sharing designer guidesharing and visibility designer – study guide tahsin zulkarnine 1 sharing...

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 1

SharingandVisibilityDesignerStudyGuide

Force.comSecurity..................................................................................................................................................................................6Usersandsecurity...............................................................................................................................................................................6UserPassword.................................................................................................................................................................................6UserAuthentication........................................................................................................................................................................6Network-basedSecurity..................................................................................................................................................................6SessionSecurity...............................................................................................................................................................................6Auditing............................................................................................................................................................................................6DataAuditing...................................................................................................................................................................................6

Programmaticsecurity........................................................................................................................................................................7SecurityTokens................................................................................................................................................................................7OAuth...............................................................................................................................................................................................7

Platformsecurityframework..............................................................................................................................................................7SystemPermissions.........................................................................................................................................................................7

AdministrativePermissions.................................................................................................................................................................................7Reports.................................................................................................................................................................................................................7Data......................................................................................................................................................................................................................7

ComponentPermissions.................................................................................................................................................................8Record-basedSharing......................................................................................................................................................................8

Organization-wideDefaults.................................................................................................................................................................................8Sharing.................................................................................................................................................................................................................8

SharingArchitecture................................................................................................................................................................................9Licenses................................................................................................................................................................................................9FullSharingModelUsageUsers/Licenses.......................................................................................................................................9HighVolumeCustomerPortalLicense............................................................................................................................................9ChatterFreeLicense........................................................................................................................................................................9CommunityLicense.........................................................................................................................................................................9

CommunityLicensesandlimits.........................................................................................................................................................................10Components......................................................................................................................................................................................10ControlDataAccess.......................................................................................................................................................................11ProfilesandPermissionSet...........................................................................................................................................................11RecordOwnershipandQueues....................................................................................................................................................11OrganizationwideDefaults...........................................................................................................................................................11RoleHierarchy...............................................................................................................................................................................12PublicGroups.................................................................................................................................................................................12Ownership-basedSharingRules....................................................................................................................................................13Criteria-basedSharingRules.........................................................................................................................................................13ManualSharing..............................................................................................................................................................................13Teams.............................................................................................................................................................................................13TerritoryHierarchy........................................................................................................................................................................13AccountTerritorySharingRules....................................................................................................................................................14ProgrammaticSharing...................................................................................................................................................................14ImplicitSharing..............................................................................................................................................................................14

Sharingbetweenaccountsandchildrecords...................................................................................................................................................15Sharingbehaviorforportalusers......................................................................................................................................................................15

Considerationswhenterritorymanagementisneed.......................................................................................................................15WhathappenstotheRoleHierarchy?..........................................................................................................................................15CanYouStillUseTeams?..............................................................................................................................................................15RealignmentandReassignment....................................................................................................................................................16

TAHSINZULKARNINE 2

LargeDataVolumes.......................................................................................................................................................................16DeferSharingCalculations............................................................................................................................................................16DataSkews/OwnershipSkews......................................................................................................................................................16AccountDataSkew........................................................................................................................................................................16

HowtoAvoidAccountDataSkew.....................................................................................................................................................................16TheAccountHierarchiesImpactonDataAccess.........................................................................................................................16

Troubleshooting................................................................................................................................................................................17TerritoryManagement..........................................................................................................................................................................18Setup..................................................................................................................................................................................................18TerritoryModel.................................................................................................................................................................................18TerritoryModelState........................................................................................................................................................................19AssignmentRule................................................................................................................................................................................19Filter-basedopportunityterritoryassignment.................................................................................................................................19GettheMostfromTerritoryManagement......................................................................................................................................20ReportonTerritories.........................................................................................................................................................................20Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)................................................................21PermissionsAffectEnterpriseTerritoryManagement?...................................................................................................................21Considerations:..................................................................................................................................................................................21

Account&OpportunityTeams..............................................................................................................................................................22AccountTeams..................................................................................................................................................................................22

SetUpandManageAccountTeams.................................................................................................................................................................22EnableAccountTeams............................................................................................................................................................................22CustomizeAccountTeamRoles..............................................................................................................................................................22Considerations.........................................................................................................................................................................................22

AddAccountTeamMembers............................................................................................................................................................................22ConsiderationsforRemovingAccountTeamMembers...................................................................................................................................22AccountTeamFields..........................................................................................................................................................................................23

OpportunityTeams............................................................................................................................................................................23UnderstandingSharing..........................................................................................................................................................................24ManagedSharing...............................................................................................................................................................................24UserManagedSharing......................................................................................................................................................................24ApexManagedSharing......................................................................................................................................................................24TheSharingReasonField..................................................................................................................................................................24AccessLevels.....................................................................................................................................................................................25SharingConsiderations..................................................................................................................................................................25

SecurityandSharinginCustomer&PartnerCommunity................................................................................................................26ShareGroup...................................................................................................................................................................................26SharingSets...................................................................................................................................................................................26

ObjectsSupported.............................................................................................................................................................................................26Userlicenses......................................................................................................................................................................................................26Usage..................................................................................................................................................................................................................27

SharingDatawithPartnerUsers.......................................................................................................................................................27Groups/Categories........................................................................................................................................................................27Usage.............................................................................................................................................................................................27

ApexManagedSharing......................................................................................................................................................................28SharingaRecordUsingApex.........................................................................................................................................................28ShareObjectProperties................................................................................................................................................................28CreatingUserManagedSharingUsingApex................................................................................................................................29CreatingApexManagedSharing...................................................................................................................................................29ApexSharingReasonCreation......................................................................................................................................................29Considerations...............................................................................................................................................................................30

TAHSINZULKARNINE 3

CreatingApexManagedSharingforCustomerCommunityPlususers.......................................................................................30Waystoshare:...................................................................................................................................................................................................30

ApexSharingRecalculation...........................................................................................................................................................30AssociateanApexmanagedsharingrecalculationclass..................................................................................................................................30

Considerationsforrecalculations.................................................................................................................................................30WithSharing..................................................................................................................................................................................31WithoutSharing.............................................................................................................................................................................31InheritedSharing...........................................................................................................................................................................31

EnforcingSharingRules.....................................................................................................................................................................31WhoCanSeeMyFile?...........................................................................................................................................................................33Actionsforyourfilepermissions.......................................................................................................................................................33Considerations...................................................................................................................................................................................33

CreateaCustomListViewinSalesforceClassic...................................................................................................................................34USERPERMISSIONSNEEDED...................................................................................................................................................................34

Considerations...................................................................................................................................................................................34ShareaReportorDashboardFolderinSalesforceClassic...................................................................................................................34

USERPERMISSIONSNEEDED...................................................................................................................................................................34AccessandLimits...............................................................................................................................................................................34

DesigningRecordLevelAccessforEnterpriseScale.............................................................................................................................36SurvivingOwnerChangeOperations................................................................................................................................................36UsingApexSharingReasons.........................................................................................................................................................36UsingOutboundMessaging..........................................................................................................................................................36UsingaTrigger...............................................................................................................................................................................36UsingaShadowTable....................................................................................................................................................................36CompletingtheArchitecture.........................................................................................................................................................36

GroupMaintenanceTables...............................................................................................................................................................37GroupsandComposition...............................................................................................................................................................37Example.........................................................................................................................................................................................38TerritoryManagementGroups.....................................................................................................................................................38Considerations...............................................................................................................................................................................38Obtainpeakperformance:............................................................................................................................................................38

AccessGrants.....................................................................................................................................................................................39CommonGroupandDataUpdates...................................................................................................................................................39GroupMembershipLocking..............................................................................................................................................................40Takeaway:TuningGroupMembershipforPerformance.................................................................................................................40Takeaway:TuningDataRelationshipsandUpdatesforPerformance.............................................................................................40Force.comRecordLockingCheatsheet.............................................................................................................................................40ToolsforLarge-ScaleRealignments..................................................................................................................................................41ParallelSharingRuleRecalculation...............................................................................................................................................41DeferredSharingMaintenance.....................................................................................................................................................41

Howworksinpractice.......................................................................................................................................................................................41Howithelps.......................................................................................................................................................................................................41Considerations:..................................................................................................................................................................................................42

GranularLocking............................................................................................................................................................................42KeyAdvantages..................................................................................................................................................................................................42Considerations:..................................................................................................................................................................................................42

ClassicEncryptionforCustomFields....................................................................................................................................................43Restrictions........................................................................................................................................................................................43BestPractices.....................................................................................................................................................................................43

TAHSINZULKARNINE 4

SalesforceShield....................................................................................................................................................................................44PlatformEncryption...........................................................................................................................................................................44EncryptFields................................................................................................................................................................................44DifferenceBetweenClassicEncryptionandShieldPlatformEncryption.....................................................................................45ShieldPlatformEncryptionBestPractices....................................................................................................................................45

EventMonitoring...............................................................................................................................................................................46FieldAuditTrail..................................................................................................................................................................................46Usage.............................................................................................................................................................................................46ObjectsSupported.........................................................................................................................................................................46Fieldcan’tbetracked....................................................................................................................................................................47Considerations...............................................................................................................................................................................47

DataLeakPrevention............................................................................................................................................................................48Authorization.....................................................................................................................................................................................48HowtheSalesforcePlatformEnforcesAuthorization?....................................................................................................................48UserContext..................................................................................................................................................................................48SystemContext..............................................................................................................................................................................48

PurposeofMultipleContexts............................................................................................................................................................48CRUDandFLSEnforcementinVisualForceandLighttning..............................................................................................................49ProtectAgainstCRUDandFLSViolations.........................................................................................................................................49IsMyApplicationVulnerable?...........................................................................................................................................................49HowCanITestMyApplication?.......................................................................................................................................................49

runAsMethod........................................................................................................................................................................................50Nesting...............................................................................................................................................................................................50OtherUsesofrunAs..........................................................................................................................................................................50

InjectionVulnerabilityPrevention.........................................................................................................................................................51Cross-SiteScripting(XSS)....................................................................................................................................................................51TypesofXSSAttacks......................................................................................................................................................................51ImpactofXSS.................................................................................................................................................................................51CommonXSSMitigations..............................................................................................................................................................51Built-inXSSProtectionsinLightningPlatform..............................................................................................................................51PreventXSSinLightningPlatformApplications............................................................................................................................52PlatformEncodinginApex............................................................................................................................................................52

SOQLInjection...................................................................................................................................................................................52ImpactofSOQLInjection...............................................................................................................................................................52SOQLInjectionPrevention............................................................................................................................................................52

StoringSensitiveData............................................................................................................................................................................53SensitiveData-Whatisit?................................................................................................................................................................53Measures...........................................................................................................................................................................................53HardcodedSecrets........................................................................................................................................................................53DebugLogs....................................................................................................................................................................................53SensitiveInfoinURL......................................................................................................................................................................53Salesforce.comIntegrations..........................................................................................................................................................53

SampleVulnerability..........................................................................................................................................................................53SecuringDatainApplication.................................................................................................................................................................54IsMyApplicationVulnerable?...........................................................................................................................................................54HowCanITestMyApplication?.......................................................................................................................................................54HowDoIProtectMyApplication?....................................................................................................................................................54

Problem1...........................................................................................................................................................................................................54Problem2...........................................................................................................................................................................................................54

TAHSINZULKARNINE 5

Problem3...........................................................................................................................................................................................................54ApexandVisualforceApplications................................................................................................................................................55

GeneralGuidance..............................................................................................................................................................................................56ASP.NET..........................................................................................................................................................................................56Java................................................................................................................................................................................................56PHP.................................................................................................................................................................................................56RubyonRails..................................................................................................................................................................................56Python............................................................................................................................................................................................57Flash/Airapps................................................................................................................................................................................57

TAHSINZULKARNINE 6

Force.comSecurity

Usersandsecurity

UserPassword• PasswordPoliciesletsyoudeterminepasswordexpiration,minimumpasswordcomplexityrequirementsandlockout

periods. • Resetpasswordofselectedusers.

UserAuthentication• DelegatedAuthentication

o auserlogsintotheplatformasusual,buttheplatformusesawebservicecallouttosubmittheusernameandpasswordtoanexternalauthorizationauthority.

o Oncethatauthorityapprovesthelogon,theapprovalispassedbacktotheplatformandtheusercanproceed.

• SecurityAssertionMarkupLanguage(SAML)o UsingSAML,yourrequestgoestotheSAML"identityprovider",aloginpagehostedbyyourorganizationthat

validatesyouridentityandreturnsatoken.o Thetokenispassedtotheplatform,whichverifiestheuserbyvalidatingthatitissignedbytheappropriate

identityprovider.o Thisapproachistypicallyusedwhenyourusersareaccessingyourplatformapplicationsthroughaportal,

whichwouldhandletheinitialauthenticationandavoidtheneedtologintoForce.comagain.

Network-basedSecurity• Thefirstoptionistoallowfromusersfromtrustedlocations,butchallengethemwhentheycomefromnewand

untrustedlocations.Setup|SecurityControls|NetworkAccessallowsyoutowhitelistasetofIPaddressrangesthatyoutrust.

• IfaprofilehasLoginIPrestrictionsdefined,anyuserwiththatprofilecanonlylogintotheplatformfromthoseIPaddresses.

• ThelimitationsimposedonIPaddressesareusedtohelpprotectagainstphishingattacks.

SessionSecurity• TheSetup|SecurityControls|SessionSettingspageletsyoucontrolthissession.

o sessiontimeouto allpagesalwaysbeaccessedusingasecureconnection

Auditing• Setup|ManageUsers|LoginHistorydisplaysthelast20loginstoyourorganization,aswellasaccesstodownload6

monthsworthoflogindata,whichincludesIPaddresses,browsertypesandsoon.• TheSetup|SecurityControls|ViewSetupAuditTrailpageletsyouauditmetadataandsystemchanges.

DataAuditing• Object-levelauditingtrackschangesintheoverallobjectrecords,suchasrecordcreation.• Youcanalsoenableauditingforindividualfields,automaticallytrackinganychangesinthevaluesofselectedfields.

TAHSINZULKARNINE 7

Programmaticsecurity

SecurityTokens• TheemailchallengemechanismisawaytoallowausertologinfromoutsideofanIPrange.• IfaclientisrunfromahostoutsidethewhitelistedIPranges,theclienthastoappendasecuritytokentothepassword

oftheuserthatisbeingauthorized.

OAuth• OAuthisanopenprotocolthatallowsawebsitetoaccessresourcesofanotherwebsitewithouthavingtoexposea

user'scredentials.• Insteadofsupplyingausernameandpassword,OAuthallowsuserstohandoutsecuritytokenstospecificsitesfor

accesstospecificresourcesforadefinedduration.

