Salesforce ADM-201 Exam Dumps & Practice Test Questions
Question No 1:
In Salesforce, the private sharing model restricts record access to users, and while the Role Hierarchy provides access based on users’ roles, there are situations where additional access control methods are necessary.
Which of the following can be used to supplement Role Hierarchy when it does not grant sufficient access? (Select all that apply.)
A. Forecasting
B. Sharing Rules
C. Manual Sharing
D. Teams (Account, Sales, and Case)
E. Apex Triggers
Correct Answer:
B. Sharing Rules
C. Manual Sharing
D. Teams (Account, Sales, and Case)
E. Apex Triggers
Explanation:
Salesforce's private sharing model is designed to ensure that records are only accessible to the appropriate users, but there are instances when Role Hierarchy alone doesn't meet all the access needs. In such cases, various additional tools can be implemented to further control record visibility and access.
Sharing Rules (B):
Sharing Rules are used to automatically extend record access based on criteria such as record ownership or field values. They allow administrators to grant additional access to users in specific roles or groups without changing the role hierarchy. This is useful when record access needs to be granted based on business logic rather than the hierarchy alone.
Manual Sharing (C):
Manual Sharing gives record owners the power to share individual records with specific users. This feature is ideal for cases where only a few records need to be shared, and the existing sharing model doesn’t provide adequate access. Owners can grant access without modifying global settings, making this a flexible solution for one-off sharing needs.
Teams (D):
Salesforce allows the use of teams, such as Account Teams or Case Teams, to grant access to records based on collaborative needs. By grouping users into teams, organizations can ensure that multiple users can access the same records without needing to alter their role in the hierarchy. This collaborative approach is particularly beneficial in sales and customer service contexts.
Apex Triggers (E):
Apex Triggers can be utilized to automate complex record-sharing processes. These custom scripts allow administrators to define rules for sharing records based on specific conditions or events. They offer a high degree of flexibility, enabling tailored access control logic that may not be achievable using standard configuration options.
Forecasting (A):
Forecasting is a tool in Salesforce that helps predict sales performance and does not relate to record access management. Therefore, it is not relevant for managing record access in the private sharing model.
In conclusion, when Role Hierarchy alone is insufficient, Salesforce offers various mechanisms, including Sharing Rules, Manual Sharing, Teams, and Apex Triggers, to ensure that users can access the records they need while maintaining strict control over data visibility.
Question No 2:
Which statement correctly explains the purpose of criteria-based sharing rules in Salesforce?
A. Criteria-based sharing rules allow administrators to share records based on field values rather than record ownership.
B. Criteria-based sharing rules allow administrators to share records solely based on record ownership, not field values.
Correct Answer:
A. Criteria-based sharing rules allow administrators to share records based on field values rather than record ownership.
Explanation:
In Salesforce, criteria-based sharing rules enable administrators to share records based on specific field values rather than simply record ownership. This feature provides greater flexibility in sharing records, allowing for access to be granted based on business-relevant criteria rather than solely on who owns a record.
Unlike owner-based sharing rules, which share records with users based on the owner of the record, criteria-based sharing rules look at values in the fields of the record. For example, an administrator can set up a rule to share all opportunities where the "Amount" field exceeds $500,000, or to share records based on a particular status or type in a custom field.
This ability to use field values for sharing makes it easier for administrators to implement sharing rules that align with business needs, such as providing access to records related to high-priority customers or opportunities. These rules allow for more nuanced and tailored sharing strategies.
Criteria-based sharing rules can be set up through the Salesforce user interface, where administrators can specify the criteria (such as a specific field or its value) and define which users, roles, or groups should be granted access to those records. This approach enables administrators to ensure that the right people have access to the right records, based on specific data attributes rather than simply ownership.
In conclusion, criteria-based sharing rules allow for more precise control over who can see what records, enabling Salesforce administrators to implement sharing strategies that match their organization's needs based on dynamic data attributes, not just ownership.
Question No 3:
Do public groups simplify the process of creating sharing rules for administrators in Salesforce?
A. True
B. False
Correct Answer: A. True
Explanation:
In Salesforce, public groups provide an efficient way for administrators to streamline the process of setting up sharing rules. Sharing rules in Salesforce allow access to records for users who otherwise wouldn't have permission. Instead of manually assigning permissions to individual users, administrators can group users together in public groups, making it easier to apply access rights across many users at once.
By organizing users into public groups, administrators can then apply sharing rules to the group as a whole. This reduces the complexity of sharing records, especially in large organizations with many users. Public groups can contain users, roles, and other groups, which enables administrators to create broader sharing rules without needing to manage each individual user’s permissions.
