Pass Salesforce Certified Sharing and Visibility Designer Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
Certified Sharing and Visibility Designer Premium Bundle
- Premium File 119 Questions & Answers. Last update: Nov 24, 2022
- Training Course 21 Lectures
Last Week Results!
|Download Free Certified Sharing and Visibility Designer Exam Questions|
Size: 174.54 KB
Size: 65.72 KB
Salesforce Certified Sharing and Visibility Designer Practice Test Questions and Answers, Salesforce Certified Sharing and Visibility Designer Exam Dumps - PrepAway
All Salesforce Certified Sharing and Visibility Designer certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the Certified Sharing and Visibility Designer Certified Sharing and Visibility Designer practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
11. 1.8- Data Storage and Residency solutions
This is Section One on Declarative Sharing, and this lecture is about data storage and residency solutions. The topics of this lecture are classic encryption and Shield. Platform encryption, apex crypto, class-named credentials, custom settings, and custom metadata type To begin, Salesforce offers two ways to encrypt data. The first way is called classic encryption.
Classic Encryption is included in the base price of your Salesforce license, so no additional licences are required. The use of the encrypted text field is all that is required for traditional encryption. The type of this field is exactly called "text encrypted." A custom encrypted text field is any combination of letters and numbers that are stored in encrypted form. These are some notes that you should be aware of regarding the encrypted text field. Data and encrypted custom text fields can only be viewed by users who have the permission to view encrypted data.
What exactly does it mean when it says that force was used to encrypt text entered in both encrypted and unencrypted text fields? Well, text entered in the encrypted text field is encrypted using a 128-bit master key and the Advanced Encryption Standard algorithm, also known as the AES algorithm. You can use encrypted fields and email templates, but the value is always masked. If you have the ability to view encrypted data and grant another user login access, The user can see encrypted fields in plaintext, and only users with the permission to view encrypted data can clone the value of an encrypted field when cloning that record. And finally, only the Apex output field components are presenting encrypted fields in a VF page.
These are some restrictions that you should be aware of when it comes to encrypted text fields. Encrypted text fields are limited to 175 characters. Because of the encryption algorithm, encrypted text fields cannot be unique. They cannot have an external ID, and they cannot have default values. Encrypted text fields are not available for use with filters like listed views, report filters, roll-up summary fields, and rule filters. They are not available for connect offline, for Salesforce, for Outlook, for lead conversion, for workflow rule criteria, for formula fields, for outbound messages, for default values, and for web to lead and web to case forms. And finally, they are not searchable, but they can be included in search results. The other, more advanced encryption option is called Shield Platform Encryption.
Shield Platform Encryption is free for developer organizations. All other additions require you to purchase a license. With Shield Platform Encryption, you can encrypt all kinds of confidential and sensitive data. On the Salesforce platform, address refers to any inactive data stored in files, spreadsheets, standard and custom fields. The data is encrypted with a stronger two-five, six-bit AES key. The key is composed of two parts. First of all, we have the master secret. This is a key generated by Salesforce once per release, and it is stored securely on the servers. The second part is called the tenant secret. This is a key generated by your.org at any time and on demand. Your tenant secret partners with the master secret and what's called a "key derivation process" to create keys that encrypt and decrypt your data.
With Shield Platform Encryption, you can encrypt a number of predefined standard fields and some custom fields. To know which standard fields you can encrypt with "Shield Platform Encryption," you can click on this link. The custom field types that can be encrypted are email, phone text, including text area, text area long, and text area rich, URL, date, and date time. It also lets you encrypt files. So we can use Shield Platform Encryption not only to encrypt fields on records, but we can also use it to encrypt files. The table on the right side has all the permissions that are needed for the full Shield encryption configuration. As you can see, each feature of Shield Encryption requires its own set of permissions. For example, to generate a tenant key, as you can see on the right side, we need the Manage Encryption Keys permission for that. Different permissions can be given to different users depending on their role and the encryption process. Now, let's go over how to set up Shield encryption from scratch.
The first step is to create a permission set that contains all the permissions that we saw in the previous slide. This way, only one user will perform all the Shield Platform encryption configurations, and that user will be the admin user. Then, in key management, we must generate a tenant key. So we have to click on Key Management under Platform Encryption, and then we have to click on the Generate Tenant Secret button. As a best practice, you have to export the tenant secrets for backup purposes. At the same time, you have to rotate the tenants' secrets. So often, by generating a new tenant secret and archiving the older tenant secret, you can generate or upload key material every 24 hours. So in order to generate a new tenant secret, we have to wait 24 hours, and then we can generate a new one. The next step is to set the encryption policy. To do so, we have to go to Setup and search for "encryption policy" and click on "encrypt fields" to choose the field types to be encrypted. Then we have to check the Encrypt files and attachments checkbox.