Platformsecurityframework

SystemPermissions• Systempermissionsaregrantedtoprofiles

AdministrativePermissions• ManageUsers-allowsusertomodifyalluserattributes.• API-enabled-Withoutthispermission,ausercannotaccesstheForce.comsystemfromoutsideoftheenvironment.• API-OnlyUser-preventsuserswiththispermissionintheirprofilefromloggingintotheForce.complatform,except

throughoneoftheWebservicesAPIs.• ViewSetupandConfiguration-allowsuserstoviewcompleteSetupmenu,withouttheabilitytomakechanges.• Passwordneverexpires-asitsays.• Customizeapplication-allowscompleteeditingaccesstooptionsforForce.comapplications• EditHTMLTemplates,ManageLetterheads,ManagePublicTemplates-allrelatedtocomponentsusedforForce.com

messages.• AuthorApex-allowsuserswiththispermissionintheirprofiletocreateandeditApex.RequirestheModifyAllData

permissionasaprerequisite.

Reports• CreateandCustomizeReports-grantsaccesstocreatenewreportsormodifyexistingreports.• RunReports-allowsuserstoaccessthereportstab.• ExportReports-allowsuserstoexportdatafromreportstoanExcelspreadsheetformat.• ManageCustomReportTypes,ManageDashboards,ManagePublicReports,ScheduleDashboards-allowsusersto

manageandmodifytherespectivecomponenttypes.Data

• Thefollowingpermissionsregarddatamanipulation,butfromanadministrativeperspective.SeeRecord-basedSharingforadeveloperperspective:

• ModifyAllData-averypowerfulpermissionthat,ifgrantedglobally,allowsuserstomodifyalldataintheForce.com

organization.• ViewAllData-allowsusertoseealldataintheForce.comorganization,ifgrantedglobally.• EditRead-OnlyFields-allowsuserswiththispermissionintheirprofiletoeditread-onlylimitationssetinapagelayout.• ViewEncryptedData-allowsuserswiththispermissionintheirprofiletoseeplaintextrepresentationofencrypted

data.• WeeklyDataExport-allowsuserswiththispermissionintheirprofiletoperformaweeklydataexport.• DisableOutboundMessaging-preventstheuseofoutboundmessagingfortheprofile.

TAHSINZULKARNINE 8

ComponentPermissionsForce.complatformalsoallowsyoutosetpermissionsonindividualForce.comcomponents:

• Applications• Tabs• Recordtypes• Apexclasses• Visualforcepages

Ø However,permissionsetsandprofilesdon’tincludeaccessforsomecustomprocessesandappsØ Custompermissionsletyoudefineaccesschecksthatcanbeassignedtousersviapermissionsetsorprofiles,similarto

howyouassignuserpermissionsandotheraccesssettings.Youcanquerycustompermissionsintheseways.

• Todeterminewhichusershaveaccesstoaspecificcustompermission,useSalesforceObjectQueryLanguage(SOQL)withtheSetupEntityAccessandCustomPermissionsObjects.

• Todeterminewhatcustompermissionsusershavewhentheyauthenticateinaconnectedapp,referencetheuser'sIdentityURL,whichSalesforceprovidesalongwiththeaccesstokenfortheconnectedapp.

Record-basedSharing

Organization-wideDefaults• Specifytheabsoluteminimumlevelofaccesstotherecordsinanobject.

Sharing• Manually

o Thisbuttonisonalldetailpagesbydefault,althoughthebuttoncanberemovedfromapagelayout.o TheSharebuttonwillnotappearforrecordswhoseorganization-widedefaultissettoPublicRead-Write,as

thereisnoneedtograntfurthersharingprivilegesforrecordsinthisobject.• Sharingrules

o Youcansharerecordstoaroleoragroup,orwithaterritory,whichisdesignedtosupportCRMimplementations.

• Apexo eitherbyautomaticallyassigningsharingwhenarecordiscreated,orbyusingtheApexmanagedsharing

(whichonlyappliestocustomobjects.)

TAHSINZULKARNINE 9

SharingArchitecture

Licenses

FullSharingModelUsageUsers/Licenses• MostStandardSalesforcelicensetypestakefulladvantageofthesharingmodelcomponents.• Thelicensemightnotmakeamoduleaccessible,orevensomeobjectsaccessible.Forexample,theForce.comFree

editioncan'taccessanyCRMobjects.• However,thesharingentities,andfunctionality,stillexistsandisreadywhenandifthemoduleeverdoesbecome

active.

HighVolumeCustomerPortalLicense• HighVolumeCustomerPortal(HVPU)licenseusers(includingCommunityandServiceCloudlicenseusers)donotutilize

thesharingmodel.• HVPUlicenseshavetheirownsharingmodelthatworksbyforeignkeymatchbetweentheportaluser(holdingthe

license)andthedataonAccountandContactlookups.• HVPUlicenseisonlyusedfortheCustomerPortalandnotthePartnerPortal.

ChatterFreeLicense• TheChatterFreelicensedoesn'tfollowthestandardsharingmodel.• ChatterFreeisacollaboration-onlylicensewiththefollowingfeatures:Chatter,Profile,People,Groups,Files,Chatter

Desktop,andlimitedSalesforce1appaccess.• Thelicensedoesn'thaveaccesstoCRMrecords(standardorcustomobjects)andContentfunctionality,andtherefore,

thereisnosharing.

CommunityLicense

1. CustomerCommunitya. BasicLicenseb. Don’thaveanyroles,socan’tusesharingrulesbutcanusesharingserandgroups.

2. CustomerCommunityPlusa. CustomerCommunity+

i. Reportsanddashboardsii. Delegatedadminiii. Contentlibrariesiv. Recordsacrossaccounts

3. PartnerCommunitya. CustomerCommunity+

i. Leadsandopportunitiesii. Campaigns

Ø CustomerandCustomerCommunityPluslicensesrequireuniqueusernameswithintheSalesforceorgthata

communitybelongsto.Ø PartnerCommunitylicensesandEmployeeCommunitylicensesrequireuniqueusernamesacrossallSalesforceorgs

thattheuserbelongsto.Ø Communitieslicensesareassociatedwithusers,notaspecificcommunity.Ø Unlikeothercommunityusers,high-volumecommunityusersdon’thaveroles,whicheliminatesperformanceissues

associatedwithrolehierarchycalculations

CustomerCommunity CustomerCommunity

PlusPartnerCommunity EmployeeCommunity

TAHSINZULKARNINE 10

SharingSet

ShareGroup

AccountTeamSharing CaseTeamSharing OpportunityTeamSharing

ManualSharing RoleHierarchy SharingRules ApexSharing

CommunityLicensesandlimits

• InEnterprise,Performance,andUnlimitedorgs,youcancreateupto100communitieswithoutbuyingcommunitieslicenses.

• Thedefaultnumberofrolesperorgis5,000• Unauthenticatedorguestuserswhoaccessyourcommunitydonotuseupanyofyourcommunity'slicenses.• However, to create communities using the Partner Central template, you need to purchase at least one Partner

Communitylicense.• Evenwithoutcommunities’licenses,

o externalusershavesomeaccesstoyourcommunitieso useyourcommunityasapublicknowledgebaseforunauthenticated(orguest)users

• Purchase Community Cloud licenses to allowmembers to log in or give access to Salesforce objects based on yourbusiness needs.

CommunityLicenseType NumberofUsers

PartnerorCustomerCommunityPlus 1millionCustomer 10million SalesforceEdition NumberofPageViews

EnterpriseEdition 500,000/monthUnlimitedEdition Onemillion/month

Components

TAHSINZULKARNINE 11

ControlDataAccess

1. Createprofilesandpermissionsets–Identifythedifferenttypesofusersyouneedforyourapplication,basedonthedifferentfunctionseachtypeneedstoaccess.

a. Createabaselevelprofileforeachtypeofusersothateachprofilehasonlythepermissionsrequiredforthattypeofusertoperformthesefunctions.

b. Thencreatepermissionsetstohandleexceptions—situationsinwhichausermayneedafewmorepermissions.

2. Assignusers–Assigneachusertotheappropriateprofileandpermissionsets.3. Setsharingmodels–Foreachobject,settheorganization-widedefaultrecordsharingsettingstodeterminewhether

therecordsthateachuserownsarepublicorprivate.4. Shareprivaterecords–Useroles,groups,recordsharingrules,andothermeanstoshareprivaterecordswithother

users.

ProfilesandPermissionSet

• Foreachobject,the“ViewAll”and“ModifyAll”permissionsignoresharingrulesandsettings,allowingadministratorstoquicklygrantaccesstorecordsassociatedwithagivenobjectacrosstheorganization.

• Thesepermissionsareoftenpreferablealternativestothe“ViewAllData”and“ModifyAllData”administrativepermissions

RecordOwnershipandQueues

• Everyrecordmustbeownedbyasingleuseroraqueue• Usershigherinahierarchy(roleorterritory)inheritthesamedataaccessastheirsubordinatesforstandardobjects• Queueshelpyouprioritize,distribute,andassignrecordstoteamswhoshareworkloads.• Queuemembersandusershigherinarolehierarchycanaccessqueuesfromlistviewsandtakeownershipofrecords

inaqueue.

Ifasingleuserownsmorethan10,000records,asabestpractice:

• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole

hierarchy.

OrganizationwideDefaults

• Youuseorganization-widesharingsettingstolockdownyourdatatothemostrestrictivelevel,andthenusetheotherrecord-levelsecurityandsharingtoolstoselectivelygiveaccesstootherusers.

• Organization-widedefaultsaretheonlywaytorestrictuseraccesstoarecord.• Forcustomobjectsonly,usetheGrantAccessUsingHierarchiessetting,whichifunchecked(defaultischecked),

preventsmanagersfrominheritingaccess.• EvenifGrantAccessUsingHierarchiesisdeselected,someusers—suchasthosewiththe“ViewAll”and“ModifyAll”

objectpermissionsandthe“ViewAllData”and“ModifyAllData”systempermissions—canstillaccessrecordstheydon’town.

TAHSINZULKARNINE 12

RoleHierarchy

• Anorganizationisallowed500roles;however,thisnumbercanbeincreasedbySalesforce.• Asabestpractice,keepthe

o numberofnon-portalrolesto25,000andthenumberofportalrolesto100,000.o rolehierarchytonomorethan10levelsofbranchesinthehierarchy.

• Overlaysarealwaysthetrickypartofthehierarchy.Ifthey'reintheirownbranch,they'llrequireeithersharingrules,teams,orterritorymanagementtogainneededaccess

PublicGroupsPublicgroupscanconsistof:

• Users• CustomerPortalUsers• PartnerUsers• Roles• RolesandInternalSubordinates• Roles,InternalandPortalSubordinates• PortalRoles• PortalRolesandSubordinates• Territories• TerritoriesandSubordinates• Otherpublicgroups(nesting)

Ø Asabestpractice,keepthetotalnumberofpublicgroupsforanorganizationto100,000.

TAHSINZULKARNINE 13

Ø Groupsalsohavetheabilitytoprotectdatasharedinthegroupfrombeingmadeaccessibletopeopleintherolehierarchyabovethegroupmembers.

Ø This(anddealingwiththeaccessofrecordownersandtheirmanagementhierarchy)allowsthecreationofgroupsinwhichveryhighlyconfidentialinformationcanbeshared—thedatawillbeaccessibleONLYtogroupmembers,andnobodyelseintheorganization.ThisisaccomplishedbyusingtheGrantAccessUsingHierarchiessetting.

Ownership-basedSharingRules

• Ownership-basedsharingrulesarebasedontherecordowneronly.• Contactownership-basedsharingrulesdon'tapplytoprivatecontacts.• Asabestpractice,keepthenumberofownership-basedsharingrulesperobjectto1,000

Ownership-basedSharingisusedtoprovidedataaccessto

• peerswhoholdthesamerole/territory• othergroupingsofusers(publicgroups,portal.roles,territories).

Criteria-basedSharingRules• Asabestpractice,keepthenumberofcriteria-sharingrulesperobjectto50;however,canbeincreasedbySalesforce.• Toprovidedataaccesstousersorgroupsbasedonthevalueofafieldontherecord.

ManualSharing

• Manualsharingisremovedwhentherecordownerchangesorwhenthesharingaccessgranteddoesn'tgrantadditionalaccessbeyondtheobject'sorganization-widesharingdefaultaccesslevel.

• Onlymanualsharerecordscanbecreatedonstandardobjects• Manualsharerecordsaredefinedassharerecordswiththerowcausesettomanualshare• Allsharerecords(standardandcustomobjects)witharowcausesettomanualsharecanbeeditedanddeletedbythe

Sharebuttonontheobject'spagelayout,evenifthesharerecordwascreatedprogrammatically.• YouhaveaccesstotheSharingbuttonwhenyoursharingmodeliseitherPrivateorPublicReadOnlyforatypeof

recordorrelatedrecord.

Teams• Onlyowners,peoplehigherinthehierarchy,andadministratorscanaddteammembersandprovidemoreaccessto

themember.• Ateammemberwithread/writeaccesscanaddanothermemberwhoalreadyhasaccesstotherecordwithwhichthe

teamisassociated.Theteammembercan'tprovidethemadditionalaccess.• Theteamobjectisnotafirst-classobject.Youcan'tcreatecustomfields,validationsrules,ortriggersforteams.

TerritoryHierarchy

• Territorymanagementisnotreversible,soit’sextremelyimportanttoknowitsimplications• Whenterritorymanagementisenabledyoumustmanageboththerolehierarchyandterritoryhierarchy• TerritoriesexistonlyonAccount,Opportunityandmaster/detailchildrenofAccountsandOpportunities.• Organizationscanhaveupto500territories;• Iftheassignmentrulesforaterritoryarechanged,anyAccountTerritorysharingrulesusingthatterritoryasthesource

willberecalculated.Likewise,ifthemembershipofaterritorychanges,anyownership-basedsharingrulesthatusetheterritoryasthesourcewillberecalculated

TerritoryManagementwillbeusedorconsidered:

• Multiplegroupsofpeople(multipleteams)requireeitherread-onlyorread/writeaccesstoaccounts.• Anadditionalhierarchicalstructure(differentfromtherolehierarchy)isneeded.• Asingleuserneedstoholdmultiplelevelsinthehierarchy.• Globalusers(GAM–globalaccountmanager)needtoseeeverythingfromtheglobalaccountdownward

TAHSINZULKARNINE 14

AccountTerritorySharingRules• AccountterritorysharingrulesbecomeavailableonlywhenTerritoryManagementhasbeenenabledforan

organization.• Toprovidedataaccesstoaccountswithinaterritory(notbasedonownership)toagroupingofusers.

