
No comments:
Post a Comment