There is a difference between classic encryption and shield platform encryption that we need to point out. With Shield Platform Encryption, users that have access to the field can read the field normally without any masking, just like any other field. But in the database, the field is encrypted for protection purposes against any unauthorised access. This is different than classic encryption, which masks the field on the right side. This is an example. You can see that with the classic encryption we have the option to set the mask type, which is not available with the shield platform encryption. Now let's go to Salesforce to see encrypted text fields and shield platform encryption. Okay, so I will go to any object. Let's go to the invoice object. And then, as you can see, I have a list of fields. Let me create a new text-encrypted field. As you can see if I hover over the eye, this text is encrypted using the classic encryption. As you can see, I've hit my limit. And then I can specify the mask type. So, let's say you want to mask all of the characters. And then I will use, let's say, the star. Now, if I click on "next," this will not let me because I have the length set to two five five. You can see that I have invalid data.
The maximum that I can use is 175. Let's open an invoice. And as you can see, I have the final amount. It's all masked and encrypted on the DB. To be able to view this, the administrator doesn't have permission. By default, I need to go to the setup, and I need to give the administrator permission. As you can see, I cannot set it because this is a standard profile. So for that, I can use a permission set. I now have this authorization. So if I go back to this record and then refresh, you can see that I will be able to view the field. Now, let's go to the sheet encryption. As you can see, the first step is to check the policy. You can see that I checked this checkbox, and I can click on "encrypt fields" to see the list of fields that I need to be encrypted. So you can see that I want the account name to be encrypted, the phone, let's say the website, and so on. And on this page, I have all of the standard fees that can be encrypted. So for each object, it has its own set of standard fields that can be encrypted. and I can choose from these fields.
I then need to go to key management. And as you can see, I have created a new key. I don't think I can create a new one because I need to wait 24 hours before I can destroy the old key. Now I only have one key, and as a best practice, I can export it. I can save it somewhere, because this will be used to encrypt my data. This is how to set up sheet encryption. It's much more advanced than the text-encrypted field. It can encrypt a large number of standard fields, and it can also encrypt custom fields. It can also encrypt files. Now, let's talk about the Apex crypto class. This is a class offered by Salesforce with Apex that provides methods for encrypting and decrypting information, creating hashes, creating message authentication codes, and creating signatures. These are some methods that are supported in the crypto class to generate an AES key. We can use the Generate AESkey method to encrypt information.
We can use both the encrypt and decrypt methods with managed IV methods to decrypt information. We can use both the decrypt and the decrypt with managed IV methods to create a hash. On Mac, we can generate message authentication codes by using the Generate Digest method. We can use the Generate Mac method, and finally, to create a signature, we can use the Sign method. Let's start with encryption and decryption. The following parameters are passed to the encrypt method: string algorithm, name, blob private key, blobinitialization vector, and blob keystext. On the other hand, the decrypt method takes the following parameters: a string algorithm name, a blob private key, a blob initialization vector, and a blob ciphertext.
This is an example, as you can see; on the first line, we have an IV by using the Blob to get its value, and then a string. On the second line, we have a Blob key, and we use this cryptoclass method for that; then, I have the data, which is also of type Blob, and I use the Blob that value of a string for that. And then to encrypt, I use the encrypt method of the cryptoclass, and then the return value would be a Blob. So I declare a blob with the name encrypted, and then I invoke the encrypt method of the cryptoclass. And, as we have mentioned, it takes these four parameters. The first one is the algorithm name; the second is the private key, which is this one. The third one is the IV, which is on the first line. And finally, we have the data, which is mainly that one. So all of these are blobs, but the first one is a string. This is the algorithm name. The decrypt method is used to decrypt this encrypted text. As you can see, it has the same parameters except for the last parameter, which is the ciphertext instead of the plaintext. So encrypted is the cypher text that is the result of the encrypt method. The plain text would then be decrypted. And then we are using decrypted text to make this blob into a string. And then we are comparing the initial plain text with this decrypted string.
On the other hand, if you choose to use the managed IV, we should use the managed IV encryption and decryption methods. In this case, there is no need to specify the IV as a parameter. The encrypt with managed IV method takes the following parameters: string, algorithm name, blob private key, blob clear text, and it returns a blob. There is no IV in the parameters. The Blob decrypt web-managed IV method takes the following parameters: string, algorithm name, blob private key, blobIV, and ciphertext, and it also returns a Blob. So this is also an example. It's the same example, but this time we're using encryption with managed IV and not passing any IV or parameters, and we're following the same steps as in the first example. Now let's talk about the hash digest. The generate digest method It computes a secure one-way hash digest based on the supplied input string and algorithm name.