ProgrammaticSharingIfyoucreateasharerecordprogrammatically,andtheout-of-boxrowcause(manualshare)isused,thenyoucanmaintainthissharerecordwiththeSharebuttonintheappProgrammaticSharingwillbeusedorconsidered:

• Noothermethodofsharing(declarative)meetsthedataaccessneeds.• Thereisanexisting,externalsystemoftruthforuseraccessassignmentswhichwillcontinuetodriveaccessandbe

integratedwithSalesforce.• Poorperformancebyusingnativesharingcomponents.(Usuallyappliestoverylargedatavolumes)• Teamfunctionalityoncustomobjects

ImplicitSharing• Youcanneitherturnitoff,norturniton—itisnativetotheapplication.• Parentimplicitsharingisprovidingaccesstoparentrecords(accountonly)whenauserhasaccesstochildren

opportunities,cases,orcontactsforthataccount• Childimplicitsharingisprovidingaccesstoanaccount’schildrecordstotheaccountowner.

o onlyappliestocontact,opportunity,andcaseobjects(childrenoftheaccount).• Implicitsharingdoesn'tapplytocustomobjects.• TheaccesslevelsthatcanbeprovidedareView,Edit,andNoaccessforeachofthechildrenobjectswhentheroleis

created.

TypeofSharing

Provides Details

Parent Read-onlyaccesstotheparentaccountforauserwithaccesstoachildrecord

• Notusedwhensharingonthechildiscontrolledbyitsparent• Expensivetomaintainwithmanyaccountchildren• Whenauserlosesaccesstoachild,Salesforceneedstocheck

allotherchildrentoseeifitcandeletetheimplicitparent.

Child Accesstochildrecordsfortheowneroftheparentaccount

• Notusedwhensharingonthechildiscontrolledbyitsparent• Controlledbychildaccesssettingsfortheaccountowner’s

role• Supportsaccountsharingrulesthatgrantchildrecordaccess• Supportsaccountteamaccessbasedonteamsettings• Whenauserlosesaccesstotheparent,Salesforceneedsto

removealltheimplicitchildrenforthatuser.

Portal Accesstoportalaccountandallassociatedcontactsforallportalusersunderthataccount

Sharedtothelowestroleundertheportalaccount

TAHSINZULKARNINE 15

TypeofSharing

Provides Details

HighVolume1

Accesstodataownedbyhighvolumeusersassociatedwithasharingsetforusersmemberofthesharingset'saccessgroup

Allmembersofthesharingsetaccessgroupgainaccesstoeveryrecordownedbyeveryhighvolumeuserassociatedwiththatsharingset

HighVolumeParent

Readonlyaccesstotheparentaccountofrecordssharedthroughasharingset'saccessgroupforusersmemberofthegroup

Maintainstheabilitytoseetheparentaccountwhenusersaregivenaccesstoaccountchildrenownedbyhighvolumeusers

Ø Toallowportaluserstoscaleintothemillions,Communityusershaveastreamlinedsharingmodelthatdoesnotrelyonrolesorgroups,andfunctionssimilarlytocalendareventsandactivities.

Ø CommunityusersareprovisionedwiththeServiceCloudPortalorAuthenticatedWebsitelicenses.

Sharingbetweenaccountsandchildrecords• Accesstoaparentaccount

o Ifyouhaveaccesstoanaccount’schildrecord,youhaveimplicitReadOnlyaccesstothataccount.• Accesstochildrecords

o Ifyouhaveaccesstoaparentaccount,youhaveaccesstotheassociatedchildrecords.Theaccountowner'sroledeterminesthelevelofaccesstochildrecords.

Sharingbehaviorforportalusers• Accountandcaseaccess

o Anaccount’sportaluserhasReadOnlyaccesstotheparentaccountandtoalloftheaccount’scontacts.• ManagementaccesstodataownedbyServiceCloudportalusers

o SinceServiceCloudportalusersdon'thaveroles,portalaccountownerscan'taccesstheirdataviatherolehierarchy.Tograntthemaccesstothisdata,youcanaddaccountownerstotheportal’ssharegroupwheretheServiceCloudportalusersareworking.ThisstepprovidesaccesstoalldataownedbyServiceCloudportalusersinthatportal.

• Caseaccesso Ifaportalorcustomercommunityplususerisacontactonacase,thentheuserhasReadandWriteaccess

onthecase.

Considerationswhenterritorymanagementisneed

WhathappenstotheRoleHierarchy?• Youarenowmanagingtwohierarchies,whichmeanssharingismorecomplex.• Thebestpracticeistoflatten(orsimplify)therolehierarchyasmuchaspossible• Theruleofthumbistomakeyourrolehierarchyyournon-saleshierarchy,trytoflattenthesaledepartment

branch(es),andthenusetheterritoryhierarchyasyour“sales”hierarchy. CanYouStillUseTeams?

• Yes.However,onlyimplementteamsifnootherexistingsharingcomponentwillsatisfytherequirement.

TAHSINZULKARNINE 16

RealignmentandReassignment• Asaruleofthumb,havehierarchystructural(realignments)changesoccurnomorethanquarterlyandallchangesof

highvolume(bulkormasschanges)bewellplanned,tested,andcoordinated.

LargeDataVolumes• Ifyouhavemorethantwomillionaccounts,andhaveimplementedteamsorTerritoryManagement,youespecially

needtopayattentiontoperformance.• Thesearecomplexsharingmodelcomponentsthatcanmakeforahugevolumeofsharerecordsandhence,long

runningtransactions.

DeferSharingCalculations• Natively,everyindividualchangetotherolehierarchy,territoryhierarchy,groups,sharingrules,userroles,team

membership,orownershipofrecordscaninitiateautomaticsharingcalculations.• Defersharinghelpshere.

DataSkews/OwnershipSkews• Dataskewsaredefinedasafewparentrecordswithmanychildrenrecords.

o Theratiowherewestartseeingperformancedegradationis1:10,000.o Asabestpractice,keeptheratioasclosetothataspossible(lowerispreferred).

• Ownershipskewswhereasingleuser,role,orgroupowningalargenumberofrecordsforanobjecto Therecommendedratioofownhffertonumberofrecordsisalso1:10,000.

Ifasingleuserownsmorethan10,000records,asabestpractice:

• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole

hierarchy.• Iftheuser(s)musthavearoletosharedata,werecommendthatyou:

o Placetheminaseparateroleatthetopofthehierarchyo Notmovethemoutofthattop-levelroleo Keepthemoutofpublicgroupsthatcouldbeusedasthesourceforsharingrules

AccountDataSkew• AccountdataskewoccurswhenanAccount’sparentobjecthasmorethan10,000childobjects

Twosituationsinparticularposeariskofproducinglockingerrors.

• Updatestoparentrecordsandtheirchildrenarebeingprocessedsimultaneouslyinseparatethreads.• Updatestochildrecordsthathavethesameparentrecordsarebeingprocessedsimultaneouslyinseparatethreads

HowtoAvoidAccountDataSkew

• Designarchitecturetolimitaccountobjectsto10,000children.SomepossiblemethodsincludecreatingapoolofAccountsandassigningchildreninaroundrobinfashionorusingCustomSettingsforthecurrentAccountandthenumberofchildren.

• Ifpossible,consideraPublicRead/Writesharingmodelinwhichtheparentaccountstayslocked,butsharingcalculationsdon’toccur.

• Ifyouhaveaskewedaccount,redistributechildobjectsinchunksduringoff-peakhourstolessentheimpactofrecord-levellockcontention.BatchApexortheBulkAPIareusefulwaystore-parent.

TheAccountHierarchiesImpactonDataAccess• aparent/childrelationshipbetweentworecordsdoesnotdriveaccess.

TAHSINZULKARNINE 17

TroubleshootingWhyausercanorcan'tseearecord.Hereisatroubleshootingflow:

1. Verifythattheuserhaspermissionstoaccesstotheobject.2. Identifytheuser'srolewhocan'tseetherecordandnoteit.3. Identifytheowner'sroleoftherecordandnoteit.4. Reviewtherolehierarchyandverifythesetworolesareintwodifferentbranches(theyshouldbe).5. Nowyouneedtoreviewthesharingrulesfortheobjectandmakesurethereisnorulethatwillgranttheuseraccess.6. Ifyouareusingteams,shouldthisuserbeontheteamforthatrecord?Howareteamsmaintainedandhowdidthe

missoccur?7. Ifmanualsharingisused,theusermayhavelostaccessbecausetherecordownerchanged.Manualsharesare

droppedwhenownershipchanges.ThemanualsharecouldalsohavebeenremovedusingtheSharebutton.8. Ifyouareusingterritorymanagement,istheusermissingfromoneoftheterritories?Whereisthemembershipof

territoriesmaintainedandhowdidthemissoccur?Or,maybetherecorddidnotgetstampedwiththeterritorywheretheuserisamember.

9. Ifyouarecreatingprogrammaticsharesandtherearecriteriaforcreatingtheshareincode,reviewthecodetounderstandwhythisuserwasomitted.

TAHSINZULKARNINE 18

TerritoryManagementEnterpriseTerritoryManagement:

• Salesforceadminscansetupandtestterritorymodelsbeforeimplementingthem.• It’seasytomakeassignmentsbetweenterritories,accounts,andopportunities.• Reportshelpteamsorganizeforoptimalcoverageandassessterritoryeffectiveness.• IfyouuseCollaborativeForecasts,youcanforecastbyterritory.

WhatIt’sCalled WhatItDoes

Territory • Helpsyouorganizegroupsofaccountsandthesalesrepswhoworkwiththoseaccounts.• Youcreateterritoriesbasedonterritorytypes.

Territorytype • Everyterritoryyoucreatehasaterritorytype.Youuseterritorytypesonlytoorganizeandcreateterritories.T

• heydon’tappearonterritorymodelhierarchies.Territorytypepriority • Helpsyouchoosetheappropriateterritorytypeforterritoriesyoucreateoredit.Youcreate

yourownpriorityscheme

Territorymodel • Modelingletsyoucreateandpreviewmultipleterritorystructuresanddifferentaccountanduserassignmentsbeforeyouactivatethemodelthatworksbest.

Territoryhierarchy • Youstartfromthehierarchytocreate,edit,anddeleteterritories;runassignmentrulesforterritories,andnavigatetoterritorydetailpagesformoreinformation.

• Fromthehierarchy,youcanalsoassignterritoriestoopportunities,runassignmentrulesatthemodellevel,andactivateorarchivethemodel.Yourterritoryhierarchyintheactiveterritorymodelalsodeterminestheforecastshierarchyforterritoryforecasts.

Territorymodelstate • Indicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.

• Setup->ManageTerritories->Settings->EnableTerritoryManagement• Createterritorytypeandmodel.• Fromtheterritorymodel->ViewHierarchy->createaterritory.

TerritoryModel

• Thislimitincludesmodelscreatedbycloning.

TAHSINZULKARNINE 19

TerritoryModelState

• Territorymodelstateindicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.• Youcanhaveonlyoneactiveterritorymodelatatime,butyoucancreateandmaintainmultiplemodelsinplanningor

archivedstatetouseforextramodelingorreference.

LIFECYCLESTATE DEFINITION

Planning Thedefaultstateforeverynewterritorymodelyoucreate.ThePlanningstateletsyoupreviewamodel’sterritoryhierarchybeforedeployingit.

Active Thestateofaterritorymodelafteryouactivateitandallprocessingiscomplete.OnlyonemodelinyourSalesforceorganizationcanbeactiveatatime.

Archived Thestateofaterritorymodelafteryouarchiveitandallprocessingiscomplete.Anarchivedmodelletsadminsviewhierarchyandruleassignmentsastheywereconfiguredwhenthemodelwasactive.Onlytheactivemodelcanbearchived,andarchivedmodelscannotbereactivated.

ERRORSTATE DEFINITION

ActivationFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.

ArchivingFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.

AssignmentRule

• AruletellsEnterpriseTerritoryManagementtoassignaccountswiththosecharacteristicstothatterritory.• IfyourterritoryisinPlanningstate,runningrulesletsyoupreviewaccountassignments.• IfyourterritoryisinActivestatewhenyourunrules,accountsareassignedtoterritoriesaccordingtoyourrules.

Filter-basedopportunityterritoryassignment

• Manuallyassigningaopportunitytoterritoryusing“territoryfield”inopportunity.• ApexClassrequiredforFilter-BasedOpportunityTerritoryAssignment

o ImplementsOpportunityTerritory2AssignmentFilterinterface.• EnableFilter-BasedOpportunityTerritoryAssignmentandsettheclass.• YoucanassignterritorytypepriorityviatheAPIbyupdatingtheTerritory2Typeobject’sPriorityfield.• ManuallyExcludeanOpportunityfromFilter-BasedTerritoryAssignmentusing“Excludefromtheterritoryassignment

filterlogic”inopportunity.• RunOpportunityFilterfromTerritorymodel’shierarchyinSetup.

TAHSINZULKARNINE 20

GettheMostfromTerritoryManagement

• Cloneaterritoryfromterritorymodelpage.• TerritoryUsersbyTerritoryRole

o Setup->TerritoryAssociations->RoleinTerritoryo Assignroles.TerritoryRecord->AssignedUserRelatedlist->Edit->RoleinTerritory.

• ChattertoCollaborateonTerritoryModelsusingSetup->Chatter->FeedTracking->TerritoryModel->Enablefeedtracking

ReportonTerritories

• FirstyouneedacustomTerritoryManagementreporttypethatrelatestheobjectsyouwanttoreporton.• Thenyoucreatereportsthatbelongtothattype.• Steps:

o OntheReportstab,clickNewReporto Chooseanaccountoropportunityreporttype,andthenclickContinue.o IntheShowMefilterfield,selectMyterritories’orMyterritoryteam’sasthefiltercriterion.

TAHSINZULKARNINE 21

Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)NOTE:Pleasenotethat(x)means"Available"inthebelowtable Features TerritoryManagement1.0 EnterpriseTerritoryManagement2.0

MultipleTerritories/Hierarchy XRunTerritoriesonTerritoryTree/ListViewPage

PreviewTerritory X(partial,notpersisted) XInheritedTerritoryRules X XTerritoryType/Priority XTerritoryModels XEnable/DisableTerritoryManagement X XAssignmentofTerritoryonOpportunities X X(Spring'15)IntegrationwithCustomizableForecasting X IntegrationwithCollaborativeForecasts X(forecastsbasedonterritoryhierarchy,notrole

hierarchy)ManualAssignmentofAccounttoTerritory X XSeparationofRuleExecutionvsDeployment XReports/Dashboards X XTerritoryHierarchyDeepClone XRuleSharingamongmultipleTerritories XMyTerritoriesScopeinAccountListViews X XMyTerritoriesScopeinAccountReports X X(Spring'15)AuditTrail XMetadataAPISupport XUserRoleinTerritory XTriggeronUsertoTerritoryAssociationObject XShareareport/dashboardfolderwithaterritory

Createapublicgroupwithterritory X

PermissionsAffectEnterpriseTerritoryManagement?

• SalesOperationsmanagersandselectedSalesmanagerstobeabletomanageterritories.o Ifso,assignthemthe“ManageTerritories”permission.

• Anyonewhowillalsocreateaccountassignmentrulesalsoo needsthe“ViewAll”permissiononAccounts.