For instance, an administrator might create a public group for all sales team members, and then configure a sharing rule to grant access to specific records, such as opportunities or accounts, for the members of that public group. This approach eliminates the need to update permissions for each individual user, simplifying the administrative workload.
Public groups are particularly helpful when user roles or teams are dynamic, such as in large or rapidly changing organizations. By using public groups, administrators can more easily manage record access as teams evolve or new users are added.
In summary, public groups simplify the process of creating sharing rules by grouping users into manageable collections. This makes the administrative task of applying sharing rules more efficient, flexible, and scalable, ensuring that users have the right access to records while maintaining a streamlined sharing process.
Question No 4:
In a role-based access control (RBAC) system, public groups are utilized to manage access and permissions efficiently. These groups can combine users, roles, and other public groups. Besides these components,
Which additional element can be incorporated into a public group to improve the flexibility of managing access control?
A. Profile
B. Roles & Subordinates
C. Managers
D. None of the above
Correct Answer: B. Roles & Subordinates
Explanation:
Public groups in an RBAC system are essential for managing permissions and simplifying access control. These groups can consist of users, roles, and even other public groups. However, the flexibility of these groups is extended by including not just roles but also subordinates. When roles include subordinates, those under a specific role can automatically inherit permissions based on their position within the organization’s hierarchy.
For example, in an organization with a manager-subordinate structure, assigning access permissions to the manager's role ensures that all subordinates automatically inherit those permissions. This allows the system to scale effectively and enables efficient access management without needing to assign permissions individually to each user. This hierarchical approach is a significant advantage in larger organizations where roles and responsibilities follow a clear chain of command.
The inclusion of subordinates under a manager’s role offers more granular control, allowing permissions to cascade down the hierarchy. Thus, roles and subordinates offer great flexibility and ensure that users at lower levels of an organization can automatically benefit from the permissions granted to higher-level roles.
In contrast, Profiles (Option A) are typically used to define user settings but do not serve as a means for grouping or organizing access control. Managers (Option C) can be a role but are not specifically an additional component for public groups, unlike roles and subordinates, which directly impact access control. Finally, None of the above (Option D) is incorrect because the inclusion of roles and subordinates is an established configuration in RBAC systems for public groups.
Question No 5:
At AW Computing, product managers need to collaborate with sales representatives on specific opportunities, but they don't have direct access to these opportunities.
How can the system administrator enable product managers to view and contribute to these opportunities when necessary?
A. Notify the product manager using opportunity update reminders
B. Use similar opportunities to show opportunities related to the product manager
C. Enable account teams and allow users to add the product manager
D. Enable sales teams and allow users to add the product manager
Correct Answer: D. Enable sales teams and allow users to add the product manager
Explanation:
At AW Computing, sales representatives often require assistance from product managers to close certain deals, but product managers don’t automatically have access to opportunity records. To solve this issue, the system administrator can enable the Sales Teams feature within Salesforce. Sales teams allow sales representatives to add individuals—such as product managers—to specific opportunities, granting them visibility and the ability to collaborate on the sales process.
By enabling sales teams, product managers can be directly involved with individual sales opportunities. The sales representatives can add the product manager to the opportunity record, allowing the product manager to view relevant details and provide support. This solution ensures that product managers have the necessary information to contribute effectively without needing full access to all opportunities.
Other options are less effective. Opportunity update reminders (Option A) can notify the product manager of changes but do not provide the necessary access to the opportunity records themselves. Using similar opportunities (Option B) may give the product manager context but doesn’t solve the access issue. Account teams (Option C) are more suited for managing relationships at the account level and do not address the need for access to specific opportunity records. Therefore, enabling sales teams and allowing the addition of product managers is the most suitable solution for this scenario.
Question No 6:
In systems that allow manual sharing, administrators are the only ones with the ability to grant one-time access to individual records. Is it true or false that users cannot manually share records they own?
A. True
B. False
Correct Answer: A. True
Explanation:
Manual sharing is a feature in many systems, including Salesforce, that allows administrators to grant access to individual records, typically on a case-by-case basis. This is a valuable tool when certain records need to be shared with users who would not otherwise have access to them based on the standard sharing rules.
However, in most systems that implement manual sharing, the ability to grant access is reserved for administrators. Even if a user owns a particular record, they cannot manually share that record unless they have been explicitly granted administrative privileges. This ensures that access to sensitive information is tightly controlled and prevents unauthorized sharing.
For example, in Salesforce, record owners can edit and update their records but cannot share them with other users without administrative intervention. This limitation helps ensure that access to sensitive data is carefully monitored and is only granted when necessary. Administrators have the ability to override the default sharing settings and grant specific access to individual records as needed.