Valid values for the algorithm name are MD 5, Shahone 5/6, and Shah five one two.This is an example. On the first line, we create a blob called target blob using the blob's value of a string, and then we create a hash. This hash is using the generated digest function, and we pass the algorithm and the target blob, which was done on the first line. And then we can use the string. We can create a string, and this string will convert this hash into a base 64 encoding, and then we can use system debug to list the hash. Next, we have the message authentication code or Mac. The Generate Mac computes a message authentication code, and it takes three parameters. The first one is the algorithm name, the second one is the blob input, and the third one is the blob private key.
The valid values for the algorithm name are hmacmdfive, HMAC sha one, HMAC sha two five six, and HMAC shah five one two. The return type is blob. This is an example. On the first line, we have a string called STR, and then the value is a random string. On the second line, we have another string called key with the value key. And then we have the Mac, which is of type Blob, and to get it we use the Generate Mac method, and then these are the parameters that we are passing. We want to use the HMAC-SHA 256 algorithm, and then we pass the blob of the STR, which is the first line, and then we pass the blob of the key. Finally, we have the sign method, which is used to compute a unique digital signature and which takes three parameters. The first one is the algorithm name, the second one is the blob input, and the third one is the blob private key.
The valid values for the algorithm name are RSA, sha1, sha2, five, six, and RSA. This is an example. As you can see, we have a string called "algorithm name" with the value "RSA." This is used to specify the algorithm name. Then we have an empty string called key and a blob called the private key. This one is used because the value of the third parameter's private key must be decoded using the encoding Utilbase 64 decoding method. And then we have a blob called input. This is mainly the input that we want to sign. And finally, we are using the sign method of the cryptoclass with the three parameters. The first one is the algorithm name, the second one is the input, and the third one is the private key. Let's head over to Salesforce to see Apex Cryptoclass in action.
Okay, so the first example that we will use is the encryption example with an IV. So I would copy and paste this code. As you can see on the first line, I am defining an IV, then a key, and then the data to be encrypted. And this is the key method that we want, which is the script for that encryption method. It takes four parameters. The first one is the algorithm. The second one is the key. The third one is the IV, and the fourth one is the data. And then we are decrypting this encrypted blob by using the decrypt command. After that, we are converting this to a string. So this is a blob. And to convert a blob to a string, we can use the two-string method, and decrypted is a blob. And finally, we are using an assertion to check if the decrypted string is indeed this one. We can also do this. I can also add an assistant debugger to check the value of this. Let's run this. And you can see that this is the value of the string. The second example is the hash example. So let's paste the example.
You can see on the top that I have a target blob, which is the string that we want to hash. And then I have the hash itself, which is the result of the Generate Digest method. So it takes two parameters. The first one is the algorithm, and the second one is the blob source. And then you can see that I am using this method to convert the blob to a string. And then I want to show you the hash. Let's run this. And as you can see, this is the hash. Now let's talk about the Mac. So, Control A, control V. As you can see, I'm using two strings on the top. And then I'm using the Generate Mac method, which takes the first parameter as the algorithm. And then I'm using the blob of the first line, which is the string, and then the blob of the second line, which is the key. Once I do that, I will do the same thing that I did in the hash, and then I will get the string of the resulting blob. Let's run this, and you can see this on the Mac. The final topic of this lecture is about named credentials, custom metadata, type, and custom settings.
All these three features can be used to store secrets like passwords. Instead of, let's say, including the secret and the code as plaintext, let's start with named credentials. A named credential specifies both the URL of a callout endpoint and its required authentication parameters in one definition. As an example, let's say that you are working on an integration and need to authenticate with the system for that. An account credential can be used to store both the URL of the system as well as the username and password that let you authenticate to the system without named credentials. And in order to set up an authenticated callout, the developer needs to perform these additional tasks: one, reference the URL as the call out endpoint; two, register the URL and the remote site settings; and three, add custom code to take care of any associated authentication tasks.
This is an example. Without using any name other than Credential, the code would look like this: As you can see, on the first line, we have the password set as plain text within the code, and then on the third line, we have the endpoint in plain text. Also, the drawback is that anyone who can view the source code can also view the embedded secrets. If a secret is updated, you will need to change all instances of it throughout the source code. So you have to go to each one of your classes that is using this and change it. And porting this secret between applications can create many other complications as well. On the other hand, using name credentials is a much better approach, as we don't enter anything in the code, but instead we enter the API information and a secure named credential. As you can see on the right side, we create a named credential and specify the endpoint URL and the password within it. And the equivalent code would look like this:
As you can see, we don't have any passwords in plaintext, and we don't have any endpoints, but we do have a reference to the name Credential. Now, some notes regarding name credentials: named credentials are designed to make life easy and secure for admins and developers in your.org by specifying the endpoint URL and credentials in a single place and not within the code. Named credentials are best suited for simple authentication schemes like username and password or OAuth 20. Users with the ModifyAll Data or author Apex permissions, on the other hand, can change or add callouts to the name Credential. These users can also access the data protected by the named credential, and they might also be able to extract the credentials themselves. So if you need to protect against these usecases, like if, let's say, you are an ISV building a package, then consider other options like managed protected custom settings or managed protected packages. Custom Metadata Types labelled "Credential" will have their own set of disadvantages.
