Salesforce Admin Interview Questions – Security Model
Table of Contents
48. What is a user in salesforce?
- A salesforce user is the one who can log into salesforce. It gives them access to all the functionality of salesforce based on their profiles and roles.
- A user can be a system administrator, Sales Rep, Marketing managers etc.
- Each salesforce user consumes one salesforce license in the org.
49. How to delete a Salesforce user?
Salesforce user cannot be deleted. They can only be deactivated.
50 . What is the difference between freeze user and deactivate a user in Salesforce?
- Freezing user accounts does not make their user licenses available for the user in our org. To make their user license available, deactivate the account.
- Deactivating the user or Freezing the user will not allow them to log in to salesforce org.
- In a scenario when we do not want a user to login into Salesforce org for some brief time like for a few months when they are on long leave then instead of deactivating the user we can freeze the user so that they cannot log in into the salesforce for that period.
51. Explain about security model in salesforce?
Security model in salesforce is broadly classified into two types
- Org level security – Access to object, fields, tabs, apps etc.
- Record Level Security – Access to the records saved in the salesforce database . i.e. visibility of data in salesforce.
52. What is a profile?
- A profile in salesforce is a set of permission that defines what a user can do in salesforce org.
- Profiles gives access to objects, fields, tabs, apps, page layouts, records types, apex class, visualforce pages, login hours and ip ranges.
53. What is role?
- Role or Role hierarchy controls the visibility of the data for particular user in Salesforce org.
- For Example if we have 50 records in Account object but as per the user’s role only 40 records should be visible to that user. Then this behaviour can be controlled by Role.
54. What is the difference between profiles and roles?
A profile is all about the user’s access to the salesforce org, whereas the role is all about the user data visibility in the salesforce org.
55. What is OWD(Organization wide defaults) settings?
- Organization-Wide Defaults, or OWDs, defines the baseline access levels for an objects records in the salesforce org.
- For most objects, organization-wide sharing settings can be set to Private, Public Read Only, or Public Read/Write.
56. What is grant access using hierarchies?
- Grant access using hierarchies is an option which is always Checked by default for all the standard object in salesforce, and there is no option to uncheck this option for the standard object.
- However, for custom object admin user can check or uncheck it based on the requirements.
- If we check the checkbox “grant access using hierarchies” in OWD setting, then owner and his manger and his manager till top level can access/see the records.
57. What is the difference between Private, Public Read Only and Public Read/Write in OWD settings?
- Private – Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.
- Ex: Tom is a HR manager and Harry is the HR executive then Tom can view, edit, and report on Harry’s record.
- Public Read Only – All users can view and report on records but they cannot edit them. Only the record owner and all users above that role in the role hierarchy can edit those records.
- Public Read Write – All users can view, edit, and report on all records.
58. What is ‘Controlled by Parent’ in OWD settings?
- ‘Controlled by parent’ setting will be displayed in OWD setting to the object, which is child objects in a master-detail relationship.
- Ex: Account and Contact are in a master-detail relationship, and OWD setting for Account is private then OWD setting for contact will be ‘Controlled by Parent’.
- Which means if the account is set to Private, then Contact will also become private by virtue of is master-detail relationship with Account.
59. What is permission set?
- A permission set is a collection or group of permissions and settings that give users access to various tools and functions like profiles.
- But permission sets extend users’ functional access without changing their profiles.
60. Can a user have more than one Permission set?
Yes a user can have more than one permission set assigned but users cannot have more than one profile.
61. Can two users have the same profile?
Yes, one profile can be assigned to one or more users. However, each user can have only one profile.
62. Can we restrict a user to login into salesforce after office hours?
Yes we can restrict a user to login into salesforce after login hours by configuring login hours in the profiles.
63. Can we restrict user to login into salesforce from different network?
Yes we can restrict users to login into salesforce from different network by configuring Login IP ranges in the profile.
64. What is view all and modify all in salesforce?
- View all and Modify all permission ignore all the security setting and allow a user to view all the data and modify all the data in the salesforce org irrespective of his role and access.
- View all and Modify all access should not be given to any regular user in the salesforce org.
65. How to hide visibility of a field from user?
There are two ways to hide the visibility of the field for a user
- By removing the particular field from the page layout.
- By removing the field access from field level security.
66. What is the difference between hiding the field from page layout and hiding the field from field level security?
When we hide the field from page layout it is just not visible from that page, but it can be visible from reports, search results, list views, related lists, email and mail merge templates, custom links or with API names in the code.
Whereas if we hide the field from field-level security, then it is not visible from anywhere.
67. How many different types of profiles available in salesforce?
There are two different types of profiles available in salesforce
- Standard profiles
- Custom profiles
68. What is the difference between standard profiles and custom profiles?
- Standard Profiles : By default salesforce provides few profiles in salesforce org is called as standard profiles.
- Like Read Only, Standard User, Marketing User, Contract Manager, Solution Manager & System Administrator.
- Custom Profiles : These are profiles created by us (admin users) based on requirements.
69. Can we delete standard profiles?
No we cannot delete standard profiles but we can delete custom profiles if it is not assigned to any user.
70. Can we modify standard profiles?
We can edit a limited number of setting in standard profiles but in custom profiles we can edit anything.
71. Is Profile mandatory to create a user?
72. Is role mandatory to create a user?
73. What is sharing rule?
- Sharing rule help us share or open the data visibility to other group or roles or roles and subordinates.
- Sharing rules can never be stricter than your organization-wide default settings.
74. What is manual sharing?
- Manual sharing is nothing but sharing the individual records with some other person.
- We should use Manual sharing in scenario where it is difficult to come up with some defined rule.
- If any unique situation comes up then also we can use Manual Sharing.
- Manual sharing button on the record is enabled only if the OWD setting for that object is either private or public read only.
Salesforce Classic Sharing button
Salesforce Lightning Sharing button
75. What is a public group?
- A public group contains a set of individual users or other groups or all the user in a particular role.
- It can also contain users in a particular role and all the users below that role.
76. What is a Queue? Also, What is the difference between Queue and Public group?
- A queue is very similar to public group like it can contain a set of individual users or other groups or all the users in a particular role.
- Moreover, it can also contain users in a particular role and all the users below that role.
- Queues are available for cases, contact, leads, orders, custom objects, service contracts, and knowledge article versions.
77. Who can be the record owners in salesforce?
Queues and salesforce users can be record owners in salesforce. whereas public group cannot be owners of salesforce records.