sharing designer guidesharing and visibility designer – study guide tahsin zulkarnine 1 sharing...
TRANSCRIPT
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 1
SharingandVisibilityDesignerStudyGuide
Force.comSecurity..................................................................................................................................................................................6Usersandsecurity...............................................................................................................................................................................6UserPassword.................................................................................................................................................................................6UserAuthentication........................................................................................................................................................................6Network-basedSecurity..................................................................................................................................................................6SessionSecurity...............................................................................................................................................................................6Auditing............................................................................................................................................................................................6DataAuditing...................................................................................................................................................................................6
Programmaticsecurity........................................................................................................................................................................7SecurityTokens................................................................................................................................................................................7OAuth...............................................................................................................................................................................................7
Platformsecurityframework..............................................................................................................................................................7SystemPermissions.........................................................................................................................................................................7
AdministrativePermissions.................................................................................................................................................................................7Reports.................................................................................................................................................................................................................7Data......................................................................................................................................................................................................................7
ComponentPermissions.................................................................................................................................................................8Record-basedSharing......................................................................................................................................................................8
Organization-wideDefaults.................................................................................................................................................................................8Sharing.................................................................................................................................................................................................................8
SharingArchitecture................................................................................................................................................................................9Licenses................................................................................................................................................................................................9FullSharingModelUsageUsers/Licenses.......................................................................................................................................9HighVolumeCustomerPortalLicense............................................................................................................................................9ChatterFreeLicense........................................................................................................................................................................9CommunityLicense.........................................................................................................................................................................9
CommunityLicensesandlimits.........................................................................................................................................................................10Components......................................................................................................................................................................................10ControlDataAccess.......................................................................................................................................................................11ProfilesandPermissionSet...........................................................................................................................................................11RecordOwnershipandQueues....................................................................................................................................................11OrganizationwideDefaults...........................................................................................................................................................11RoleHierarchy...............................................................................................................................................................................12PublicGroups.................................................................................................................................................................................12Ownership-basedSharingRules....................................................................................................................................................13Criteria-basedSharingRules.........................................................................................................................................................13ManualSharing..............................................................................................................................................................................13Teams.............................................................................................................................................................................................13TerritoryHierarchy........................................................................................................................................................................13AccountTerritorySharingRules....................................................................................................................................................14ProgrammaticSharing...................................................................................................................................................................14ImplicitSharing..............................................................................................................................................................................14
Sharingbetweenaccountsandchildrecords...................................................................................................................................................15Sharingbehaviorforportalusers......................................................................................................................................................................15
Considerationswhenterritorymanagementisneed.......................................................................................................................15WhathappenstotheRoleHierarchy?..........................................................................................................................................15CanYouStillUseTeams?..............................................................................................................................................................15RealignmentandReassignment....................................................................................................................................................16
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 2
LargeDataVolumes.......................................................................................................................................................................16DeferSharingCalculations............................................................................................................................................................16DataSkews/OwnershipSkews......................................................................................................................................................16AccountDataSkew........................................................................................................................................................................16
HowtoAvoidAccountDataSkew.....................................................................................................................................................................16TheAccountHierarchiesImpactonDataAccess.........................................................................................................................16
Troubleshooting................................................................................................................................................................................17TerritoryManagement..........................................................................................................................................................................18Setup..................................................................................................................................................................................................18TerritoryModel.................................................................................................................................................................................18TerritoryModelState........................................................................................................................................................................19AssignmentRule................................................................................................................................................................................19Filter-basedopportunityterritoryassignment.................................................................................................................................19GettheMostfromTerritoryManagement......................................................................................................................................20ReportonTerritories.........................................................................................................................................................................20Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)................................................................21PermissionsAffectEnterpriseTerritoryManagement?...................................................................................................................21Considerations:..................................................................................................................................................................................21
Account&OpportunityTeams..............................................................................................................................................................22AccountTeams..................................................................................................................................................................................22