As we said, the Salesforce platform has a number of features that can be used to store secrets. These include named credentials that we have seen in custom settings and custom metadata types. Now let's talk about custom settings. Custom settings can be used to store any data that can be used with an application. And custom settings can have different levels of visibility. Similar to custom settings, custom Metadata Type fields can be used for secret storage; set their visibility to protected and contain them within a managed package, and protected custom Metadata API fields are a great choice for storing API keys or other secret keys. This is the list of differences between custom settings and custom metadata types. As you can see, almost all of the time you have to use custom metadata types, but you can use custom settings if, let's say, you have the need to use currency as a field type.
And the second thing that you need to consider is that custom settings support something called hierarchy configuration, which is not available on custom metadata types. In regards to visibility settings, both custom settings and custom metadata types can be either public or protected, and they can be part of a managed package or not. This table summarises the visibility settings that should be configured on both custom settings and custom metadata types. As you can see, "local" means that the custom metadata type or the custom settings are part of the local.org. Managed means that it is part of a managed package.
So, in the case of setting the visibility to public and protected, but on the local, on local.org, you can see that the custom setting is available as if the visibility were public. So there is no protection in that case. So if we set "public" on any type, be it local or managed, this will lead to "public." If we set Protected on a local, custom metadata type, or custom setting, this will also lead to this configuration being public. The only way that we can protect a CustomMetadata Type or a custom setting is by setting them as protected and including them in a managed package. In this case, subscribing organisations cannot see the custom settings or custom metadata type as it does not display as part of the package itself. So if, let's say, I am an ISV, I have created a managed package that includes a protected Custom Metadata Type. This package will not include this custom metadata type.
I cannot see it in the package. This is the way that I can protect myself, and then I can add secrets and custom metadata types or custom settings. This is how to create protected custom settings and protected custom metadata types. As you can see, on the left side, we set the custom setting visibility to be protected, and on the right side, for the Custom Metadata Type, we picked the second option. So you can see that if I want to create a protected custom setting, I can choose the visibility to be protected. And if I want to create a custom metadata type, I need to select the second radio button, which will make this custom metadata type protected. For custom settings and because only setting definitions are included in the package, you need Apexor's API script to populate the secrets for you once the package is installed on the target or on subscribing.org. On the other hand, for a custom metadata type, the metadata itself is included in the package, and there is no need for any script to run to populate this data.
Now, let's go to Salesforce to show younamed credentials, custom settings, and custom metadata types. Let me start by introducing Credential. I need to specify the enabled and the URL, and then I can specify a certificate, and then I can specify the identity type. It can be per user or per name principal. And for each one, I can specify what type of authentication I am using. So it can be OAuth, it can be password authentication, and so on. And then I can specify the username and the password. So if I click on Save, this name "Credential" can now be used within my Apex code. And I don't need to enter this URL, this username, this password, or the code. Now let's create the custom system setting. As you can see, this is the place that I need to change to make this a protected custom setting.
But because I am not on developer.org, I cannot change that. Why? Because developer organisations are used to create packages for the app exchange, And if I'm not on dev.org, I cannot create appexchange packages, and I cannot change this to be protected. So let's add this one. Now I can add custom fields just like any other object. And then I click on Manage on the top, and then I can now add records. Now let's create a custom metadata type. As you can see, I cannot select these to make it a protected custom metadata type because I'm not on developer.org. So if I were on dev.org, I could set this to protected. Let's keep it like this. And then, just like with the custom settings, we can create a new field, and then we can create records. And then we can reference these records in our Apex class. And that's it for this lecture. In this lecture, we have talked about encryption, about cryptography, and about how to securely store URLs and secrets. Encryption can be achieved in two ways. The fundamental classic encryption method, which employs a specific encrypted text field, This type can be masked.
And the second way is the shield platform encryption, which is more advanced as it can encrypt a number of standard fields and custom fields and files. Of course, there are numerous ways to encrypt data within Salesforce using various apps from the app exchange. But these two ways are the native ones. The cryptoclass can be used for many things. Among these are the following: encrypt and decrypt data, produce hashed data and message authentication codes for Mac, and produce digital signatures. Finally, to store an endpoint URL and credentials in an efficient way, named credentials can be used. Custom settings and custom metadatatypes can also be used. And then they can be protected and hidden in a managed package. And that's it for this lecture. Thanks for watching.