This policy of limiting manual sharing to administrators plays an important role in maintaining security and ensuring that sensitive information is shared appropriately. By controlling who can share records, organizations can protect their data from unauthorized exposure and maintain better oversight of access permissions.
In summary, manual sharing is an administrative function that allows for selective access to records, and regular users, regardless of ownership, cannot share their records manually without the intervention of an administrator. This practice is designed to improve data security and ensure that access is granted only when necessary.
Question No 7:
Who is permitted to manually share records in Salesforce?
A. The record owner
B. The record owner’s manager
C. The record owner’s manager’s manager
D. The system administrator
E. All of the above
F. None of the above
Correct Answer: E. All of the above
Explanation:
In Salesforce, record sharing is a crucial aspect of maintaining both security and accessibility for users. The ability to manually share records enables authorized users to grant access to other users in accordance with the organization’s needs. Here’s an overview of who can manually share records in Salesforce:
The Record Owner (Option A): The owner of a record has full control over it. As a result, they can manually share their records with other users or groups who might not have access to the record according to the organization’s default sharing settings or rules. This is important because the owner is responsible for the record and has the authority to allow or restrict access to it.
The Record Owner’s Manager (Option B): A manager has access to the records owned by their direct reports. They can manually share these records, enabling them to manage visibility for their team members or other users who require access. Managers are often authorized to share records to ensure the right individuals have access to necessary data.
The Record Owner’s Manager’s Manager (Option C): A higher-level manager (the record owner’s manager’s manager) also has the ability to share records owned by their subordinates. This hierarchical access ensures that upper-level management can facilitate data sharing for broader organizational needs.
The System Administrator (Option D): A system administrator has full access to all records in Salesforce. They can share any record, regardless of ownership or security settings, as part of their role in managing the system. Administrators ensure that users have the appropriate access to records for system functionality and security compliance.
Thus, the correct answer is E. All of the above because each of these roles has the ability to manually share records in Salesforce based on their permissions and responsibilities within the organization.
Question No 8:
If Field Level Security (FLS) restricts a user from viewing the Credit Card field on an Opportunity record, which of the following situations will also prevent the user from seeing this field?
A. In a related list
B. In search results
C. In reports
D. In list views
E. All of the above
F. None of the above
Correct Answer: E. All of the above
Explanation:
Field Level Security (FLS) in Salesforce allows administrators to control user access to specific fields on records. When FLS is applied to a field, such as the Credit Card field on the Opportunity record, it ensures that the field is restricted from view and edit access for users who are not authorized. This helps protect sensitive data and ensures compliance with data privacy regulations. Here’s how FLS impacts various interfaces within Salesforce:
In a Related List (Option A): Related lists display related records from parent-child relationships. If a field like the Credit Card field is restricted via FLS, users will not see this field in any related lists that reference the Opportunity record. This ensures that sensitive data is not exposed through related record views.
In Search Results (Option B): When a user performs a search in Salesforce, the search results are filtered to reflect the user’s permissions, including FLS settings. If the Credit Card field is hidden due to FLS restrictions, it will not appear in search results, even if the record itself is returned in the search.
In Reports (Option C): Salesforce reports honor FLS settings. If a user does not have permission to view the Credit Card field, it will be hidden from all reports that the user has access to, preventing the exposure of sensitive information even in analytical outputs.
In List Views (Option D): List views provide a tabular view of records. FLS is applied to fields shown in list views, so if the user is restricted from viewing the Credit Card field, it will not be visible in the list view, even if the user has access to the Opportunity record.
In summary, Field Level Security ensures that restricted fields are hidden not only on the record itself but also across all places where records are referenced, including related lists, search results, reports, and list views. By doing so, it enforces consistent data privacy and security throughout the Salesforce platform. Therefore, the correct answer is E. All of the above.
Question No 9:
Which of the following actions would you take to ensure that a user can view records of all opportunities in a company-wide Salesforce instance, regardless of ownership, and with specific visibility restrictions on other objects, without giving them full administrative access?
A. Assign the user a profile with full read access to the Opportunities object.
B. Set the Opportunity object’s Organization-Wide Default (OWD) to Public Read/Write and use sharing rules to restrict visibility on other objects.
C. Set the Opportunity object’s Organization-Wide Default (OWD) to Private and create a Sharing Rule to provide access to users with specific criteria.
D. Assign the user to a Public Group and then apply Role Hierarchy settings to restrict access to other objects.
Correct Answer: C
Explanation:
In Salesforce, security and visibility settings are managed at multiple levels: Profiles, Permission Sets, Organization-Wide Defaults (OWD), Sharing Rules, and Role Hierarchies. To ensure the user can view all opportunities but still maintain visibility restrictions on other objects, the best approach is to adjust the Organization-Wide Default (OWD) settings and use Sharing Rules.
