Salesforce Interview Questions-Sharing & Security Part-1

1. What are different levels of security in salesforce?

• Object level security

The bluntest way that we can control data is by preventing a user from seeing, creating, editing, and/or deleting any instance of a particular type of object, like a Position or Review. Object-level access allows us to hide whole tabs and objects from particular users, so that they don't even know that type of data exists.

On the platform, we set object-level access rules with object permissions on user profiles.

• Field level security

A variation on object-level access is field-level access, in which a user can be prevented from seeing, editing, and/or deleting the value for a particular field on an object. Field-level access allows us to hide sensitive information like the maximum salary for a position or a candidate's social security number without having to hide the whole object.

On the platform, we set field-level access rules with the field-level security.

• Record level security

To control data with a little more finesse, we can allow particular users to view an object, but then restrict the individual object records that they're allowed to see. For example, record-level access allows an interviewer like Melissa Lee to see and edit her own reviews, without exposing the reviews of everyone else on her team.

On the platform, we actually have four ways of setting record-level access rules:

• Organization-wide defaults
• Role hierarchies
• Sharing rules
• Manual sharing

        
2. What is Organization wide default?

OWD stands for Organization wide defaults. This setting is defined at object level. OWD defined the default record level sharing for objects. All profiles get at least the privileges defined in OWD. OWD takes three different values -

A. Private

B. Public Read only

C. Public Read-Write

To find out what should be set as OWD for an object, first find out which user requires least access to an object. OWD is set based upon this users access requirements.
Most restrictive record access is defined using OWD. Access to additional records is made available through Role hierarchy, Sharing rules, Manual sharing.

3. What is role hierarchy?

Role Hierarchy allows additional users access to records. A hierarchy of roles is defined based upon access requirements at record level. Each user belongs to a unique role. If a role has access to some record, than its parent and ancestors will also have access to this record. Roles can be created using the Manager Users menu. Roles are used to control record access, where as profiles are used to specify access at object and field level.

4. What is public group?

Public group consists of users, roles or "roles and subordinates". Sharing rule is defined using public groups. Record that match certain condition can be assigned to users in public groups using Sharing Rules. Sharing rules functionality is available via the menu Sharing Settings.

5. What is manual sharing (User Managed Sharing)?

Manual Sharing is used to grant one-off access. Manual sharing can be granted by record owner, any one above the owner in role hierarchy and System Administrator. Manual sharing is used to handle exception cases where access to a particular record needs to be given to a specific user. There is a Sharing button on the records page. This is used to provide manual sharing.

<<Objects & Fields Part-1         Sharing & Security Part-2>>