12. 1.9- Validating the Sharing and Visibility
Now let's go to Salesforce, and let me show you how to configure and use logging as another user. Okay, so the first step is to check the login access policies. To accomplish this, we must visit this website, search for "login access policies," and then click on them. Now you can see that I can set this, enable it, or disable it. As you can see, it is enabled, so let me keep it like that. The session settings are the second thing we need to look at. In there, we have to check the force login, which is that one. So by default, I guess it is checked. What we need to do is uncheck it so that we don't need to relogin after a login as a user session. Now, how do I login as another user? Let's go to the users. And now we have a complete list of all users. Let's say that we need to log in as Sarah. What we can do is either click on the user and then click on the login button, or we can go back and just click on this link on the left of the user. Another way to find a user is to go to the users link and search by name at the top of the page going to record. r record. So please allow me to log in to this computer and open a session for Sarah. er Sarah.
Now that I am Sarah, as SI, I can hear what she has to say. Assume Sarah contacted me as the Salesforce administrator and stated that she is having difficulty accessing cases. This feature allows me to see which cases have access in some cases. If I logout, I will now be prompted to re-login because we disabled this setting. As you can see, Now I'll return to the user, and this is Thomas Logguser, a user. Another way to check the status of sharing invisibility is to look at the share tabobject. As previously demonstrated, share tables contain explicit and implicit share records as well as standard anobjects. Share tables can be delivered live or exported for use. To check the table, use a SOQL-friendly tool, such as the developer's workbench. This one also has some next-generation extensions.
A Shacan, on the other hand, can be exported to be used offline. Any tool that supports a "SocalResult"-style result, such as the data leven workbench, is suitable for this. The share tables, as previously stated, include each sharing entry for the question. In addition, a shared object supports t sharing, user-managed sharing, d sharing, and apex sharing. Sharing. It also includes sharing. Now,aring. To be more specific, the sharetable has columns, fields, and rows, all of which are fields, one of which is field ID, which is the share entity's ID. And then we have the end. In the case of a standard object, such as an account, this field would be "Account access level." This field specifies the level of access that the specified user or group has been granted. The values can be edited, read, or all at the same time. or all. And then we have the ID.
This field would be Account ID in the case of a standard object, such as an account. count ID This field contains the ID of the specific resource to share. Then we cause a row. cause which specific reason why the user or group is being accessed Finally, the group ID, also known as groupID, specifies the user ID for the group ID to which you have access. g access. For instance, we have a standard sharing table. This is the query table for the opportunity object, which is called opportunity share. Share. We are using Oppaccess levels, access levels, and OppID, unity ID. As you can see, On the other hand, this is an object in the verb objetable. This is the share table query for the invoicobject.m object.
As you can see, there is no way to access levels, invoicer Invoiclevels, or leveare, and there is no way to have voice IDs. However, we lack an access level because we lack an ID. Other than the share table When you click the Sharing button on a record, you can see a specific record sharing procedure. And the interface. Any user, including the only administrator, can use the sharing button on a specific record, and it is visible to all users who have access to the record. And the reason is access. The Sharing button appears only in the Classic Interface and not in the Lighting Interface. nterface. This is current as of the Srelease. Finally, the objects of the "Share Table" are the entries you made by clicking on the "Share" button, but they are only related to the record you are currently on. Now let's go to Salesforce to learn more about the Share tables and the Sharrows. Okay, I'm still logged in as an administrator and have arrived at the TUP page. I have the option of using Workbench or an extension.
So let's go extensions, extensions, and then to query, tick query, and I'll query there. is query. So this query is querying these or these fields from the Accouobject.e object. So if I do that, you can see all of the Accouobject's shareincords. The ID is visible. This is the sharing record. I have access to the SS level account. So what's the access? e access? Then there's the ID. count ID. As a result, this is primarily the record that was accessed. The cause of theft is accessing the record. We can use the workbench to view the objects in my query for the object list. So I can either say, "Let's say here, out here," and see if I can see all the fields, or I can query. my query. As can be seen, the list of all records is displayed. So,ecords. As you mentioned, the ID is the Share Recorlevel ID. What type of access? ID. ID count This is the account that was shared, the courseshare, the Share the Usern't the User All accessrecord group.