SetUpandManageAccountTeams.................................................................................................................................................................22EnableAccountTeams............................................................................................................................................................................22CustomizeAccountTeamRoles..............................................................................................................................................................22Considerations.........................................................................................................................................................................................22
AddAccountTeamMembers............................................................................................................................................................................22ConsiderationsforRemovingAccountTeamMembers...................................................................................................................................22AccountTeamFields..........................................................................................................................................................................................23
OpportunityTeams............................................................................................................................................................................23UnderstandingSharing..........................................................................................................................................................................24ManagedSharing...............................................................................................................................................................................24UserManagedSharing......................................................................................................................................................................24ApexManagedSharing......................................................................................................................................................................24TheSharingReasonField..................................................................................................................................................................24AccessLevels.....................................................................................................................................................................................25SharingConsiderations..................................................................................................................................................................25
SecurityandSharinginCustomer&PartnerCommunity................................................................................................................26ShareGroup...................................................................................................................................................................................26SharingSets...................................................................................................................................................................................26
ObjectsSupported.............................................................................................................................................................................................26Userlicenses......................................................................................................................................................................................................26Usage..................................................................................................................................................................................................................27
SharingDatawithPartnerUsers.......................................................................................................................................................27Groups/Categories........................................................................................................................................................................27Usage.............................................................................................................................................................................................27
ApexManagedSharing......................................................................................................................................................................28SharingaRecordUsingApex.........................................................................................................................................................28ShareObjectProperties................................................................................................................................................................28CreatingUserManagedSharingUsingApex................................................................................................................................29CreatingApexManagedSharing...................................................................................................................................................29ApexSharingReasonCreation......................................................................................................................................................29Considerations...............................................................................................................................................................................30
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 3
CreatingApexManagedSharingforCustomerCommunityPlususers.......................................................................................30Waystoshare:...................................................................................................................................................................................................30
ApexSharingRecalculation...........................................................................................................................................................30AssociateanApexmanagedsharingrecalculationclass..................................................................................................................................30
Considerationsforrecalculations.................................................................................................................................................30WithSharing..................................................................................................................................................................................31WithoutSharing.............................................................................................................................................................................31InheritedSharing...........................................................................................................................................................................31
EnforcingSharingRules.....................................................................................................................................................................31WhoCanSeeMyFile?...........................................................................................................................................................................33Actionsforyourfilepermissions.......................................................................................................................................................33Considerations...................................................................................................................................................................................33
CreateaCustomListViewinSalesforceClassic...................................................................................................................................34USERPERMISSIONSNEEDED...................................................................................................................................................................34
Considerations...................................................................................................................................................................................34ShareaReportorDashboardFolderinSalesforceClassic...................................................................................................................34
USERPERMISSIONSNEEDED...................................................................................................................................................................34AccessandLimits...............................................................................................................................................................................34
DesigningRecordLevelAccessforEnterpriseScale.............................................................................................................................36SurvivingOwnerChangeOperations................................................................................................................................................36UsingApexSharingReasons.........................................................................................................................................................36UsingOutboundMessaging..........................................................................................................................................................36UsingaTrigger...............................................................................................................................................................................36UsingaShadowTable....................................................................................................................................................................36CompletingtheArchitecture.........................................................................................................................................................36
GroupMaintenanceTables...............................................................................................................................................................37GroupsandComposition...............................................................................................................................................................37Example.........................................................................................................................................................................................38TerritoryManagementGroups.....................................................................................................................................................38Considerations...............................................................................................................................................................................38Obtainpeakperformance:............................................................................................................................................................38
AccessGrants.....................................................................................................................................................................................39CommonGroupandDataUpdates...................................................................................................................................................39GroupMembershipLocking..............................................................................................................................................................40Takeaway:TuningGroupMembershipforPerformance.................................................................................................................40Takeaway:TuningDataRelationshipsandUpdatesforPerformance.............................................................................................40Force.comRecordLockingCheatsheet.............................................................................................................................................40ToolsforLarge-ScaleRealignments..................................................................................................................................................41ParallelSharingRuleRecalculation...............................................................................................................................................41DeferredSharingMaintenance.....................................................................................................................................................41
