- What is the Salesforce data security model? The Salesforce data security model consists of a series of layers and controls that determine how data is accessed and managed within Salesforce. It includes organization-level, object-level, field-level, and record-level security settings.
- What are organization-level security settings in Salesforce? Organization-level security settings include login IP ranges, login hours, password policies, and two-factor authentication to control how users access the Salesforce org.
- How does object-level security work in Salesforce? Object-level security, also known as CRUD (Create, Read, Update, Delete) permissions, is managed through profiles and permission sets. It controls what actions a user can perform on specific objects.
- What is field-level security in Salesforce? Field-level security controls access to individual fields within an object. It can be managed through field-level permissions in profiles and permission sets.
- How does record-level security function in Salesforce? Record-level security determines which individual records users can view and edit. It is managed through organization-wide defaults (OWDs), role hierarchies, sharing rules, and manual sharing.
- What are Organization-Wide Defaults (OWDs) in Salesforce? OWDs define the baseline level of access to records that users do not own. It sets the default sharing settings for objects, such as Public Read/Write, Public Read Only, or Private.
- What is a role hierarchy in Salesforce? A role hierarchy grants access to records to users higher up in the hierarchy, ensuring that managers can access the same records as their subordinates. It does not override object-level permissions.
- What are sharing rules in Salesforce? Sharing rules are used to extend access to records beyond the default settings defined by OWDs and role hierarchies. They can be based on record ownership or criteria, such as field values.
- What is manual sharing in Salesforce? Manual sharing allows users to grant specific access to individual records on a per-user basis. It is available for records owned by the user or shared with the user.
- What are profiles in Salesforce? Profiles define the baseline permissions for a user, including object permissions, field permissions, tab settings, and other system permissions.
- What are permission sets in Salesforce? Permission sets are used to grant additional permissions to users without changing their profiles. They are additive and can be assigned to multiple users.
- How do permission sets differ from profiles in Salesforce? Profiles are assigned to a single user and provide baseline permissions, while permission sets are additive and can be assigned to multiple users to grant additional permissions.
- What is the difference between roles and profiles in Salesforce? Roles determine what records users can see in the hierarchy and are used for record-level access, while profiles control what users can do within the system, such as object and field permissions.
- What is field-level encryption in Salesforce? Field-level encryption enhances data security by encrypting sensitive data at rest in the Salesforce database. It is a feature available with the Salesforce Shield platform.
- What are login IP ranges in Salesforce? Login IP ranges define a range of IP addresses from which users can log in to Salesforce. They can be set at the organization level and for individual profiles.
- How do login hours work in Salesforce? Login hours restrict when users can log in to Salesforce. These settings are configured at the profile level.
- What is two-factor authentication (2FA) in Salesforce? 2FA adds an extra layer of security by requiring users to verify their identity using a second factor, such as a mobile device, in addition to their username and password.
- What is the purpose of the Salesforce Shield platform? Salesforce Shield provides enhanced security features such as Event Monitoring, Field Audit Trail, and Platform Encryption to help monitor, protect, and retain critical data.
- How does Event Monitoring work in Salesforce? Event Monitoring provides detailed logs of user activity and system performance, helping administrators track and analyze user behavior and detect potential security threats.
- What is the Field Audit Trail in Salesforce? Field Audit Trail allows organizations to track changes to field values over time, maintaining a history of data changes for up to ten years, which is critical for compliance and auditing purposes.
- What is the difference between a public group and a queue in Salesforce? Public groups are collections of users that can be used to simplify the management of sharing rules, whereas queues are used to manage a shared workload by holding records that need to be processed by a group of users.
- How do you secure a custom object in Salesforce? To secure a custom object, set the object's permissions in profiles or permission sets, configure field-level security, and establish appropriate organization-wide defaults and sharing rules.
- What are Apex sharing reasons? Apex sharing reasons allow developers to programmatically share records with users based on custom logic. They provide a way to create fine-grained sharing rules through Apex code.
- What is the purpose of a sharing set in Salesforce? Sharing sets grant community or portal users access to records based on their association with a specific account or contact. They help extend record access in customer and partner portals.
- How do you restrict access to sensitive information in Salesforce? Restrict access to sensitive information by using field-level security, setting appropriate object permissions, employing organization-wide defaults, creating sharing rules, and using encryption if necessary.
- What is delegated administration in Salesforce? Delegated administration allows you to assign certain administrative tasks to users without giving them full system administrator rights. This can include managing specific users, profiles, and roles.