What is it? I can say that I am interested in the name. So, because this is going into the Account object, I can do it by user name and then by user name. Now I have more specific values, so you can see that. Now I know who or what group has access to the account. As you can see, I am the owner of Rocos. So. So owner. This is the person in charge of the share registry. So I have one entry table because I have an account. This also applies to all other rows with cause equal to owner implicit. is primarily accessible because this account has an implicit share and we also have team access, making this account primarily accessible due to team sharing. Sosharingso Jim is accessing the salesforce.com account. He is a member of the team account. Then there's territory. territory. We have added terrisharing for your convenience. As a result, we are sharing our accounts. Then there are these accounts, accounts, and the cause of causesharing. And this is essentially the usable. We can something.
Tables can be expanded. If we want to do that, we click on CSV, bulk CSV, and then we have this. run this. After we've done that, we'll be able to lower the table. So this is the ID. And this is the link to the downtable. Another option is to download or export the table using the data loader. a loader. As you can see, Iino the Elder is employing the use of a loader. Let's export menus; export is required. There is a need to "click on objects." Now thatjects. We can now object because we have it. This is the query. Of course, we can construct a query, or we can select all of the finishes, which will return all of the records. I cannot hem. ess them. So these are primarily the ones on our workbench. Return to the workbench and repeat the query, but this time for object. Let's call it the share. The double underscore between the name of the object shared distinguishes custom shares from standard shares. So I can select them all without counting, and then query. So this is exactly the same as here. But, as you can see, I have level 1 access (leave) and I have a parent ID of an account (access). count ID and access level Let's now go to the interface and show you the button.
So I'll go back to the classic "face," and now let's go to the "count" tab and click "account." As you can see, I now have access to the button. If I do that, you'll notice that this is a subset of those who are accountable. However, these three records must be taken into consideration. We can now use "accessibility" to see if access to a field is restricted and level to check access to fields in records. It is limited at the user profile or LDAP group level. Setup, configuration, and permissions are required to use this feature. There are two ways to access this feature: The first method is to go to the object, select it from a standing relationship field, and then click on it in a field. After we click on the field, we click on the "Click on Accessibility" button, and then we check the checkbox. As you can see, we have the select at the top, and then we have the profiles and files and the access level for each. It is worth noting that objects with multiple Recordtypes will show the accessibility of each Record type. ord type.
Hover over the link for more information. The field accessibility can also be accessed by going to Setup Security, Field Accessibility, and then selecting the object in question. Field accessibility can now be verified by record type, cord field, or field. To change the access level, go to the configuration page, and then use the field level security layout to control access. Let's go to SalesShow now and look at the Field Accessibility Action. As you can see, I'm the administrator, so please allow me to proceed to an object. So, let's keep track of the objects we own and the relationships we have with them. Choose any, then click on "Click on Accessibility." sibi again, You must now sefield. the field once more. So make the accessibility field visible in employees' profiles. Then we go over everything from accessibility to specifics. To change weclick, to click, let us say I need to change the Employees field access for, let's say, the standard user profile.
I click on this, and then I can change it on this page. You can see that the accessibility setting on the profile level for this profile is set to visible, and you can also check the different page layouts if they exist. If I do this and save, now any user that belongs to the standard user profile will not see the Employees field. because I removed this access. I can keep it, but I can remove it from the page layout. So in this case, I can go to the page layout section and then remove it from there. The other way is through the setup menu, where you go to View Field Accessibility. As you can see, I can start with the object. So let's go back to the Account object, and there you can see that now I have two options. I can start by the field or by the profile. So if I click on "field," I'll get the same view as we did on the object. So if I go to, let's say, the employees field, you can see that this is exactly the same view that we saw once we were on the account. Now, if I go back and select the second option, the starting point will be the profile.
And there on this profile, I can see the list of fields, and then I can go to, say, the employees field, change this, and click on this to make it unvisible on this profile. And that's it for this lecture. In this lecture, we talked about several ways to validate the sharing and visibility configurations. We started by logging in as another user, which is a good way to see what another user can access from his or her user interface. It is used to help troubleshoot user issues and check record access. Another way to check record access is through the share tables. We can display these tables using Socallor and export them using many different tools, like the data loader or workbench. Share tables contain all explicit and implicit share entries for standard or custom objects. The sharing button can display the shared entries of the specific record that we are on. These entries are part of the object share table. To check field accessibility and see whether access to a field is restricted and at what level it is, we can use two methods. The first one is through the object manager, and the second one is through the setup menu. And finally, as usual, thanks for watching.
13. 1.10- Sharing and Securing Files
This is Section One on Declarative Sharing, and this lecture is about sharing and securing files. The topics of this lecture are Salesforce files, filesHome, sharing files without a link and with a link to content libraries who can see my files, file encryption with Shield encryption, and File Connect in Salesforce. Working with Files entails adding any of the files listed below to chatter feeds to collaborate with coworkers, as well as directly adding files to records such as accounts, cases, opportunities, and so on to keep information where you need it. This is simply opening a record and then going to the files-related list and adding a file. posting files to a private or public chat group. Adding files to Files Home and adding files to private or public content libraries All file types are supported. This is something like PowerPoint, an ExcelPDF doc, images, and videos. But note that you can upload and download audio and video files, but you cannot pass or preview them.
