Salesforce security interview questions
Salesforce security interview questions or data and security salesforce interview questions
There are different levels of security that is implemented in Salesforce. This post is related to data and security.
What are different Levels of data access in Salesforce?
Organization level security
For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations.
Object level security
Access to object-level data is the simplest thing to control. By setting permissions on a particular type of object, you can prevent a group of users from creating, viewing, editing, or deleting any records of that object. For example, you can use object permissions to ensure that interviewers can view positions and job applications but not edit or delete them.
Field level security
You can restrict access to certain fields, even if a user has access to the object. For example, you can make the salary field in a position object invisible to interviewers but visible to hiring managers and recruiters.
Record level security
You can allow particular users to view an object, but then restrict the individual object records they’re allowed to see. For example, an interviewer can see and edit her own reviews, but not the reviews of other interviewers. You can manage record-level access in these four ways.
- Organization-wide defaults
- Role hierarchies
- Sharing rules
- Manual sharing
What is Organization-wide defaults?
Organization Wide Defaults(OWD) in salesforce is the baseline level of access that the most restricted user should have. Organizational Wide Defaults are used to restrict access. You grant access through other means like(sharing rules, Role Hierarchy, Sales Teams and Account teams, manual sharing, Apex Sharing ). In simple words Organization Wide Defaults(OWD) specify the default level of access users have to each other’s records.
For more details please level to below post Organization Wide Defaults(OWD) in salesforce
What is role hierarchy?
It gives access for users higher in the hierarchy to all records owned by users below them in the hierarchy. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.
What are Sharing Rules?
Sharing Rules are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don’t own or can’t normally see. Sharing rules, like role hierarchies, are only used to give additional users access to records. They can’t be stricter than your organization-wide default settings.
What is Manual sharing?
It allows owners of particular records to share them with other users. Although manual sharing isn’t automated like org-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, such as when a recruiter going on vacation needs to temporarily assign ownership of a job application to someone else.
Some more questions for Salesforce security interview questions post.
What is Profile
- The settings in a user’s profile determine whether she can see a particular app, tab, field, or record type.
- The permissions in a user’s profile determine whether she can create or edit records of a given type, run reports, and customize the app.
Profiles usually match up with a user’s job function (for example, system administrator, recruiter, or hiring manager), but you can have profiles for anything that makes sense for your Salesforce org. A profile can be assigned to many users, but a user can have only one profile at a time.
What are standard profiles?
- Read Only
- Standard User
- Marketing User
- Contract Manager
- System Administrator
What is Permission Set?
Permission sets make it easy to grant access to the various apps and custom objects in your org, and to take away access when it’s no longer needed.
Users can have only one profile, but they can have multiple permission sets.
What is “View all” and “Modify all” permission?
View all and Modify all permissions are usually given to system administrator. When you grant “View All” or “Modify All” for an object on a profile or permission set, you grant any associated users access to all records of that object regardless of the sharing and security settings.
In essence, the “View All” and “Modify All” permissions ignore the sharing model, role hierarchy, and sharing rules that the “Create,” “Read,” “Edit,” and “Delete” permissions respect. Furthermore, “Modify All” also gives a user the ability to mass transfer, mass update, and mass delete records of that specific object, and approve such records even if the user is not a designated approver.
These tasks are typically reserved for administrators, but because “View All” and “Modify All” let us selectively override the system, responsibilities that are usually reserved for the administrator can be delegated to other users in a highly controlled fashion.
Is it possible to restrict permission for users using permission set?
If a user does not have access to a specific record type, will they be able to see the records that have that record type?
For more details related to salesforce security please refer to this trailhead module Data Security
If you have any question related to Salesforce security interview questions, please add your comments
I will keep adding more questions to Salesforce security interview questions.