• SalesforceSetuptree,includingterritoriessettingso ViewSetupandConfiguration

Considerations:

• IfusingEnterpriseTerritoryManagement,territorysharinggroupscan’tbeusedinasharingrule.• IfusingEnterpriseTerritoryManagement,userscan’tmanuallysharearecordtoaterritory.• IfusingEnterpriseTerritoryManagement,youcan’tuseterritorysharinggroupsprogrammatically

TAHSINZULKARNINE 22

Account&OpportunityTeams

AccountTeams

• Anaccountteamisateamofuserswhoworktogetheronanaccount.• Useaccountteamstoeasilytrackcollaborationonaccounts.• Accountteamsaren’tthesameasopportunityteams,althoughtheyhavethesameteammemberroles.

SetUpandManageAccountTeams

EnableAccountTeams• FromSetup,enterAccountTeamsintheQuickFindbox,thenselectAccountTeamSettings.• Definethesettings.• Saveyourchanges.

CustomizeAccountTeamRolesEveryaccountteammemberhasaroleinworkingwiththataccount,suchasAccountManagerorSalesRep.Totracktherolesthatteammembersplayinyourcompany,customizeyouraccountteamrolesinSalesforce.

• FromSetup,enterTeamRolesintheQuickFindbox,thenselectTeamRolesunderAccountTeams.• Editthepicklistvaluesforteamrolesasneeded.• Saveyourchanges.• Toupdateachangedpicklistvalueinallyourfiles,enterReplaceTeamRolesintheQuickFindbox,thenselectReplace

TeamRole.

Considerations• Accountteamsshareroleswithopportunityteams.Ifyouremoveanaccountteamrole,thatroleisnolongerlistedas

anopportunityteamrole.• Accountteamscanonlybeusedtograntgreateraccesstoanaccount.Theycan’tbeusedtorestrictaccesstoaccount

recordsbeyondtheorg-widesharingdefaults.• Whentheorg-widedefaultforcontactsissettoControlledbyParent,ContactAccessisn’tavailableforaccountteam

members.• Disablingaccountteamsirreversiblyremovesexistingteamsfromallaccountsanddeleteusers’defaultaccountteams,

andremovestheAccountTeamrelatedlistfromallpagelayouts.• YoucannotdisableaccountteamsforyourorganizationifteammembersarereferencedinApex.

• Onlyadministratorscangrantaccesstochildrecordsthataregreaterthantheaccountowner’saccesslevel.AddAccountTeamMembersAccountrecordownersandusersabovetheownerintherolehierarchycanadd,edit,anddeleteteammembers.Toeditordeleteanaccountteammember,youmustbeoneofthefollowing.

• Theaccountowner• Abovetheownerintherolehierarchy• Anyusergrantedfullaccesstotherecord• Anadministrator

ConsiderationsforRemovingAccountTeamMembers

TAHSINZULKARNINE 23

• Ifateammemberisonyourdefaultaccountteamandyouremovethemfromaspecificaccount,thosechangesonlyaffectthataccount.Thesetupofyourdefaultaccountteamdoesnotchange.

• IfauseronanaccountteamhasRead/Writeaccess(AccountAccess,ContactAccess,OpportunityAccess,andCaseAccess)andisdeactivated,theaccesswilldefaulttoReadOnlyiftheuserisreactivated.

AccountTeamFields

FIELD DESCRIPTION

AccountAccessThelevelofaccessthatateammemberhastotheaccount.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultaccountsharingaccess.

CaseAccess Thelevelofaccessthatateammemberhastothecasesassociatedwiththeaccount.

ContactAccessThelevelofaccessthatateammemberhastothecontact.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultcontactsharingaccess.

OpportunityAccess Thelevelofaccessthatateammemberhastotheopportunitiesassociatedwiththeaccount.

TeamMember Theuserwho’slistedaspartoftheteam.

TeamRole Therolethattheteammemberplaysfortheaccount,suchasAccountManager.

OpportunityTeams

• Opportunityteamsshowwho’sworkingontheopportunityandwhateachteammember’sroleis,makingiteasytocollaboratewithyourcollegues.

• Youcangrantyouropportunityteammembersspecialaccesstotheopportunityanditsrelatedrecords,makingiteasierforeveryonetoworktogether.

• Inopportunityreports,filteropportunitiesbytheopportunityteamsthatyou’reamemberof.

TAHSINZULKARNINE 24

UnderstandingSharingAshareobjectincludesrecordssupportingallthreetypesofsharing:

1. Managedsharing2. usermanagedsharing,3. Apexmanagedsharing.

ManagedSharingManagedsharinginvolvessharingaccessgrantedbyLightningPlatformbasedonrecordownership,therolehierarchy,andsharingrules:

• RecordOwnershipo Eachrecordisownedbyauseroroptionallyaqueueforcustomobjects,casesandleads.Therecordowneris

automaticallygrantedFullAccess,allowingthemtoview,edit,transfer,share,anddeletetherecord• RoleHierarchy

o enablesusersaboveanotheruserinthehierarchytohavethesamelevelofaccesstorecordsownedbyorsharedwithusersbelow

• SharingRuleso usedbyadministratorstoautomaticallygrantuserswithinagivengrouporroleaccesstorecordsownedbya

specificgroupofusers.o Sharingrulescannotbeaddedtoapackageandcannotbeusedtosupportsharinglogicforappsinstalled

fromAppExchange.o Sharingrulescanbebasedonrecordownershiporothercriteria.Youcan’tuseApextocreatecriteria-based

sharingrules.Also,criteria-basedsharingcannotbetestedusingApex.

• AllimplicitsharingaddedbyForce.commanagedsharingcannotbealtereddirectlyusingtheSalesforceuserinterface,SOAPAPI,orApex.

UserManagedSharing

• allowstherecordowneroranyuserwithFullAccesstoarecordtosharetherecordwithauserorgroupofusers.• Thisisgenerallydonebyanenduser,forasinglerecord

ApexManagedSharing

• providesdeveloperswiththeabilitytosupportanapplication’sparticularsharingrequirementsprogrammaticallythroughApexortheSOAPAPI.

• Thistypeofsharingissimilartomanagedsharing.

TheSharingReasonFieldIntheSalesforceuserinterface,theReasonfieldonacustomobjectspecifiesthetypeofsharingusedforarecord.ThisfieldiscalledrowCauseinApexortheAPI.Sharing rowCauseValue(UsedinApexortheAPI

TAHSINZULKARNINE 25

Managed ImplicitChild,ImplicitParentUserManaged ManualApexManaged Definedbydeveloper

AccessLevelsWhendeterminingauser’saccesstoarecord,themostpermissivelevelofaccessisused.Mostshareobjectssupportthefollowingaccesslevels:

AccessLevel

APIName

Description

Private None Onlytherecordownerandusersabovetherecordownerintherolehierarchycanviewandedittherecord.ThisaccesslevelonlyappliestotheAccountShareobject.

ReadOnly Read Thespecifieduserorgroupcanviewtherecordonly.

Read/Write Edit Thespecifieduserorgroupcanviewandedittherecord.

FullAccess All Thespecifieduserorgroupcanview,edit,transfer,share,anddeletetherecord.Thisaccesslevelcanonlybegrantedwithmanagedsharing.

SharingConsiderations

• Ifatriggerchangestheownerofarecord,therunningusermusthavereadaccesstothenewowner’suserrecordifthetriggerisstartedthroughthefollowing:

• API

• Standarduserinterface

• StandardVisualforcecontroller

• Classdefinedwiththewithsharingkeyword

• Ifatriggerisstartedthroughaclassthat’snotdefinedwiththewithsharingkeyword,thetriggerrunsinsystemmode.Inthiscase,thetriggerdoesn’trequiretherunningusertohavespecificaccess.

TAHSINZULKARNINE 26

SecurityandSharinginCustomer&PartnerCommunity

ShareGroup• SharegroupallowsyoutospecifytheSalesforceotherexternaluserswhocanaccessrecordsownedbyhigh-volume

communityusers.• Deactivatingasharegroupremovesallotherusers’accesstorecordsownedbyhigh-volumecommunityusers.An

emailisn’tsenttoyouwhenthedeactivationprocessfinishes.

SharingSetsGrantportalorcommunityusersaccess,basedontheiruserprofiles,torecordsthatareassociatedwiththeiraccountsorcontactsusingsharingsets.

• Accessgrantedtousersviasharingsetsdoesnotrolluptousershighertothemintheirrolehierarchies.• thesharegroupsfunctionalityisn’tavailabletouserswithCustomerCommunityPlusandPartnerCommunity

licenses.

ObjectsSupported

● Account○ Accountsharingsetscancontrolaccessto

Contract,Entitlement,andOrderItemobjects● Asset● Campaign(inbeta)● Case● Contact● CustomObjects

● Individual● Opportunity(inbeta)● Order(inbeta)● ServiceAppointment● ServiceContract● User● WorkOrder

Userlicenses

● AuthenticatedWebsite● CustomerCommunityLogin● CustomerCommunityPlus● PartnerCommunityLicenses(new)

● CustomerCommunityUser● HighVolumeCustomerPortal● HighVolumePortal● OvrageAuthenticatedWebsiteUser● OverageHighVolumeCustomerPortalUser

Ø Portalorcommunityusersgainaccesstoallorderentitlementsandorderitemsunderanaccounttowhichtheyhaveaccess.Tosharerecordsownedbyhigh-volumeportalusers,useasharegroupinstead.

TAHSINZULKARNINE 27

SharingDatawithPartnerUsersØ SharinggroupsandasharingrulecategoryareavailablebydefaultinyourorgtoshareSalesforcedatawithpartner

usersinacommunity.Ø Org-widedefaultsandfield-levelsecurityalsocontroldataaccessforpartnersincommunities.SettheDefault

ExternalAccesssettingtoPrivateforalltheobjectsyouwanttoexposetopartnerusersinyourcommunity.

Groups/CategoriesAfteryoubuypartnerlicensesforyourorg,thefollowinggroupsandsharingrulecategoryarecreated:

GROUPORCATEGORY DESCRIPTION

AllPartnerPortalUsersgroup Containsallpartnerusersinyourorganization

AllInternalUsersgroup ContainsallSalesforceusersinyourorganization

RolesandInternalSubordinatessharingrulecategory

AllowsyoutocreatesharingrulesinwhichyoucanchoosespecificSalesforceusersinyourorganizationbyrole,includingusersinrolesbelowtheselectedrole.Partnerrolesareexcluded.

TAHSINZULKARNINE 28

ApexManagedSharing

SharingaRecordUsingApexToaccesssharingprogrammatically,youmustusetheshareobjectassociatedwiththestandardorcustomobjectforwhichyouwanttoshare

Ø SandardObjectShareo AccountShareo ContactShare

Ø CustomObject__Shareo UnitTree__Share

ShareObjectProperties

PropertyName Description

objectNameAccessLevel ThelevelofaccessthatthespecifieduserorgrouphasbeengrantedforasharesObject.Validvaluesare:

● Edit● Read● All

TheAllaccesslevelcanonlybeusedbymanagedsharing.

ParentID TheIDoftheobject.Thisfieldcannotbeupdated.

TAHSINZULKARNINE 29

RowCause Thereasonwhytheuserorgroupisbeinggrantedaccess.Thereasondeterminesthetypeofsharing,whichcontrolswhocanalterthesharingrecord.Thisfieldcannotbeupdated.

UserOrGroupId TheuserorgroupIDstowhichyouaregrantingaccess.Agroupcanbe:● Apublicgrouporasharinggroupassociatedwitharole.● AterritorygroupifyouusetheoriginalversionofTerritoryManagement,but

notwithEnterpriseTerritoryManagement.

Thisfieldcannotbeupdated.

CreatingUserManagedSharingUsingApex• ItispossibletomanuallysharearecordtoauseroragroupusingApexortheSOAPAPI.• Iftheowneroftherecordchanges,thesharingisautomaticallydeleted• ManualshareswrittenusingApexcontainsRowCause="Manual"bydefault.Onlyshareswiththisconditionare

removedwhenownershipchanges.

CreatingApexManagedSharing• Thistypeofsharingissimilartomanagedsharing.• ApexmanagedsharingmustuseanApexsharingreason.• Apexsharingreasonsareawayfordeveloperstotrackwhytheysharedarecordwithauserorgroupofusers.• UsingmultipleApexsharingreasonssimplifiesthecodingrequiredtomakeupdatesanddeletionsofsharingrecords.• Theyalsoenabledeveloperstosharewiththesameuserorgroupmultipletimesusingdifferentreasons.

EachApexsharingreasonhasalabelandaname:• ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.

o Thislabelallowsusersandadministratorstounderstandthesourceofthesharing.o ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.

• ThenameisusedwhenreferencingthereasonintheAPIandApex.Apexsharingreasonscanbereferencedprogrammaticallyasfollows:

Schema.CustomObject__Share.rowCause.SharingReason__c

ApexSharingReasonCreation

Ø ApexsharingreasonsandApexmanagedsharingrecalculationareonlyavailableforcustomobjects.

1. Fromthemanagementsettingsforthecustomobject,clickNewintheApexSharingReasonsrelatedlist.2. EnteralabelfortheApexsharingreason.

a. ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.

3. EnteranamefortheApexsharingreason.ThenameisusedwhenreferencingthereasonintheAPIandApex.a. Thisnamecancontainonlyunderscoresandalphanumericcharacters,andmustbeuniqueinyourorg.b. Itmustbeginwithaletter,notincludespaces,notendwithanunderscore,andnotcontaintwoconsecutive

underscores.4. ClickSave.

TAHSINZULKARNINE 30

ConsiderationsØ Undercertaincircumstances,insertingasharerowresultsinanupdateofanexistingsharerow.Ø Ifanaccountsharingruleiscreated,thesharingrulerowcause(whichisahigheraccesslevel)replacestheparent

implicitsharerowcause,indicatingthehigherlevelofaccess.Ø Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmay

preventthepackagefrominstalling.Ø DeletinganApexsharingreasonwilldeleteallsharingontheobjectthatusesthereason.Ø Youcancreateupto10Apexsharingreasonspercustomobject.Ø YoucancreateApexsharingreasonsusingtheMetadataAPI.

CreatingApexManagedSharingforCustomerCommunityPlususers• Shareobjects,suchasAccountShareandContactShare,aren’tavailabletotheseusers.

Waystoshare:• IfyoumustuseshareobjectsasaCustomerCommunityPlususer,considerusingatrigger,whichoperateswiththe

withoutsharingkeywordbydefault• UseaninnerclasswiththesamekeywordtoenabletheDMLoperationtorunsuccessfully.

ApexSharingRecalculation

• Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmaypreventthepackagefrominstalling.

• DeveloperscanwritebatchApexclassesthatrecalculatetheApexmanagedsharingforaspecificcustomobject.• Youcanassociatetheseclasseswithacustomobjectonitsdetailpage,andexecutethemifalockingissueprevents

Apexfromgrantingaccesstoauserasdefinedbytheapplication’slogic.• Apexsharingrecalculationsarealsousefulforresolvingvisibilityissuesduetocodingerrors.• YoucanalsorunthemprogrammaticallyusingtheDatabase.executeBatchmethod

• Salesforceautomaticallyrecalculatessharingforallrecordsonanobjectwhenitsorganization-widesharingdefault

accesslevelchanges.