As you work with files in Salesforce, keep these limits in mind. The limit of each file size is 2 GB when uploaded via the web interface and 100 MB when uploaded from a mobile device. The maximum number of versions per file is 2048. And note that the files and photos that your users upload are counted towards your organization's file storage allowance. This includes files uploaded on the Files tab. Now let's go to Salesforce, and let's see the different ways to add files to Salesforce. So I'm now logged in as the administrator. Let's listen to any record. Let's choose any opportunity. And as you can see, this is an opportunity record.
On the right side, you can see that I can add a file to this opportunity record by clicking on Upload Files. Now I can choose any file from my hard drive. Let's choose this file. This is a way to add files to records. Another way is through the chatter feed of this record. I can go to the Chatter tab, and then I can add a file to this post. Another way is through the chatter groups. For that, we have to go to groups. And then let's say that we have this Western Face Team group. You can see that I can add posts, and then I can add files to these posts. Okay, I can also go to the Files home. We will see that in detail. And then I can add any file to the home. So my home is the main repository of my files.
As a user, I can add any file to the home. So let's say that I want to add this file. I can do that. I can also add a file to the content libraries. So I need to click on the library link so I can create a new library. And then I can add files to the slabberry. Files Home is the central location for your files in Salesforce. Files Home allows you to see files that you have access to. See files that you have stored privately. See files that are shared with you, share files with other users, and create, access, and share content libraries. The home of the N file, and when you click on a file, you can do the following: see the sample Download the file, share the file, view file details, upload a new version of this file, edit file details, and delete files.
When you click on View file details, you can preview the file in the Preview tab. See file details like the title and description. See Views, downloads, and checking the sharing, version, and followers are all examples of file engagement. Now let's talk about how to share a file without using a link. Files can be shared with users or groups. You should specify the access level, which can be viewer or collaborator. To share files without choosing links, click on a file, click on "Share" from the drop-down menu, or after clicking on the file from the menu at the top, specify the user or groups to share with and also specify the access level. The summary of who can access this file can be viewed in the Who Can Access section.
Now let's talk about how to share a file using a link. You can share a file with anyone by creating a file link and sending it through email. Creating a link generates an encrypted URL that you can send to any recipient, such as leads, customers, partners, coworkers, and so on. Recipients can be inside or outside of your company. It is not required that they be included in the company file link. Recipients can only view and download files. They cannot be collaborators. So in other words, when you create a public link to a file, anyone who has the link can view and download the file. But if you think that the link should be deleted, you can indeed delete the link at any time. And anyone with the link can no longer access the file. And of course, they can no longer download the file. To enable link sharing, go to Setup and search for content deliveries and public links, then check the required checkboxes.
To be able to create public links, create a permission set that contains the Create public links permission or add this permission to an existing profile. And note that files within a library cannot be shared via a link. We will see the Content Library in detail later in this lecture. Now, to share files via links Click on a file, click on "public link," click "create link," and copy and share the link. You can also create a public link for a file from the Share page; click on a file, then click on Share and Expand. Who has access to Click on "Create Link" and copy and share the link. Now let's talk about content libraries. Content libraries are like folders that contain files, and they can be created from within the file system. To do so, in files/home go to Libraries, click on New Library, and specify the name, description, and library image. Once a content library is created, it can be private, which is the default, or shared. To share a library, click on Manage Members, Add Members. These can be groups, users, or contacts, and they specify the access level.
This can be a viewer, author, or library administrator. Now, when it comes to who can see my files, there are three main settings to consider. The first setting to consider is the private setting. This means that only the owner can access the file, and any user with the Modify All data permission can also access this file. If this file is in a private library, then it's only accessible to the owner and not even users with the Modify All Data permission. This applies in these scenarios when the file is uploaded in your file's home, published to your private library, stopped being shared with everyone, which will make this file private, or when you delete a post that includes the file and the file is not shared anywhere else. The second setting to consider is the privately shared setting. This means that a file has been shared only with specific people, groups, or via a link. In this case, only the file owner and the viewers with whom the file was shared have access to it.