Howworksinpractice.......................................................................................................................................................................................41Howithelps.......................................................................................................................................................................................................41Considerations:..................................................................................................................................................................................................42
GranularLocking............................................................................................................................................................................42KeyAdvantages..................................................................................................................................................................................................42Considerations:..................................................................................................................................................................................................42
ClassicEncryptionforCustomFields....................................................................................................................................................43Restrictions........................................................................................................................................................................................43BestPractices.....................................................................................................................................................................................43
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 4
SalesforceShield....................................................................................................................................................................................44PlatformEncryption...........................................................................................................................................................................44EncryptFields................................................................................................................................................................................44DifferenceBetweenClassicEncryptionandShieldPlatformEncryption.....................................................................................45ShieldPlatformEncryptionBestPractices....................................................................................................................................45
EventMonitoring...............................................................................................................................................................................46FieldAuditTrail..................................................................................................................................................................................46Usage.............................................................................................................................................................................................46ObjectsSupported.........................................................................................................................................................................46Fieldcan’tbetracked....................................................................................................................................................................47Considerations...............................................................................................................................................................................47
DataLeakPrevention............................................................................................................................................................................48Authorization.....................................................................................................................................................................................48HowtheSalesforcePlatformEnforcesAuthorization?....................................................................................................................48UserContext..................................................................................................................................................................................48SystemContext..............................................................................................................................................................................48
PurposeofMultipleContexts............................................................................................................................................................48CRUDandFLSEnforcementinVisualForceandLighttning..............................................................................................................49ProtectAgainstCRUDandFLSViolations.........................................................................................................................................49IsMyApplicationVulnerable?...........................................................................................................................................................49HowCanITestMyApplication?.......................................................................................................................................................49
runAsMethod........................................................................................................................................................................................50Nesting...............................................................................................................................................................................................50OtherUsesofrunAs..........................................................................................................................................................................50
InjectionVulnerabilityPrevention.........................................................................................................................................................51Cross-SiteScripting(XSS)....................................................................................................................................................................51TypesofXSSAttacks......................................................................................................................................................................51ImpactofXSS.................................................................................................................................................................................51CommonXSSMitigations..............................................................................................................................................................51Built-inXSSProtectionsinLightningPlatform..............................................................................................................................51PreventXSSinLightningPlatformApplications............................................................................................................................52PlatformEncodinginApex............................................................................................................................................................52
SOQLInjection...................................................................................................................................................................................52ImpactofSOQLInjection...............................................................................................................................................................52SOQLInjectionPrevention............................................................................................................................................................52
StoringSensitiveData............................................................................................................................................................................53SensitiveData-Whatisit?................................................................................................................................................................53Measures...........................................................................................................................................................................................53HardcodedSecrets........................................................................................................................................................................53DebugLogs....................................................................................................................................................................................53SensitiveInfoinURL......................................................................................................................................................................53Salesforce.comIntegrations..........................................................................................................................................................53
SampleVulnerability..........................................................................................................................................................................53SecuringDatainApplication.................................................................................................................................................................54IsMyApplicationVulnerable?...........................................................................................................................................................54HowCanITestMyApplication?.......................................................................................................................................................54HowDoIProtectMyApplication?....................................................................................................................................................54
Problem1...........................................................................................................................................................................................................54Problem2...........................................................................................................................................................................................................54
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 5
Problem3...........................................................................................................................................................................................................54ApexandVisualforceApplications................................................................................................................................................55
GeneralGuidance..............................................................................................................................................................................................56ASP.NET..........................................................................................................................................................................................56Java................................................................................................................................................................................................56PHP.................................................................................................................................................................................................56RubyonRails..................................................................................................................................................................................56Python............................................................................................................................................................................................57Flash/Airapps................................................................................................................................................................................57
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 6
Force.comSecurity
Usersandsecurity
UserPassword• PasswordPoliciesletsyoudeterminepasswordexpiration,minimumpasswordcomplexityrequirementsandlockout
periods. • Resetpasswordofselectedusers.
UserAuthentication• DelegatedAuthentication
o auserlogsintotheplatformasusual,buttheplatformusesawebservicecallouttosubmittheusernameandpasswordtoanexternalauthorizationauthority.
o Oncethatauthorityapprovesthelogon,theapprovalispassedbacktotheplatformandtheusercanproceed.