AssociateanApexmanagedsharingrecalculationclass

1. Fromthemanagementsettingsforthecustomobject,gotoApexSharingRecalculations.2. ChoosetheApexclassthatrecalculatestheApexsharingforthisobject.

a. TheclassyouchoosemustimplementtheDatabase.Batchableinterface.b. YoucannotassociatethesameApexclassmultipletimeswiththesamecustomobject.

3. ClickSave.

Considerationsforrecalculations● TheApexcodethatextendsthesharingrecalculationcanprocessamaximumoffivemillionrecords.

○ IfthisApexcodeaffectsmorethanfivemillionrecords,thejobfailsimmediately.● YoucanmonitorthestatusofApexsharingrecalculationsintheApexjobqueue.● YoucanassociateamaximumoffiveApexsharingrecalculationspercustomobject.● YoucannotassociateApexsharingrecalculationswithstandardobjects.

TAHSINZULKARNINE 31

WithSharingThewithsharingkeywordallowsyoutospecifythatthesharingrulesforthecurrentuseraretakenintoaccountforaclass.

publicwithsharingclasssharingClass{}

WithoutSharingUsethewithoutsharingkeywordswhendeclaringaclasstoensurethatthesharingrulesforthecurrentuserarenotenforced.

publicwithoutsharingclassnoSharing{}

ImplementationDetailsinregardstosharingandwithoutsharingKeywords

● Ifaclassisn’tdeclaredaseitherwithorwithoutsharing,thecurrentsharingrulesremainineffect.○ iftheclassiscalledbyanotherclassthathassharingenforced,thensharingisenforcedforthecalledclass.

● Bothinnerclassesandouterclassescanbedeclaredaswithsharing.● Innerclassesdonotinheritthesharingsettingfromtheircontainerclass.● Classesinheritthissettingfromaparentclasswhenoneclassextendsorimplementsanother● Sharingdoesn’tdependonwhethertheclassexecutesasynchronouslyasascheduledjoborbatchjob.Ifyourclass

accessesstandardorcustomfields,preventsharingviolationsbydeclaringthe“withsharing”keyword.

InheritedSharing• Anexplicitinheritedsharingdeclarationmakestheintentclear,avoidingambiguityarisingfromanomitteddeclaration

orfalsepositivesfromsecurityanalysistooling.• UsinginheritedsharingenablesyoutopassAppExchangeSecurityReviewandensurethatyourprivilegedApexcodeis

notusedinunexpectedorinsecureways.• AnApexclasswithinheritedsharingrunsaswithsharingwhenusedasaLightningcomponentcontroller,aVisualforce

controller,anApexRESTservice,oranyotherentrypointtoanApextransaction.• ThereisadistinctdifferencebetweenanApexclassthatismarkedwithinheritedsharingandonewithanomitted

sharingdeclaration.• Aclassdeclaredasinheritedsharingrunsaswithoutsharingonlywhenexplicitlycalledfromanalreadyestablished

withoutsharingcontext.o Becauseoftheinheritedsharingdeclaration,onlycontactsforwhichtherunninguserhassharingaccessare

displayed.o Ifthedeclarationisomittedomitted,evencontactsthattheuserhasnorightstoviewaredisplayeddueto

theinsecuredefaultbehaviorofomittingthedeclaration.

publicinheritedsharingclassInheritedSharingClass{ publicList<Contact>getAllTheSecrets(){ return[SELECTNameFROMContact]; }}

EnforcingSharingRulesEnforcingthecurrentuser'ssharingrulescanimpact:

• SOQLandSOSLqueries.Aquerymayreturnfewerrowsthanitwouldoperatinginsystemcontext.• DMLoperations.Anoperationmayfailbecausethecurrentuserdoesn'thavethecorrectpermissions.

TAHSINZULKARNINE 32

o Forexample,iftheuserspecifiesaforeignkeyvaluethatexistsintheorganization,butwhichthecurrentuserdoesnothaveaccessto.

TAHSINZULKARNINE 33

WhoCanSeeMyFile?

SHARINGSETTING DEFINITION WHENDOESAFILEHAVETHISSETTING?

Private

• Thefileisprivate.• Ithasn'tbeensharedwithanyoneelsebesidesthe

owner.• Thefileowneranduserswith“ModifyAllData”

permissioncanfindandviewthisfile.• However,ifthefileisinaprivatelibrary,onlythe

fileownerhasaccesstoit.

Afileisprivatewhenyou:

• UploaditinFileshome• Publishittoyourprivatelibrary• Stopsharingitwitheveryone(MakePrivate)• Deletepoststhatincludethefileandthefileisn'tshared

anywhereelse

PrivatelyShared

• Thefilehasonlybeensharedwithspecificpeople,groups,orvialink.

• It'snotavailabletoallusersinyourcompany.• Onlythefileowner,userswith“ModifyAllData”

or“ViewallData”permission,andspecificfileviewerscanfindandviewthisfile.

Afileisprivatelysharedwhenit's:

• Onlysharedwithspecificpeopleoraprivategroup• Postedtoaprivategroup• Sharedvialink• Postedtoafeedonarecord• Publishedtoasharedlibrary

YourCompany Allusersinyourcompanycanfindandviewthisfile.Afileissharedwithyourcompanywhenit'spostedtoafeedthatalluserscansee,aprofile,arecord,orapublicgroup.

Actionsforyourfilepermissions.

Considerations

• NoAccessmeansthatonlythepeopleinyourcompanywithwhomthisfileissharedcanfindorviewthefile.Ifthefileissharedwithaprivategroup,onlymembersofthegroupcanfindorviewthefile.

• Userswith“ModifyAllData”permissioncanview,preview,download,share,attach,makeprivate,restrictaccess,edit,uploadnewversions,anddeletefilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.

• Userswith“ViewAllData”permissioncanviewandpreviewfilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.

• Groups(includinggroupmembers)andrecordshaveviewerpermissionforfilespostedtotheirfeeds.• Permissionsforfilessharedwithlibrariesdependonthelibrary.

ACTION FILEOWNER FILECOLLABORATOR FILEVIEWER

VieworPreview Yes Yes Yes

Download Yes Yes Yes

Share Yes Yes Yes

AttachaFiletoaPost Yes Yes Yes

UploadNewVersion Yes Yes

EditDetails Yes Yes

ChangePermission Yes Yes

MakeaFilePrivate Yes

RestrictAccess Yes

Delete Yes

TAHSINZULKARNINE 34

CreateaCustomListViewinSalesforceClassic

USERPERMISSIONSNEEDED

• Tocreatecustomlistviews: o ReadonthetypeofrecordincludedinthelistANDCreateandCustomizeListViews

• Tocreate,edit,ordeletepubliclistviews: o ManagePublicListViews

Considerations

• AsaSalesforceadminorauserwiththe“ManagePublicListView”permission,youhavetheoptiontohidethelistview,soonlyyoucanseethislistview.

o Openthelistview.SelectVisibletocertaingroupsofusers.Choosethetypeofgrouporrolefromthedrop-downlist,selectthegrouporrolefromthelist,thenclickAdd.

• Enterprise,Unlimited,Performance,andDeveloperEditionuserscangiveaccesstoapublicgrouporrole,includingallusersbelowthatrole.

• ListviewsarevisibletoyourcommunityuserswithCustomerCommunityPlus,PartnerCommunity,LightningPlatform

Starter,andLightningPlatformPluslicenses,o iftheVisibletoalluserssettingisenabledforviewsofobjectsincommunityuserprofiles.

• TomakelistviewsvisibleonlytoyourSalesforceusers,selectVisibletocertaingroupsofusers.ThensharetheviewwiththeAllInternalUsersgrouporaselectedsetofinternalgroupsandroles.

• Whenimplementingacommunity,createcustomviewsthatcontainonlyrelevantinformationforcommunityusers.

ThenmakethoseviewsvisibletocommunityusersbysharingthemwiththeAllCustomerPortalUsersgroup,orasetofcommunitygroupsandroles.

ShareaReportorDashboardFolderinSalesforceClassic

USERPERMISSIONSNEEDED• Toshareareportfolderwithpublicgroups:

o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders

• Toshareadashboardfolderwithpublicgroups: o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders

AccessandLimits

• Whenyoucreateafolder,you’reitsmanager.o Onlyyouandotherswithadministrativepermissionscanseeit.

• IfafolderdoesnothaveManageraccess,it’spublic,anduserswiththeViewReportsinPublicFolderspermissioncanviewit.

• Youcanshareareportordashboardfolderwithupto25users,groups,roles,orterritoriesatonetime.• Youcanshareafolderwithupto100users,groups,roles,orterritoriesusingthefoldersharingRESTAPI.

TAHSINZULKARNINE 35

TAHSINZULKARNINE 36

DesigningRecordLevelAccessforEnterpriseScale

SurvivingOwnerChangeOperations

• Sowhentheownerofarecordischanged,theplatformdeletesallthemanualsharesassociatedwiththerecord.• Ineffect,we“cleantheslate”forthenewownerandletthemdecidewhethertheywanttoshareittoanybody.• Andifyouhavebeenwritingcodethatsharestherecord,yourshareswillgetdeleted,too,becausetheyhavethe

same‘manual’rowcause—theplatformcannotdistinguishbetweenasharingrowyoucreatedandasharingrowcreatedthroughtheUI

UsingApexSharingReasons

• Becauseyourrowcausefortheseshareswillnolongerbe‘manual’,theplatformwon’ttouchthemwhenperformingthechangeowneroperation.

• Standardobjectslikeaccountsorcontacts?o Therelationshipbetweentheseobjectscanbecomplex,andtheremightbegoodreasonsfortheplatformto

changeordeleteasharingrow,evenonethatyouhavecreatedprogrammatically.

UsingOutboundMessaging

• Withstandardobjects,whereyoucan’tuseacustomsharingreason,andyouareintegratingwithanassignmentengineexternaltoSalesforce.

• Youcanconfigureaworkflowruletodetectwhenarecordownerischanged,anduseanoutboundmessagetotriggeryourassignmentenginetotakeappropriateaction

• Enter“OwnerId<>PRIORVALUE(OwnerID)”fortheformula.

UsingaTrigger

• Appliestostandardobjectswhereyoucan’tuseacustomsharingreason,butinthiscaseyouareintegratingwithanassignmentenginebuiltontheSalesforceplatform.

UsingaShadowTable

• Yourlogicforstandardobjectsmightnotbecomplexenoughtojustifybuildingafull-blownassignmentengine.• Youmightbeabletoaccomplishthesamegoalthroughtheuseofatriggerandacustomobjectthatkeepstrackof

yourprogrammaticshares.

Account:LookuptoAccountTeamMember:LookuptoUserAccountAccess:Picklist(Read,Edit)OpportunityAccess:Picklist(None,Read,Edit)CaseAccess:Picklist(None,Read,Edit)ContactAccess:Picklist(None,Read,Edit)TeamRole:Picklist(AccountManager,ChannelManager,ExecutiveSponsor,LeadQualifier,Pre-SalesConsultant,SalesManager,SalesRep)

CompletingtheArchitecture

TAHSINZULKARNINE 37

thereareadditionalplatformfeaturesthatcouldimpactthesharingsystemyouhavebuilt,whichyoucan’tcodearound.

• Auserwithappropriateaccesstoarecordcanchangeorremoveyourprogrammaticsharesthroughthesharingbuttonontherecord’sdetailpage.

• Auserwithpermissiontoupdatethemembershipofanaccountteamcanchangeorremovesharesyourcodehaswrittentomanageteammembership.

o Thisdoesnotapplytosalesteams,becausetheplatformnowincludestheabilitytodefinetriggersforthesalesteamobjectthatyoucanusetoprotectyourshares.

• AnyApexorAPIoperationperformingDMLonthesharingobjectscouldalsoimpactyoursharingsystem.

GroupMaintenanceTables

• Sharingrowsgrantaccesstousersandgroups,butthedatathatspecifieswhobelongstoeachgroupresidesintheGroupMaintenancetables.

• ThesetablesstoremembershipdataforeverySalesforcegroup,includingsystem-definedgroups.o System-definedgroupsaregroupsofusersthatSalesforcecreatesandmanagesinternallytosupportvarious

featuresandbehaviors,suchasqueues.§ rolehierarchy§ territoryhierarchy§ queues

o User-definedgroupsinSalesforcearegroupsthatdirectlymodifythegroupmembershipobject.Theydifferfromsystem-definedgroupsinthatyoucannotdirectlymodifysystem-definedgroups

§ publicgroups§ privategroups

• Thistypeofmanagementletsthedatathatsupportsqueuesandpersonalorpublicgroupscoexistinthesamedatabasetables,andunifieshowSalesforcemanagesthedata.

GroupsandComposition• Salesforcealsousessystem-definedgroupstoimplementhierarchies.• Duringrecalculation,Salesforcecreatestwotypesofsystem-definedgroups,RolegroupsandRoleAndSubordinates

groups,foreverynodeintherolehierarchy.• Iftheorganizationhasexternalorganization-widedefaultsenabled,athirdtypeofsystem-defined

group,RoleAndInternalSubordinates,iscreated.

Group Consistsof Purpose

Role Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles

Usedtogivemanagersaccesstotheirsubordinates’records

RoleAndSubordinates Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles

Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:

● Aparticularrole● Itssubordinates

RoleAndInternalSubordinates

Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles,excluding

Portalroles

Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:

● Aparticularrole● Itssubordinates,excluding

Portalroles

TAHSINZULKARNINE 38

Allthreegrouptypeshave:

• Indirectmembers,whoinheritrecordaccessfromthegroup’sdirectmembersandareassignedtomanagerroles.• Directmembers,whoaredefinedaccordingtotheirgrouptype

Example

TerritoryManagementGroups● Territorygroup,inwhichuserswhoareassignedtotheterritoryaredirectmembers,whileusersassignedtoterritories

higherinthehierarchyareindirectmembers● TerritoryAndSubordinatesgroup,inwhichuserswhoareassignedtothatterritoryorterritorieslowerinthehierarchy

aredirectmembers,whileusersassignedtoterritorieshigherinthatbranchareindirectmembers

Considerations• Userscan’tmodifysystem-definedgroupsthroughtheuserinterfaceorAPIinthewaysthattheycanpersonaland

publicgroups

Obtainpeakperformance:

• Movingusersfromonegrouptoanothertriggerorganizationwidegroupmembershiplocks,sohighlydynamicgroupscanhaveanegativeimpactonperformance.

• Theusecasewhichwillprovidepeakperformanceincludesagroupofuserswhosharethesamevisibilityanddon’tfrequentlymovefromonegrouptoanotherviaanautomatedprocess.