- What is the purpose of a Salesforce permission set group? A permission set group bundles multiple permission sets together to simplify the assignment of permissions to users. It helps manage permissions more efficiently.
- How do you enforce data security during data imports in Salesforce? Enforce data security during data imports by ensuring that the import process respects existing sharing rules, object permissions, and field-level security. Use profiles and permission sets to control access.
- What are external sharing models in Salesforce? External sharing models control access to data for users outside your organization, such as community or portal users. They are similar to internal sharing models but apply to external users.
- How does Salesforce Shield enhance data security? Salesforce Shield enhances data security with features like Platform Encryption, Event Monitoring, and Field Audit Trail, which provide advanced encryption, detailed activity tracking, and comprehensive data change history.
- What is the purpose of a custom profile in Salesforce? A custom profile is created to define a specific set of permissions tailored to the needs of a particular group of users. It controls access to objects, fields, tabs, and other settings.
- How do record types impact data security in Salesforce? Record types allow different business processes, picklist values, and page layouts for different users. They do not directly impact data security but can control how users interact with data.
- What are the benefits of using enterprise territory management in Salesforce? Enterprise territory management helps structure your Salesforce data sharing model by aligning it with your sales territories. It allows for flexible assignment of accounts and opportunities to territories based on various criteria.
- How do you audit data access and changes in Salesforce? Audit data access and changes by using tools like Field Audit Trail, Event Monitoring, login history, and the setup audit trail to track who accessed or modified data and when.
- What is the significance of setting login hours for profiles? Setting login hours restricts when users can access Salesforce, which enhances security by preventing access outside of specified business hours.
- How can Visualforce pages impact data security? Visualforce pages can impact data security if they do not respect the sharing and security settings defined in Salesforce. Developers must ensure that their code enforces appropriate security checks.
- What is the difference between "View All Data" and "Modify All Data" permissions? "View All Data" allows users to view all records within Salesforce, while "Modify All Data" allows users to view, edit, delete, and transfer all records. Both permissions override sharing rules and other access controls.
- How can you secure integrations with external systems in Salesforce? Secure integrations with external systems by using OAuth for authentication, setting appropriate API permissions, employing IP whitelisting, and using encryption for data in transit and at rest.
- What is a sharing recalculation in Salesforce? A sharing recalculation is the process of reevaluating and applying sharing rules and access settings to ensure that the current data access model is enforced. This can be triggered manually or programmatically.
- How do profiles and roles work together in Salesforce? Profiles and roles work together to control access within Salesforce. Profiles determine what users can do (permissions), while roles determine what data users can see (record access).
- What is the purpose of a session timeout in Salesforce? Session timeout settings determine how long a user session can remain inactive before the user is automatically logged out. This enhances security by reducing the risk of unauthorized access from unattended sessions.
- How can you manage user permissions for Salesforce applications? User permissions for Salesforce applications can be managed through profiles and permission sets, which specify the objects, fields, tabs, and system functions users can access and the actions they can perform.
- What are restriction rules in Salesforce? Restriction rules allow admins to control which subset of records within an object is accessible to users. Unlike sharing rules, which grant additional access, restriction rules can limit access to certain records based on criteria.
- How does Salesforce handle record ownership and access? Record ownership determines the primary user responsible for a record. The owner has full access to the record, and ownership can influence access through role hierarchies and sharing rules.
- What is the significance of the "View Setup and Configuration" permission? The "View Setup and Configuration" permission allows users to access the setup area of Salesforce, where they can view and sometimes modify system settings and configurations. It should be granted cautiously.
- How do you secure sensitive data in Salesforce reports and dashboards? Secure sensitive data in reports and dashboards by setting appropriate report and dashboard folder permissions, ensuring field-level security, and using row-level security with sharing settings.
- What is the difference between classic encryption and platform encryption in Salesforce? Classic encryption uses a masking approach to encrypt specific fields, while platform encryption, part of Salesforce Shield, uses advanced encryption methods to encrypt data at rest in the Salesforce database.
- How do you ensure compliance with data privacy regulations in Salesforce? Ensure compliance with data privacy regulations by using tools like Salesforce Shield for encryption, Field Audit Trail for data retention, configuring data access controls, and adhering to consent management practices.
- What is the purpose of Login IP Restrictions for profiles? Login IP restrictions for profiles limit where users can log in from, enhancing security by ensuring that logins only occur from trusted networks or locations.
- How does the "Transfer Record" permission affect data security? The "Transfer Record" permission allows users to change the ownership of records they do not own, which can impact access and visibility for those records. This permission should be granted selectively to avoid unintended access changes.