Option C: Set the Opportunity object’s Organization-Wide Default (OWD) to Private and create a Sharing Rule to provide access to users with specific criteria – This option is the correct choice. When the Opportunity OWD is set to Private, only the record owner and users above the owner in the Role Hierarchy can view opportunities by default. However, to allow the user to view all opportunities in the organization, you can create a Sharing Rule to explicitly grant visibility to specific users or groups, based on certain criteria such as role, record type, or public group. This approach maintains the principle of least privilege by ensuring that access is given only to those users who need it and does not expose other data that is not relevant to the user.
Option A: Assign the user a profile with full read access to the Opportunities object – While this grants the user read access to opportunities, it does not allow you to apply specific visibility restrictions on other objects. Also, assigning full access to the opportunities object without setting the correct OWD settings could lead to unintended exposure of sensitive data.
Option B: Set the Opportunity object’s Organization-Wide Default (OWD) to Public Read/Write and use sharing rules to restrict visibility on other objects – Setting the Opportunity OWD to Public Read/Write grants all users full access to opportunities, which does not meet the requirements of restricting access to opportunities based on ownership. Additionally, the visibility restrictions would need to be set using other objects' OWD settings, which doesn't align with the need to limit access to opportunities specifically.
Option D: Assign the user to a Public Group and then apply Role Hierarchy settings to restrict access to other objects – While Role Hierarchy allows users in higher roles to access records owned by users in lower roles, it does not directly address the visibility of all opportunities, especially if the goal is to allow access to all opportunities and restrict other object access.
In conclusion, Option C is the most appropriate because it correctly utilizes Private OWD settings for opportunities, combined with Sharing Rules, to grant the necessary access to view opportunities while maintaining restrictions on other objects.
Question No 10:
You are tasked with configuring a Salesforce environment where users need to be able to update and delete records for a custom object, but only if the records are owned by them. The users should not be able to edit or delete records owned by other users.
What Salesforce feature would you configure to meet this requirement?
A. Configure Profiles with full Create, Read, Update, Delete (CRUD) permissions on the custom object and use Field-Level Security to restrict certain fields.
B. Set the Organization-Wide Default (OWD) for the custom object to Private, and use Sharing Rules to give access to specific records.
C. Set the Organization-Wide Default (OWD) for the custom object to Public Read/Write and use Record Types to control which records users can update or delete.
D. Set the Organization-Wide Default (OWD) for the custom object to Private, and use Profiles to restrict users from editing records owned by others.
Correct Answer: D
Explanation:
To ensure that users can update or delete only the records they own, while restricting access to records owned by others, you would need to configure the Organization-Wide Default (OWD) and Profiles appropriately. This would ensure proper access control based on record ownership.
Option D: Set the Organization-Wide Default (OWD) for the custom object to Private, and use Profiles to restrict users from editing records owned by others – This is the correct approach. When the OWD for the custom object is set to Private, only the record owner and users above them in the Role Hierarchy can view and edit the record by default. This ensures that users can only interact with records they own, and their access is not granted to records owned by others. You can further refine this access through Profiles to allow the users to update and delete only their records while preventing them from doing so for records they do not own.
Option A: Configure Profiles with full Create, Read, Update, Delete (CRUD) permissions on the custom object and use Field-Level Security to restrict certain fields – This option would allow the user to have full CRUD access on the object, but it does not address the requirement to restrict record access based on ownership. Users would be able to edit or delete any record of the custom object, which does not meet the requirement of limiting access to records owned by them.
Option B: Set the Organization-Wide Default (OWD) for the custom object to Private, and use Sharing Rules to give access to specific records – This is a partial solution. While setting the OWD to Private ensures that users only have access to their own records, Sharing Rules are typically used to grant access to other records based on criteria, which is not aligned with the requirement of restricting access to only records owned by the user. This would give users access to additional records beyond their ownership.
Option C: Set the Organization-Wide Default (OWD) for the custom object to Public Read/Write and use Record Types to control which records users can update or delete – Setting the OWD to Public Read/Write would expose all records to all users, which is contrary to the requirement of restricting access based on ownership. Additionally, Record Types control record categorization, not user access at a granular level, so this would not meet the requirement of restricting actions on non-owned records.
In conclusion, Option D is the best choice because it combines the Private OWD setting with appropriate Profile configurations, ensuring that users can only update and delete records they own while preventing unauthorized access to records owned by others.