TAHSINZULKARNINE 39

• Thesharingperformancebenefitwilldecreaseasthenumberofgroupmembersdecreases,andthefrequencyofusermovementwithinthegroupsincreases.

AccessGrantsWhenanobjecthasitsorganization-widedefaultsettoPrivateorPublicReadOnly,Salesforceusesaccessgrantstodefinehowmuchaccessauserorgrouphastothatobject’srecords.Salesforceusesfourtypesofaccessgrants:

1. ExplicitGrantsa. Salesforceusesexplicitgrantswhenrecordsareshareddirectlytousersorgroups.Specifically,

Salesforceusesexplicitgrantswhen:i. Auseroraqueuebecomestheownerofarecord.ii. Asharingrulesharestherecordtoapersonalorpublicgroup,aqueue,arole,oraterritory.1iii. Anassignmentrulesharestherecordtoauseroraqueue.iv. Aterritoryassignmentrulesharestherecordtoaterritory.v. Ausermanuallysharestherecordtoauser,apersonalorpublicgroup,aqueue,arole,ora

territory.2vi. Auserbecomespartofateamforanaccount,opportunity,orcase.vii. Aprogrammaticcustomizationsharestherecordtoauser,apersonalorpublicgroup,a

queue,arole,oraterritoryb. Ifyourorganizationdoesn’thaveanefficientsharingarchitecture,itmightencounterperformance

problemswhenyouuseautomatedprocessesthatgenerateaverylargenumberofexplicitgrants,suchasmajorsalesrealignments

c. d2. GroupMembershipGrants

a. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryisamemberofagroupthathasexplicitaccesstotherecord.

3. InheritedGrantsa. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryinheritsaccessthrough

aroleorterritoryhierarchy,orisamemberofagroupthatinheritsaccessthroughagrouphierarchy.4. ImplicitGrants

a. SsGrantsthatoccurwhennon-configurablerecord-sharingbehaviorsbuiltintoSalesforceSales,Service,andPortalapplicationsgrant

b. accesstocertainparentandchildrecords.

CommonGroupandDataUpdatesInsteadofmovingauserfromonebranchofthehierarchytoanother,wecan:

• Movingaroletoanotherbranchinthehierarchyo Onebenefittomovingawholeroleisthatanyportalaccountssimplymovealongwiththeirparentrole,and

Salesforcedoesn’thavetochangetherelatedsharing.o Ontheotherhand,Salesforcemustdoalloftheworkinvolvedinmovingasingleuserforall

usersintherolebeingmovedandforallofthoseusers’data• Changingtheownerofaportalaccount

o Theeffortrequiredforwhatlookslikeasimpledataupdate—changingthenameoftheuserintheAccountOwnerfield—canbesurprising.

TAHSINZULKARNINE 40

o Whentheoldandnewownersareindifferentroles,Salesforceisnotonlymovingtheportalrolestoanewparentrolebutalsoadjustingthesharingforallthedataassociatedwiththeportalaccount.

GroupMembershipLockingCustomerscanlessenthechanceoflockingerrorsby:

• Schedulingseparategroupmaintenanceprocessescarefullysotheydon’toverlap• Implementingretrylogicinintegrationsandotherautomatedgroupmaintenanceprocessestorecoverfromafailure

toacquirealock• Usingthegranularlockingfeaturetoallowsomegroupmaintenanceoperationstoproceedsimultaneously

Takeaway:TuningGroupMembershipforPerformanceHerearesomespecificsuggestions.

• Identifyuserandgroupupdatesthatarecomplex,suchasuserroleandportalaccountownershipchanges,orupdatesthatinvolvealargeamountofassociateddata.Allowforadditionaltimetoprocessthesechanges.

• Whenmakingchangestothehierarchy,processchangestothebottom(leaf)nodesfirst,thenmoveupwardtoavoidduplicateprocessing.

• Limitthenumberofrecordsofanobjectownedbyasingleuserto10,000.• Rungroupmaintenanceoperationssinglethreadedtopreventlocking.Investigatewhethertheuseofgranularlocking

willallowsomeofyouroperationstorunsimultaneously.• TuneyourupdatesformaximumthroughputbyexperimentingwithbatchsizesandusingthebulkAPI,wherepossible.• Removeredundantpathsofaccess,suchassharingrulesthatprovideaccesstopeoplewhoalreadyhaveitthroughthe

hierarchy

Takeaway:TuningDataRelationshipsandUpdatesforPerformanceHerearesomespecificsuggestions.

• UseaPublicReadOnlyorRead/Writeorganization-widedefaultsharingmodelforallnon-confidentialdata.• Toavoidcreatingimplicitshares,configurechildobjectstobeControlledbyParentwhereverthisconfigurationmeets

securityrequirements.• Configureparent-childrelationshipswithnomorethan10,000childrentooneparentrecord.• Ifyouareencounteringonlyoccasionallockingerrors,seeiftheadditionofretrylogicissufficienttosolvethe

problem.• SequenceoperationsonparentandchildobjectsbyParentIDandensurethatdifferentthreadsareoperatingon

uniquesetsofrecords.• Tuneyourupdatesformaximumthroughputbyworkingwithbatchsizes,timeoutvalues,theBulkAPI,andother

performance-optimizingtechniques

Force.comRecordLockingCheatsheet

http://resources.docs.salesforce.com/194/0/en-us/sfdc/pdf/record_locking_cheatsheet.pdf

TAHSINZULKARNINE 41

ToolsforLarge-ScaleRealignments

ParallelSharingRuleRecalculation

• Normally,whenanadministratorcreates,deletes,oreditsasharingrule,therecalculationrequiredtomakethosechangestakeeffecttisprocessedsynchronously.

• Whenasharingrulechangeaffectsaccessrightstoaverylargeamountofdata,therecalculationcanrunlonger.Inaddition,arecalculationjobcangetkilledifitisrunningwhenSalesforceperformsascheduledfeatureorpatchrelease.

• Ifyouhaveexperiencedlong-runningprocessingtimesorjobsthatwerekilledduringrealignments,considerusingparallelsharingrulerecalculation.

• Whenthisfeatureisturnedon,sharingrulesareprocessedasynchronouslyandsplitintomultiplesimultaneousexecutionthreadsbasedonload.

• Theprocessingisalsomoreresilient;duringaserverrestart,thejobswillbereinstatedonthequeue,andtheprocesswillcontinuewhentheservercomesbackonline.

DeferredSharingMaintenance• Inanenterpriseenvironmentinwhichmultiplesystemsarecontinuallyprocessingupdates,itcanbedifficultto

scheduleanorganizationorsharingrulechangethatmighttakesubstantialtimetocomplete.• Inordertoincreasethepredictabilityofthesekindsofupdates,theLightningPlatformplatformhasrecently

introducedtheconceptofdeferredsharingmaintenance.

Howworksinpractice

1. Basedonrequestsfromthebusiness,anadministratoridentifiesanumberofchangestotherolehierarchyandgroupmembership,orupdatestosharingrules.

2. Givenbestestimatesoftheremainingoverallwork,theadministratornegotiatesamaintenancewindowforcompletingtheprocessing.

3. Thiswindowshouldbemodelledinasandboxenvironmenttogetthebestestimatepossible.

4. Insteadofprocessingeachseparateupdateandwaitingforittocomplete,theadministratorpreparesallthe

informationrequiredtoperformallupdatesaheadoftheplannedmaintenancewindow.5. Atthestartofthemaintenancewindow,theadministratorusesthedeferralfeaturetoessentially“turnoff”processing

ofgroupmaintenanceoperations,andthenmakesallthedesiredchangestoroleandgroupmembershipatthesametime.

6. Sharingruleprocessingisalsodeferredatthistimesotheadministratorcanperformallsharingruleupdates.7. Oncethechangeshavecompleted,theadministratorresumesprocessinggroupmaintenance,andthesystem

performsarecalculationtomakealltheroleandgroupchangestakeeffect.8. Atthispoint,thesystemisinastatethatrequiresafullrecalculationofallsharingrulesforuseraccessrightstobe

completeandaccurate.Theadministratorcanresumesharingruleprocessingimmediatelyorwaittostarttheprocessatalatertime.Afterthesharingrulerecalculationhascompleted,alltheaccesschangestakeeffect.

Howithelps

● Benchmarkhowlongtheoverallrecalculationislikelytotakeinproduction● Smoothoutanykinksinorchestratingdeferredsharingmaintenance● Deferredsharingmaintenancedoesnotdefertherecalculationofimplicitsharingasdescribedintheimplicitsharing

table.Thecascadingeffectstoimplicitsharescontinuetobeprocessedimmediatelywhensharingrulesarechangedbyadministratorsorthroughthecode.

TAHSINZULKARNINE 42

Considerations:

• ifyouareabletonegotiatedowntimewithyourbusinesscustomersandhavebeenstrugglingtocompleteupdatesina

timelyfashion,deferredsharingmightbeagreatsolutiontoyourproblem.

GranularLocking

• LightningPlatformplatformlockstheentiregroupmembershiptabletoprotectdataintegritywhenSalesforcemakeschangestorolesandgroups.

• Thislockingmakesitimpossibletoprocessgroupchangesinmultiplethreadstoincreasethroughputonupdates.• Whenthegranularlockingfeatureisenabled,thesystememploysadditionallogictoallowmultipleupdatestoproceed

simultaneouslyifthereisnohierarchicalorotherrelationshipbetweentherolesorgroupsinvolvedintheupdates.• Administratorscanadjusttheirmaintenanceprocessesandintegrationcodetotakeadvantageofthislimited

concurrencytoprocesslarge-scaleupdatesfaster,allwhilestillavoidinglockingerrors.

KeyAdvantages

● Groupsthatareinseparatehierarchiesarenowabletobemanipulatedconcurrently.● Publicgroupsandrolesthatdonotincludeterritoriesarenolongerblockedbyterritoryoperations.● Userscanbeaddedconcurrentlytoterritoriesandpublicgroups.● Userprovisioningcannowoccurinparallel.

○ Portalusercreationrequireslocksonlyifnewportalrolesarebeingcreated.○ Provisioningnewportalusersinexistingaccountsoccursconcurrently.

● Asingle-longrunningprocess,suchasaroledelete,blocksonlyasmallsubsetofoperations.

SeetableformoredetailsintheotherdocumentConsiderations:

• Theusermustnotownanypartnerorcustomerportalaccounts.• Customersmayconsiderusinggranularlockingiftheyexperiencefrequentandpersistentlockingthatseverelyrestricts

theirabilitytomanagemanualandautomatedupdatesatthesametime,orseverelydegradesthethroughputofintegrationsorotherautomatedgroupmaintenanceoperations.

TAHSINZULKARNINE 43

ClassicEncryptionforCustomFields

RestrictionsEncryptedtextfields:

• Cannotbeunique,haveanexternalID,orhavedefaultvalues.• Forleadsarenotavailableformappingtootherobjects.• Arelimitedto175charactersbecauseoftheencryptionalgorithm.• Arenotavailableforuseinfilterssuchaslistviews,reports,roll-upsummaryfields,andrulefilters.• Cannotbeusedtodefinereportcriteria,buttheycanbeincludedinreportresults.• Arenotsearchable,buttheycanbeincludedinsearchresults.• Arenotavailablefor:ConnectOffline,SalesforceforOutlook,leadconversion,workflowrulecriteriaorformulas,

formulafields,outboundmessages,defaultvalues,andWeb-to-LeadandWeb-to-Caseforms.

BestPractices

• Encryptedfieldsareeditableregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.o Usevalidationrules,field-levelsecuritysettings,orpagelayoutsettingstopreventusersfromediting

encryptedfields.• YoucanstillvalidatethevaluesofencryptedfieldsusingvalidationrulesorApex.• Bothworkregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.• Encryptedfielddataisnotalwaysmaskedinthedebuglog.

o EncryptedfielddataismaskediftheApexrequestoriginatesfromanApexWebservice,atrigger,aworkflow,aninlineVisualforcepage(apageembeddedinapagelayout),oraVisualforceemailtemplate.Inothercases,encryptedfielddataisn’tmaskedinthedebuglog,likeforexamplewhenrunningApexfromtheDeveloperConsole.

• Existingcustomfieldscannotbeconvertedintoencryptedfieldsnorcanencryptedfieldsbeconvertedintoanotherdatatype.

o Toencryptthevaluesofanexisting(unencrypted)field,exportthedata,createanencryptedcustomfieldtostorethatdata,andimportthatdataintothenewencryptedfield.

• MaskTypeisnotaninputmaskthatensuresthedatamatchestheMaskType.o Usevalidationrulestoensurethatthedataenteredmatchesthemasktypeselected.

• Useencryptedcustomfieldsonlywhengovernmentregulationsrequireitbecausetheyinvolvemoreprocessingandhavesearch-relatedlimitations.

TAHSINZULKARNINE 44

SalesforceShield

• SalesforceShieldisatrioofsecuritytoolsthatadminsanddeveloperscanusetobuildanewleveloftrust,transparency,compliance,andgovernancerightintobusiness-criticalapps.

• ItincludesPlatformEncryption,EventMonitoring,andFieldAuditTrail.AskyourSalesforceadministratorifSalesforceShieldisavailableinyourorganization.

PlatformEncryption

• Itenablesyoutoencryptsensitivedataatrest,andnotjustwhentransmittedoveranetwork,soyourcompanycanconfidentlycomplywithprivacypolicies,regulatoryrequirements,andcontractualobligationsforhandlingprivatedata.

• DatastoredinmanystandardandcustomfieldsandinfilesandattachmentsisencryptedusinganadvancedHSM-basedkeyderivationsystem,soitisprotectedevenwhenotherlinesofdefensehavebeencompromised.

EncryptFields1. Makesurethatyourorghasanactiveencryptionkey.Ifyou’renotsure,checkwithyouradministrator.2. FromSetup,intheQuickFindbox,enterPlatformEncryption,andthenselectEncryptionPolicy.3. ClickEncryptFields.4. ClickEdit.5. Selectthefieldsyouwanttoencrypt.6. ClickSave.

FEATURE CLASSICENCRYPTION PLATFORMENCRYPTION

Pricing Includedinbaseuserlicense Additionalfeeapplies

EncryptionatRest NativeSolution(NoHardwareorSoftwareRequired)

EncryptionAlgorithm128-bitAdvancedEncryptionStandard(AES)

256-bitAdvancedEncryptionStandard(AES)

HSM-basedKeyDerivation ManageEncryptionKeysPermission Generate,Export,Import,andDestroyKeys PCI-DSSL1Compliance Masking

MaskTypesandCharacters

ViewEncryptedDataPermissionRequiredtoReadEncryptedFieldValues

EncryptedStandardFields EncryptedAttachments,Files,andContent

EncryptedCustomFieldsDedicatedcustomfieldtype,limitedto175characters

TAHSINZULKARNINE 45

DifferenceBetweenClassicEncryptionandShieldPlatformEncryptionWithShieldPlatformEncryption,youcanencryptavarietyofwidelyusedstandardfields,alongwithsomecustomfieldsandmanykindsoffiles.ShieldPlatformEncryptionalsosupportspersonaccounts,cases,search,approvalprocesses,andotherkeySalesforcefeatures.Classicencryptionletsyouprotectonlyaspecialtypeofcustomtextfield,whichyoucreateforthatpurpose.

