I had started planning for Salesforce Application Architect journey in Nov, 2017. As in order to achieve this, I need to passed below mention 2 exam as other required exams I had already cleared.
- Certified Sharing and Visibility Designer
- Certified Data Architecture and Management Designer
As Sharing and security is my favorite, so I start preparing for "Certified Sharing and Visibility Designer" exam. It took almost 1 month for preparation and finally I cleared first architect exam on 30 Dec, 2017.
Through this blog, I am going share my preparation experience and tips for everyone who all are planning for this.
- For self study, please refer Resource Guide for Sharing and Security, which contains all the study material links for different topics. If you complete this, then you are ready for this exam.
- Please do practice on all topics related to declarative sharing and programmatic sharing.
This exam contains three sections:
- Declarative Sharing (68%)
- Programmatic Sharing(25%)
Tips on different sections:
- Candidate must have complete understanding of different record sharing in built functionality like OWD, Role Hierarchy, Sharing Rules, Manual Sharing, Teams, Territories etc.
- Custom permissions, Profiles and permission sets.
- As I was not able to do practice on Territories, I just went through Salesforce help section for territories. Important topics are difference between Territory management(1.0) and Enterprise Territory Management (2.0) and their capabilities.
- Must do practice on Account Teams and Opportunities. Different scenarios like who all can add team members, who can change record owner, what level of access can be given to user considering object OWD setting etc.
- Permission required for creating list views and with whom all list view can be shared.
- Custom settings, named Credentials and Custom metadata.
- Ownership Skew, Lookup Skew and Account Skew and their impact on performance.
- Always remember that manual sharing of record or manual sharing created through apex get deleted when record owner changes.
- Differences between shield and classic encryption.
- Record Access Grants(Implicit grant, Group membership grant, Inherited grant and explicit grant).
- Reports and dashboard folder access and permission required to manage this. Also cover different types on file and folder access permissions.
- Always remember that External default sharing level of object should be equal to or less restrictive than internal default sharing level.
- Public groups (who all can be added and how access can be restricted to higher role using public groups).
- How to force object permission and FLS in apex and VF page (using schema describe methods).
- How to use apex manage sharing for standard objects and custom objects
- Granular locking: Usually group membership get locked if any configuration happens. This will make impossible to perform group membership changes during this lock period. If Granular locking feature is enabled then system will lock portion of records instead of locking entire Group maintenance table. This allow multiple update simultaneously if there is no hierarchical or other relationship between the roles and groups involved in the update.
- Parallel Sharing rule calculation: If Salesforce perform any activity (maintenance or upgrade) then all sharing recalculation jobs get killed. In order to avoid this, consider enabling parallel Sharing Rule calculation. This will split the job in multiple threads which will run asynchronously. If Salesforce perform any activity, these jobs will not be killed and resume after salesforce activity.
- Deferred Sharing Calculation : Best fit if you can buy out maintenance window from live user. Once you enable this, system will not perform any sharing calculation and you can perform major configuration changes like role changes, public group reassignment etc.
- Avoid Account data skew, lookup skew and ownership data skew.
- Avoid creating more nested public groups
You ran refer below mentioned my blogs links which explain things in summarized way:
- Access Grants
- Consideration for large scale implementation
- Custom Permission
- Decleration Sharing v/s Programmatic Sharing
Hope this will help!!