This applies in these scenarios when the file is shared only with specific people or a private group, posted to a private group, shared via link, posted to a feed on a record, and published to a shared library. And finally, the third setting to consider is the company setting. This means that all users and the company can find and view this file. This applies in these scenarios when the file is posted to a feed that all users can see, whether to a profile, a record, or a public group. Now, let's talk about file encryption. As we have seen before, Shield Encryption is used to encrypt files and attachments. When you enable Shield platform encryption for files and attachments, all files and attachments that can be encrypted will be encrypted. The body of each file or attachment is encrypted when it is uploaded. These are the files that are encrypted when you enable Shield platform encryption.
Files attached to emails, feeds, records, and images included in rich text area fields are listed on the Content, Libraries, and Files tab. This includes Salesforce files, including file previews and saved CRM content files managed with Salesforce file sync and stored in Salesforce. Files attached to the Chatter post, Comments, and the Sidebar Notes body text can be added to Knowledge articles and code PDFs using the New Notes tool files. On the other hand, these file types and attachments are not encrypted. Chatter Group Photos Chatter Profile Photos Documents, Notes, Previews, and the New Notes tool add notes, add notes, previews, and the old Notes tool to encrypt files using the shield platform encryption, go to Setup, search for encryption policy, and then click on encrypt files and attachments.
Finally, there is a feature that can be used to access files hosted on external cloud tools. Files Connect lets you connect to external file systems like Google Docs, Microsoft SharePoint, Box, and so on. Files from external repositories are available. Only Salesforce File Connect is configured in your organisation and enabled for you. Files are hosted on external filesystems but are available in Salesforce. So to access these files, you have to just click on the files, and then you have to go down underneath the external sources where you can click on the external file system. Now let's go to Salesforce to see the Files home file. sharing content libraries and sheets Platform Encryption Okay, so I will open the same page that I was on. Let me click on the Files tab. This will open the files at home. This is the central location of your files in Salesforce.
There I can see all of my recent files that have been shared with me. If I click on Files, I can see the ones there that I am following. So let's say I'm following a chatter post. The files will be there, and then I can access my libraries. Let's go to the files I by me.I can simply click on "Upload Files" and let's add a file. So now I can access this file. Now, how can I share a file? There are two ways that I can do so. The first way is to share it with users without a link. So in this case, I can either click on the file and then click on "Share" at the top, or I can click on this menu and then click on "Share." Now I can share this file with, say, users, and I can specify the access level. Click on "Share." Now if I click on this file again and go to the Share link, I can see that this file has been shared with Sarah.
Now if I log in using Sarah's username and password, "hello," you can see that if I click on "Share with me," I will be able to see this file. The other way to share files is through a link. For that, I can use this public link-sharing section. I can create a link, and as you can see, anyone with this link can view and download this file. I can copy the link now that I have it. Let's open a new browser and just paste this link. Let me refresh. Okay, so as you can see, I have access to the file even though I am not even logged in to SalesForce. So if I have this link, I can read and download this file. Okay, I can delete this link at any time. So if I do that and then go back to this browser and click on Refresh, you can see that this file does not exist anymore. So these are the two ways to share files, and as you can see, I need to specify the ex level. It can be a viewer or a collaborator.
Now let's go to the contact libraries. In this case, I need to click on the libraries link, and as you can see, I can now create libraries. So let's create one that is a private library, and then I will do the same. But this time it will be in a public library. If I add files to this library, no one can see these files, not even the admin. Now if I go again and add files to the public one, I need to share this library. To do so, I need to click on "manage members," and then I can add members.
I can add either public groups or people, and then I can specify the access level (viewer, author, or admin). Now if I go back to Sarah, you can see that she has access to the library, and then she is the administrator. She can manage members. Now we'll talk about Shield encryption. So if I click on "Encryption Policy," you can see that I now have the option to encrypt records and files, and as you can see, encrypt files when they are uploaded to Salesforce files or attached to records. And that's it for this lecture. In this lecture, we have talked about Salesforce files and the many ways to add files to Salesforce. Files can be added to records.
They can be added using chatter, using the Files app, and many other ways. Files Home is the central location for your files in Salesforce. It allows you to see all files that you have stored privately, view files that are shared with you, and share files with others. Files in Salesforce can be shared without a link or using a link. When using a link, this means that anyone with access to the link can read or download the file's content. Libraries are a way to group an array of files into a single container.
They can be private or shared with specific users or groups, and when shared, the access level can be viewer, author, or library administrator. We also talked about the three settings to consider when it comes to who can make files private, privately shared, or company-only. To encrypt Salesforce files, shieldplatform encryption can be used. And finally, File Connect is a way for Salesforce users to access, share, and search external data from external file systems like Google Drive, SharePoint, or Box. And finally, as usual, thanks for watching.
Salesforce Certified Sharing and Visibility Designer practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass Certified Sharing and Visibility Designer Certified Sharing and Visibility Designer certification exam dumps & practice test questions and answers are to help students.