What checks are done when users try to access a Salesforce organization?
Profile Level Login Hours, Profile Level IP Ranges, Company Level Trusted IP Ranges, Activation Code Validation
How does the Security Health Check work?
Security Health Check measures setting values in Password Policies, Network Access Config and Session Settings against baseline values and calculates a percentage score to indicate risk. 100% means all settings meet or exceed the standard.
When is identity verification invoked?
When a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range
What can be enabled that helps the administrator spot suspicious login activity?
Login Forensics
What are the different risk categories associated with a Security Health Check in Salesforce?
High, Medium, Low, and Informational
What password requirements can an administrator set?
Minimum password length, complexity, password history enforcement, expiration period, minimum password lifetime
Where can session security settings be configured at the organization level and the profile level in an org?
On the ‘Session Settings’ page at the organization level and in a user profile at the profile level
Which session setting can be configured to log out inactive users in an org?
Session Timeout
How is the role hierarchy related to record access?
Users will have access to other users' records if they have a role above the record owner in the role hierarchy and grant access through hierarchies is enabled.
What do organization-wide default settings do?
Determine access to records the user does not own and sets base record access for the org.
How do Sharing Rules work?
Rules can be created to grant access to groups of users for certain records based on record owner or criteria.
What does field-level security control?
Controls if a field is visible or read-only at the profile level
What should be considered when changing OWD settings?
If increasing default access, changes will take effect immediately. If decreasing, changes may take significant time depending on data volumes.
What is Manual Sharing?
Manual sharing allows a user to use the ‘Sharing’ button to grant access to a specific record to other users, roles, roles and subordinates, territories, territories and subordinates, and public groups.
What is the purpose of a public group?
It’s a way of grouping users, roles, and territories so that sharing settings and permissions can be granted efficiently.
Which sharing setting allows a user to manually share their own user record with other users of an organization?
'Manual User Record Sharing' checkbox on the 'Sharing Settings' page in Setup
Which organization-wide default sharing setting can be used for the Campaign Member object to allow all users to see only the campaign members associated with the campaigns they have access to?
Controlled by Campaign
Which access level for a report folder would allow a user to change the folder’s sharing setting?
‘Manage’
Which folder access levels allow saving, deleting, and renaming reports or dashboards?
‘Edit’ and ‘Manage’
Which options are available for selecting the users while defining the access level for a report or dashboard folder?
The access level for a report or dashboard folder can be defined for a particular user, group, territory, or role.
Why would a user be freezed?
To prevent the user from logging in without deactivating them, allowing for changes to any customization where the user has been used (e.g. workflow email alerts)
What are some common user access issues?
– Wrong Username – Entering password in wrong case – Entering password in wrong case – User is locked – Trying to login to a sandbox with the wrong URL
What can be done to immediately prevent a user that left the company from having any access to Salesforce?
Freeze the user record, then make the adjustments needed to deactivate.
What should be done when a user no longer needs to use Salesforce?
Deactivate the user record; users cannot be deleted.
What administration tasks can an administrator delegate?
Create and assign users in certain roles and profiles, assign permissions sets, public groups, reset passwords, manage specific custom objects
What field must be marked on the user record for users to be able to log in?
The “Active” checkbox
What is the minimum information required to setup a user?
Username, Last Name, Email, Profile, Alias, Nickname and License
What localization settings apply to a user?
Locale, Language, Time Zone, and Personal Currency
How would it be possible to check why a user is not able to login?
Login history on user record, or Login History for all users will give information regarding a login attempt.