ShieldPlatformEncryptionBestPractices• Thisprocesshelpsyoudistinguishdatathatneedsencryptionfromdatathatdoesn’t,sothatyoucanencryptonly

whatyouneedto.

1. Defineathreatmodelforyourorganization.2. Toidentifythethreatsthataremostlikelytoaffectyourorganization.

○ Useyourfindingstocreateadataclassificationscheme,whichcanhelpyoudecidewhatdatatoencrypt.3. Encryptonlywherenecessary.

○ Focusoninformationthatrequiresencryptiontomeetyourregulatory,security,compliance,andprivacyrequirements.Unnecessarilyencryptingdataimpactsfunctionalityandperformance.

○ Balancebusiness-criticalfunctionalityagainstsecurityandriskmeasuresandchallengeyourassumptionsperiodically.

4. Createastrategyearlyforbackingupandarchivingkeysanddata.5. Ifyourtenantsecretsaredestroyed,reimportthemtoaccessyourdata.Youaresolelyresponsibleformakingsurethat

yourdataandtenantsecretsarebackedupandstoredinasafeplace.6. ReadtheShieldPlatformEncryptionconsiderationsandunderstandtheirimplicationsonyourorganization.

○ TestShieldPlatformEncryptioninasandboxenvironmentbeforedeployingtoaproductionenvironment.Encryptionpolicysettingscanbedeployedusingchangesets.

○ Beforeenablingencryption,fixanyviolationsthatyouuncover.○ Whenrequestingfeatureenablement,suchaspilotfeatures,giveSalesforceCustomerSupportseveraldays

leadtime.7. AnalyzeandtestAppExchangeappsbeforedeployingthem.

○ IfyouuseanappfromtheAppExchange,testhowitinteractswithencrypteddatainyourorganizationandevaluatewhetheritsfunctionalityisaffected.

○ Ifanappinteractswithencrypteddatathat'sstoredoutsideofSalesforce,investigatehowandwheredataprocessingoccursandhowinformationisprotected.

○ IfyoususpectShieldPlatformEncryptioncouldaffectthefunctionalityofanapp,asktheproviderforhelpwithevaluation.AlsodiscussanycustomsolutionsthatmustbecompatiblewithShieldPlatformEncryption.

○ AppsontheAppExchangethatarebuiltexclusivelyusingLightningPlatforminheritShieldPlatformEncryptioncapabilitiesandlimitations.

8. Useout-of-the-boxsecuritytools.○ ShieldPlatformEncryptionisnotauserauthenticationorauthorizationtool.

9. GranttheManageEncryptionKeysuserpermissiontoauthorizedusersonly.○ UserswiththeManageEncryptionKeyspermissioncangenerate,export,import,anddestroyorganization-

specifickeys.Monitorthekeymanagementactivitiesoftheseusersregularlywiththesetupaudittrail.

EncryptExistingFieldsforSupportedCustomFieldTypes

Search(UI,PartialSearch,Lookups,CertainSOSLQueries)

APIAccess AvailableinWorkflowRulesandWorkflowFieldUpdates

AvailableinApprovalProcessEntryCriteriaandApprovalStepCriteria

TAHSINZULKARNINE 46

10. ExistingfieldandfiledataisnotautomaticallyencryptedwhenyouturnonShieldPlatformEncryption.Toencryptexistingfielddata,updatetherecordsassociatedwiththefielddata.Toencryptexistingfilesorgethelpupdatingotherencrypteddata,contactSalesforce.

○ allowatleastaweekbeforeyouneedthebackgroundencryptioncompleted.11. Handlecurrencyandnumberdatawithcare.

○ CurrencyandNumberfieldscan’tbeencryptedbecausetheycouldhavebroadfunctionalconsequencesacrosstheplatform

12. Communicatetoyourusersabouttheimpactofencryption.○ BeforeyouenableShieldPlatformEncryptioninaproductionenvironment,informusersabouthowitaffects

yourbusinesssolution.13. Encryptyourdatausingthemostcurrentkey.

○ Whenyougenerateanewtenantsecret,anynewdataisencryptedusingthiskey.However,existingsensitivedataremainsencryptedusingpreviouskeys.Inthissituation,Salesforcestronglyrecommendsre-encryptingthesefieldsusingthelatestkey.ContactSalesforceforhelpwithre-encryptingyourdata.

14. UsediscretionwhengrantingloginasaccesstousersorSalesforceCustomerSupport.○ thatuserisabletoviewencrypteddatainthatfieldinplaintext.

15. IfyouwantSalesforceCustomerSupporttofollowspecificprocessesaroundaskingfororusingloginasaccess,youcancreatespecialhandlinginstructions.

○ Tosetupthesespecialhandlinginstructions,contactyouraccountexecutive.

EventMonitoring

FieldAuditTrail

• FieldAuditTrailletsyouknowthestateandvalueofyourdataforanydate,atanytime.• Youcanuseitforregulatorycompliance,internalgovernance,audit,orcustomerservice.• Builtonabigdatabackendformassivescalability,FieldAuditTrailhelpscompaniescreateaforensicdata-levelaudit

trailwithupto10yearsofhistory,andsettriggersforwhendataisdeleted.

Usage• UseSalesforceMetadataAPItodefinearetentionpolicyforyourfieldhistoryforfieldsthathavefieldhistorytracking

enabled.• ThenuseRESTAPI,SOAPAPI,andToolingAPItoworkwithyourarchiveddata• FieldhistoryiscopiedfromtheHistoryrelatedlistintotheFieldHistoryArchivebigobject.• YoudefineoneHistoryRetentionPolicyforyourrelatedhistorylists,suchasAccountHistory,tospecifyFieldAuditTrail

retentionpoliciesfortheobjectsyouwanttoarchive.• YoucanthendeploythebigobjectbyusingtheMetadataAPI(WorkbenchorAntMigrationTool).

ObjectsSupported

● Accounts,includingPersonAccounts● Assets● Cases● Contacts

● PriceBooks● Products● ServiceAppointments● ServiceContracts

TAHSINZULKARNINE 47

● Contracts● ContractLineItems● Entitlements● Leads● Opportunities

● Solutions● WorkOrders● WorkOrderLineItems● Customobjectswithfieldhistorytrackingenabled

Fieldcan’tbetracked

• Formula,roll-upsummary,orauto-numberfields• CreatedByandLastModifiedBy• ExpectedRevenuefieldonopportunities• MasterSolutionTitleortheMasterSolutionDetailsfieldsonsolutions• Longtextfields• Multi-selectfields

Considerations

Ø HistoryRetentionPolicyisautomaticallysetonthesupportedobjects,onceFieldAuditTrailisenabled.Ø Bydefault,dataisarchivedafter18monthsinaproductionorganization,afteronemonthinasandboxorganization,

andallarchiveddataisstoredfor10years.Ø AfteryoudefineanddeployaFieldAuditTrailpolicy,productiondataismigratedfromrelatedhistoryØ Thefirstcopywritesthefieldhistorythat’sdefinedbyyourpolicytoarchivestorageandsometimestakesalongtime.Ø AboundedsetofSOQLisavailabletoqueryyourarchiveddata.Ø UseAsyncSOQLtobuildaggregatereportsfromacustomobjectbasedonthevolumeofthedatainthe

FieldHistoryArchivebigobject.Ø IfyourorganizationhasFieldAuditTrailenabled,previouslyarchiveddataisn'tencryptedifyouturnonPlatform

Encryptionlater.Ø Ifyourorganizationneedstoencryptpreviouslyarchiveddata,contactSalesforce.

o Weencryptandrearchivethestoredfieldhistorydata,thendeletetheunencryptedarchive.

TAHSINZULKARNINE 48

DataLeakPrevention

AuthorizationAccesstoonlinedataisgenerallyrestrictedtoonlythosewhoare

• identified,• authenticated,• andauthorized.

Thisisaccomplishedinthreemainways:

1. Create,read,update,anddelete(CRUD)settingsDeterminewhichobjectsausercancreate,read,update,anddelete

2. Fieldlevelsecurity(FLS)settingsDeterminewhichfieldsausercanreadandedit

3. SharingRulesDeterminewhichrecordsarevisibletousers

HowtheSalesforcePlatformEnforcesAuthorization?

UserContextTheplatformrunsinusercontextwhen:

• AuserbrowsestheapplicationviathestandardSalesforce-providedUI• AuserviewsaVisualforcepagethatusesastandardcontroller• AuserviewsaVisualforcepagethatreferencesobjectswithstandardobjectnotation• TheplatformexecutesAnonymousApexviaconsoleorAPIcalls• AnapplicationontheplatformmakesastandardAPIcall

SystemContext• Apexgenerallyrunsinsystemcontext;thatis,

o thecurrentuser'spermissions,o field-levelsecurity,o andsharingrulesaren’ttakenintoaccountduringcodeexecution.

• TheonlyexceptionstothisruleareApexcodethatisexecutedwiththe

o executeAnonymouscallo ChatterinApex.

Theplatformexecutescodeinsystemcontextin:

• ApexClasses(includingwebservices)• ApexTriggers• ApexwebservicescalledfromtheAPI

PurposeofMultipleContexts

• Fromasecurityperspective,usercontextispreferablebecauseuseraccesscontrolsaremaintainedthroughoutthetransaction.

TAHSINZULKARNINE 49

o ThisiswhystandardpagesandVisualforcepagesbuiltonstandardcontrollersruninusercontext.• CustomApexandVisualforceapplicationsoftenrequirepermissionsbeyondthescopeofuser'saccess.Systemcontext

providesthenecessaryflexibilityfortheseapplications.

CRUDandFLSEnforcementinVisualForceandLighttning

• WhenrenderingVisualForcepages,theplatformwillautomaticallyenforceCRUDandFLSwhenthedeveloperreferencesSObjectsandSObjectfieldsdirectlyintheVisualForcepage.

• ifauserwithoutFLSvisibility,itbeautomaticallyremovedfromthetable.• Inputtagssuchasapex:inputTextandapex:inputTextAreawillalsoautomaticallyenforceFLSrestrictions.• Lightningcomponentsdon’tautomaticallyenforceCRUDandFLSwhenyoureferenceobjectsorretrievetheobjects

fromanApexcontroller,CRUDandFLSshouldbeenforcedwhenusingthe“@AuraEnabled”notation.

ProtectAgainstCRUDandFLSViolations

• Youcanenforcethesepermissionsinyourcodethatcheckthecurrentuser'saccesspermissionlevelsbyexplicitlycallingthe

o sObjectdescriberesultmethods(ofSchema.DescribeSObjectResult)andfielddescriberesultmethods(ofSchema.DescribeFieldResult)

§ IsCreateable()§ IsAccessible()§ IsUpdateable()§ IsDeleteable()

IsMyApplicationVulnerable?

• CRUDandFLSalwaysneedstobeenforcedforcreate,read,update,anddeleteoperationsonstandardobjects.• Anyapplicationperformingcreates/updates/deletesinApexcode,passingdatatypesotherthanSObjectsto

VisualForcepages,usingApexwebservicesorthe@AuraEnabled”notationshouldbecheckedthatitiscallingtheappropriateaccesscontrolfunctions.

HowCanITestMyApplication?1. DataDisplayedtotheUser

a. ExamineeachVisualForcepageandattheareasonthepagewheredataisembeddedusingmergefields(i.e.{!object.field}).

i. MergefieldsreferencingSObjectdatathroughotherobjectslikestrings,integers,orApexclassesrequirethatthepagecontrollerorcontrollerextensionperformtheappropriateaccesscontrolcheck.

b. ApexwebservicesdonothaveaVisualForcelayertoautomaticallyenforceCRUD/FLSandalwaysneedtocallisAccessible()onallSObjectfieldsbeforereturningdatatotheuser,

i. samegoesforLightningcomponentsorcontrollers.2. Create,Update,andDeleteOperations

a. ExamineeachApexclassthatcallsinsert,update,upsert,delete,orsimilarcommands.i. Forcreateandupdateoperations,eachfieldassignedavaluedirectlyinApexshouldhaveits

describeresultisCreateable()orisUpdateable()methodcheckedbeforeperformingtheoperation.ii. Deleteoperationsoccuratanobjectlevelbynatureandtheobject'sdescriberesultisDeleteable()

methodshouldbecalledinsteadoffield-levelchecks.

TAHSINZULKARNINE 50

b. Apexwebservicesandauraenabledmethodsalwaysneedtoperformtheappropriateaccesscontrolchecksonallobjectsandfieldsbeforeperformingcreate,update,anddeleteoperations.

runAsMethod

• ThesystemmethodrunAsenablesyoutowritetestmethodsthatchangetheusercontexttoanexistinguseroranewusersothattheuser’srecordsharingisenforced.

• TherunAsmethoddoesn’tenforceuserpermissionsorfield-levelpermissions,onlyrecordsharing.• YoucanuserunAsonlyintestmethods.

NestingYoucannestmorethanonerunAsmethod.Forexample:

Useru2=newUser(Alias='newUser',Email='newuser@testorg.com',System.runAs(u2){ //something Useru3=[SELECTIdFROMUserWHEREUserName='newuser@testorg.com']; System.runAs(u3){ }}

OtherUsesofrunAs

• therunAsmethodtoperformmixedDMLoperationsinyourtestbyenclosingtheDMLoperationswithintherunAsblock.

• ThereisanotheroverloadoftherunAsmethod(runAs(System.Version))thattakesapackageversionasanargument.Thismethodcausesthecodeofaspecificversionofamanagedpackagetobeused

TAHSINZULKARNINE 51

InjectionVulnerabilityPrevention

Cross-SiteScripting(XSS)

• XSSisaninjectionvulnerabilitythatoccurswhenanattackercaninsertunauthorizedJavaScript,VBScript,HTML,orotheractivecontentintoawebpage.

• Whenotherusersviewthepage,themaliciouscodeexecutesandaffectsorattackstheuser.basicText=apexpages.currentpage().getparameters().get('text'); outputText = basicText.replace('\r\n','<br/>'); document.getElementById('{!$Component.textOutput}').innerHTML = '<p>{!outputText}</p>';

TypesofXSSAttacks• StoredXSS

o StoredXSSoccurswhenamaliciousinputispermanentlystoredonaserverandreflectedbacktotheuserinavulnerablewebapplication.

• ReflectedXSSo ReflectedXSSoccurswhenmaliciousinputissenttoaserverandreflectedbacktotheuserontheresponse

• DOM-basedXSSo DOM-basedXSSoccurswhenanattackpayloadisexecutedasaresultofmodifyingthewebpage’s

documentobjectmodel(DOM)inthevictimuser’sbrowser.

ImpactofXSS• Arbitraryrequests

o AnattackercanuseXSStosendrequeststhatappeartobefromthevictimtothewebserver.• Malwaredownload

o XSScanprompttheusertodownloadmalware.Sincethepromptlookslikealegitimaterequestfromthesite,theusermaybemorelikelytotrusttherequestandactuallyinstallthemalware.

• Logkeystrokeso Theattackercanmonitorkeyboardentries,possiblyfindingusernamesandpasswordstoaccessaccountsat

laterdates.

CommonXSSMitigations• InputFiltering

o Blacklisting—Specific“bad”charactersorcombinationsofcharactersarebanned,meaningtheycan’tbeenteredorstored.

o Whitelisting—Onlycharactersorwordsfromaknownlistofentriesarepermitted,preventingmaliciousinput

• OutputEncoding

Built-inXSSProtectionsinLightningPlatform• AutomaticHTMLEncoding

o SalesforceautomaticallyHTMLencodesanyvaluesandmergefieldsplacedinHTMLcontext.

TAHSINZULKARNINE 52

o Theplatformchanged"<"and"<"into"<"and">"byautomaticallyHTMLencodingthespecialcharacters.Theplatformtreatsthedataastext,notcode.

o DisablingAutomaticHTMLEncoding§ <apex:outputTextescape="false">

• SalesforceDefaultProtectionsinDifferentExecutionContextso HMTLContexto ScriptContexto StypeContext

PreventXSSinLightningPlatformApplications• IfthevalueisgoingtobeparsedbytheJavaScriptparser,useJSENCODE().• IfthevalueisgoingtobeparsedbytheHTMLparser,useHTMLENCODE().• Ifit’sacombinationofboth…

o UseJSENCODE(HTMLENCODE())o OrJSINHTMLENCODE().

PlatformEncodinginApex• SalesforceprovidesvariousApexencodingfunctionsthroughtheLightningPlatformESAPI,whichexportsglobalstatic

methodsthatyoucanuseinyourpackagetoperformsecurityencoding.• ThispackagecanbeinstalledinanySalesforceorgasanunmanagedpackage.

SOQLInjection

ImpactofSOQLInjection• SinceSOQLisnarrowerthanSQLintermsofwhatausercando,SOQLreducestheattacksurfaceandlimitswhatan

attackercandowithavulnerablequery.o Nocommandexecution,thereforenoabilitytoexploittheunderlyingOSrunningtheSalesforceservice.o Nodeletemethod,thereforenoabilitytointeractdestructively.o Noinsertorupdatemethods,thereforenoabilitytoadddata,useraccounts,orpermissionstothesystem

• AnattackerwhoisabletosuccessfullyexploitSOQLinjectioncanaccessfieldsthatadeveloperdidnotintendtorevealorthatausershouldnotordinarilyhaveaccessto.

SOQLInjectionPrevention• Staticquerieswithbindvariables• String.escapeSingleQuotes()• Typecasting• Replacingcharacters

o Usevar.replaceAll('[^\w]','')• Whitelisting

TAHSINZULKARNINE 53

StoringSensitiveData• Sensitivedataisalsocalledpersonally-identifyinginformation(PII)orhighbusinessimpact(HBI)data.

SensitiveData-Whatisit?Sensitivedatacaninclude:

● Passwords● Passphrases● Encryptionkeys● OAuthtokens● Purchaseinstruments,suchascreditcardnumbers● Personalcontactinformationsuchasnames,phonenumbers,emailaddresses,accountusernames,physicaladdresses,

andmore● Demographicinformationsuchasincome,gender,age,ethnicity,education● Insomestatesandcountries:machineidentifyinginformationsuchasMACaddress,serialnumbers,IPaddresses,and

Measures

HardcodedSecrets• Storingsensitiveinformationinthesourcecodeofyourapplicationmightnotalwaysbeagoodpractice,anyone

thathasaccesstothesourcecodecanviewthesecretsincleartext.

DebugLogs• Debuglogsinapexcodeshouldnotcontainanysensitivedata• Sensitiveinformationshouldalsobenotbesentto3rdpartybyemailsorothermeansaspartofreporting

possibleerrors.

SensitiveInfoinURL• Longtermsecretslikeusername/passwords,APItokensandlonglastingaccesstokensshouldnotbesentvia

GETparametersinthequerystring.• ItisfinetosendshortlivedtokenslikeCSRFtokensintheURL.SalesforcesessionidoranyPIIdatashouldnotbe

sentoverURLtoexternalapplications.

Salesforce.comIntegrations• ExternalapplicationsshouldnotstoreSalesforce.comusercredentials(usernames,passwords,orsessionID's)in

externaldatabases.• InordertointegrateanexternalapplicationwithSalesforce.comuseraccounts,theOAuthflowshouldbeused.

SampleVulnerability

• Ifyoumuststorepasswords(includingnon-Salesforcepasswords),notethatstoringtheminplaintextorhashed(suchaswiththeMD5function)makesyourapplicationvulnerabletomassuserexploitation

• ifanattackercangetaccess(evenjustread-onlyaccess)toyourdatabase(suchasthroughstealingabackuptapeorSQLinjection).

• AlthoughasuccessfulSQLinjectionordataexposureattackisahugeprobleminitself,iftheattackercanrecoverpasswordsfromthedata,theycantransparentlycompromiseuseraccountsonamassscale.

TAHSINZULKARNINE 54

SecuringDatainApplication

IsMyApplicationVulnerable?

• Ifyourapplicationstoresthesalesforce.comuserpassword,yourapplicationmaybevulnerable.

• Ifyourapplicationcollectsotherformsofsensitivedata,yourapplicationmaynotbecompliantwithindustrystandardsandtheleakageofthatsensitivedatamaycauseasignificantprivacyincidentwithlegalconsequences.

HowCanITestMyApplication?

• Reviewtheschemeusedtostoresensitivedataandidentifyinformationcollectedinusecasesandworkflows.

HowDoIProtectMyApplication?Consideranapplicationthatmustauthenticateusers.

• Wehavetostoresomeformoftheuser’spasswordinordertoauthenticatethem.

• Wedon’twanttostorethepasswordinplaintextform

Problem1

• Wecouldencryptthepasswords,butthatwouldrequireanencryptionkey — andwherewouldwestorethat?

Ø Developershavehistoricallyusedacryptographichashfunction,aone-wayfunctionthatis(supposedly)computationallyinfeasibletoreverse.Theythenstorethehashoutput:

hash=md5 #orSHA1,orTiger,orSHA512,etc.storedPasswordHash=hash(password)authenticated?=hash(password)==storedPasswordHash

• Theplaintextpasswordisneverstored.

Problem2• theattackercaneasilypre-computethehashesofalargepassworddictionary.Thentheattackermatchestheir

hashestothoseintheirstolendatabase.

• Toaddressthisproblem,developershavehistorically“salted”thehash:

salt=generateRandomBytes(2)storedPasswordHash=salt+hash(salt+password)

• Thegoalistomakeattackershavetocomputeamuchlargerdictionaryofhashes• Theonlyobstaclehereisthecostofthecomputingresourcesrequiredtoperformthesecalculations,andasingle

roundofMD5orSHA-1isnolongerexpensiveenoughtoslowattackersdown.

Problem3• Fast,cheapandhighlyparallelcomputationonspecializedhardwareorcommoditycomputeclustersmakesbrute

forcesearchwithadictionaryquiteaffordableandaccessible,eventoadversarieswithfewresources.

TAHSINZULKARNINE 55

Ø ThecanonicalsolutionisbcryptbyNielsProvosandDavidMazières.Theideaisthatwetunethehashingfunctiontobe

pessimal;ProvosandMazièresuseamodifiedformoftheBlowfishciphertopessimizeitsalready-slowsetuptimeØ Thebenefitofthisapproachisthatitslowsdowntheattackergreatly,butfortheapplicationtoverifyasingle

passwordcandidatestilltakesessentiallynotime.

ApexandVisualforceApplicationsTherearemultiplewaystoprotectsensitivedata,dependingonthetypeofsecretbeingstored,whoshouldhaveaccess,andhowthesecretshouldbeupdated.

Ø ProtectedCustomMetadataTypeso Withinanamespacedmanagedpackage,protectedcustommetadatatypesaresuitableforstoring

authenticationdataandothersecretso .CustommetadatatypescanalsobeupdatedviatheMetadataAPIintheorganizationthatcreatedthetype,

andcanberead(butnotupdated)atruntimeviaSOQLcodewithinanapexclassinthesamenamespaceasthemetadatatype.

Ø ProtectedCustomSettingso SettingthevisibilityoftheCustomSettingDefinitionto“Protected”andincludingitinamanagedpackage

ensuresthatit’sonlyaccessibleprogrammaticallyviaApexcodethatexistswithinyourpackageo Unlikecustommetadatatypes,customsettingscanbeupdatedatruntimeinyourApexclass,butcannotbe

updatedviatheMetadataAPI.o The“transient”keywordshouldbeusedtodeclareinstancevariableswithinVisualforcecontrollerstoensure

theyarenottransmittedaspartoftheviewstate.Ø ApexCryptoFunctions

o TheApexcryptoclassprovidesalgorithmsforcreatingdigests,MACs,signaturesandAESencryption.o WhenusingthecryptofunctionstoimplementAESencryption,keysmustbegeneratedrandomlyandstored

securelyinaProtectedCustomSettingorProtectedCustomMetadatatype.o NeverhardcodethekeyinwithinanApexclass.

Method SupportedStandards

Encrypt()EncryptWithManagedIv()Decrypt()DecryptWithManagedIv()

AES128,AES192,AES256forencryption.PCKS#5paddingandCipherBlockChaining.

generateDigest()generateMac()

MD5,SHA1,SHA256,SHA512

sign() SHA1withRSA

Ø EncryptedCustomFieldso Encryptedcustomfieldsaretextfieldsthatcancontainletters,numbers,orsymbolsbutareencryptedwith

128-bitkeysandusetheAESalgorithm.o Thevalueofanencryptedfieldisonlyvisibletousersthathavethe“ViewEncryptedData”permission.o Wedonotrecommendstoringauthenticationdatainencryptedcustomfields,howeverthesefieldsare

suitableforstoringothertypesofsensitivedata(creditcardinformation,socialsecuritynumbers,etc).• NamedCredentials

o NamedCredentialsareasafeandsecurewayofstoringauthenticationdataforexternalservicescalledfromyourapexcodesuchasauthenticationtokens.

TAHSINZULKARNINE 56

o Beawarethatuserswithcustomizeapplicationpermissioncanviewnamedcredentials,soifyoursecuritypolicyrequiresthatthesecretsbehiddenfromsubscribers,thenpleaseuseaprotectedcustommetadatatypeorprotectedcustomsetting.

GeneralGuidanceWhenstoringsensitiveinformationonamachine:

● Allauthenticationsecretsmustbeencryptedwhenstoredondisk.● Forclientappsrunningonadesktop,laptop,tablet,ormobiledevice,storeallsecretsinthevendorprovidedkey

store(keychaininOSX/iOSdevices,keystoreinAndroiddevices,orintheregistryprotectedwiththeDP-APIonwindowsdevices.)Thisisahardrequirementtopassthesecurityreview.

● Forservicesrunningonserversthatmustbootwithoutuserinteraction,storesecretsinadatabaseencryptedwithakeynotavailabletothedatabaseprocess.Theapplicationlayershouldprovidethekeyasneededtothedatabaseatruntimeorshoulddecrypt/encryptasneededinitsownprocessspace.

● Donotstoreanycryptographickeysusedforprotectingsecretsinyourapplicationcode● Salthashes,andifpossiblestoresaltsandhashesseparately● Leveragestrongplatformcryptographicsolutions● Checkifframeworks/platformshavealreadyaddressedtheproblem● UseSSL/TLStotransmitsensitivedata

ASP.NET• ASP.NETprovidesaccesstotheWindowsCryptoAPIsandDataProtectionAPI(DPAPI).• Thisisintendedtobeusedforthestorageofsensitiveinformationlikepasswordsandencryptionkeysifthe

DataProtectionPermissionhasbeengrantedtothecode.• ThestrongestsolutionforASP.NETwouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,

suchasacryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingtheunderlyingCryptoAPIwithavendorsuppliedCryptoAPICryptographicServiceProvider(CSP).

Java• JavaprovidestheKeyStoreclassforstoringcryptographickeys.Bydefaultthisusesaflatfileontheserverthatis

encryptedwithapassword.Forthisreason,analternativeCryptographicServiceProvider(CSP)isrecommended.• ThestrongestsolutionforJavawouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,suchas

acryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingthevendor'ssuppliedCSPinthatjava.securityconfigurationfile

• WhennotusingaCSP,iftheproductisaclientapplication,youmustuseJAVAbindingstostorethepassphraseprotectingthekeystoreinthevendorprovidedkeystore

PHP• PHPdoesnotprovidecryptographicallysecurerandomnumbergenerators.Makesuretouse/dev/urandomasthe

sourceforrandomnumbers.• Usethemcryptlibraryforcryptographyoperations.Saltedhashesandsaltscouldbesubsequentlystoredina

database.• Aframeworkcalledphpassoffers"OpenBSD-styleBlowfish-basedbcrypt"forPHP.• Forclientapps,youmustusenativebindingstostoreusersecretsinthevendorprovidedkeystore.

RubyonRails

• ThereisacopyofbcryptspecificallyforRubycalledbcrypt-ruby.• Forclientapps,youmustuserubybindingstostoresecretsinthevendorprovidedkeystore.

TAHSINZULKARNINE 57

Python

• Useamodulethatinteractswiththevendorprovidedkeystoressuchasthepythonkeyringmodule.

Flash/Airapps

• UsetheEncryptedLocalStorewhichcontainsbindingstousevendorprovidedkeystorestostoresecrets.

sharing designer guidesharing and visibility designer – study guide tahsin zulkarnine 1 sharing...

Documents

sharing science: air quality · sharing science: air...

web designer / graphic designer / ui designer portfolio

makingmaps.files.wordpress.com · 2011-10-17 · dick rutan...

the gigamon visibility platform - exclusive...

a brave new world of data sharing between utility...

stopping malicious users with office 365 cloud app...

the outlook for national-scale ceiling and visibility...

our creative cities online: making connections, improving...

resilience & data in new zealand: the data …inventory...

total visibility

asset visibility service (avs) - frequently asked...

farib alvarez joins 24-7 international as senior...

moving towards harmonization of disaster data: a study of...

think visibility

security intelligence sharing - anomali ·...

marine product catalog - cats, s.l. · aesthetic design,...

data sharing and metadata curation: obstacles and strategies...

thieme sharing guide · thieme sharing guide maximise the...

visibility graphics

www.sti-innsbruck.at © copyright 2012 sti innsbruck ...