• SecurityAssertionMarkupLanguage(SAML)o UsingSAML,yourrequestgoestotheSAML"identityprovider",aloginpagehostedbyyourorganizationthat
validatesyouridentityandreturnsatoken.o Thetokenispassedtotheplatform,whichverifiestheuserbyvalidatingthatitissignedbytheappropriate
identityprovider.o Thisapproachistypicallyusedwhenyourusersareaccessingyourplatformapplicationsthroughaportal,
whichwouldhandletheinitialauthenticationandavoidtheneedtologintoForce.comagain.
Network-basedSecurity• Thefirstoptionistoallowfromusersfromtrustedlocations,butchallengethemwhentheycomefromnewand
untrustedlocations.Setup|SecurityControls|NetworkAccessallowsyoutowhitelistasetofIPaddressrangesthatyoutrust.
• IfaprofilehasLoginIPrestrictionsdefined,anyuserwiththatprofilecanonlylogintotheplatformfromthoseIPaddresses.
• ThelimitationsimposedonIPaddressesareusedtohelpprotectagainstphishingattacks.
SessionSecurity• TheSetup|SecurityControls|SessionSettingspageletsyoucontrolthissession.
o sessiontimeouto allpagesalwaysbeaccessedusingasecureconnection
Auditing• Setup|ManageUsers|LoginHistorydisplaysthelast20loginstoyourorganization,aswellasaccesstodownload6
monthsworthoflogindata,whichincludesIPaddresses,browsertypesandsoon.• TheSetup|SecurityControls|ViewSetupAuditTrailpageletsyouauditmetadataandsystemchanges.
DataAuditing• Object-levelauditingtrackschangesintheoverallobjectrecords,suchasrecordcreation.• Youcanalsoenableauditingforindividualfields,automaticallytrackinganychangesinthevaluesofselectedfields.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 7
Programmaticsecurity
SecurityTokens• TheemailchallengemechanismisawaytoallowausertologinfromoutsideofanIPrange.• IfaclientisrunfromahostoutsidethewhitelistedIPranges,theclienthastoappendasecuritytokentothepassword
oftheuserthatisbeingauthorized.
OAuth• OAuthisanopenprotocolthatallowsawebsitetoaccessresourcesofanotherwebsitewithouthavingtoexposea
user'scredentials.• Insteadofsupplyingausernameandpassword,OAuthallowsuserstohandoutsecuritytokenstospecificsitesfor
accesstospecificresourcesforadefinedduration.
Platformsecurityframework
SystemPermissions• Systempermissionsaregrantedtoprofiles
AdministrativePermissions• ManageUsers-allowsusertomodifyalluserattributes.• API-enabled-Withoutthispermission,ausercannotaccesstheForce.comsystemfromoutsideoftheenvironment.• API-OnlyUser-preventsuserswiththispermissionintheirprofilefromloggingintotheForce.complatform,except
throughoneoftheWebservicesAPIs.• ViewSetupandConfiguration-allowsuserstoviewcompleteSetupmenu,withouttheabilitytomakechanges.• Passwordneverexpires-asitsays.• Customizeapplication-allowscompleteeditingaccesstooptionsforForce.comapplications• EditHTMLTemplates,ManageLetterheads,ManagePublicTemplates-allrelatedtocomponentsusedforForce.com
messages.• AuthorApex-allowsuserswiththispermissionintheirprofiletocreateandeditApex.RequirestheModifyAllData
permissionasaprerequisite.
Reports• CreateandCustomizeReports-grantsaccesstocreatenewreportsormodifyexistingreports.• RunReports-allowsuserstoaccessthereportstab.• ExportReports-allowsuserstoexportdatafromreportstoanExcelspreadsheetformat.• ManageCustomReportTypes,ManageDashboards,ManagePublicReports,ScheduleDashboards-allowsusersto
manageandmodifytherespectivecomponenttypes.Data
• Thefollowingpermissionsregarddatamanipulation,butfromanadministrativeperspective.SeeRecord-basedSharingforadeveloperperspective:
• ModifyAllData-averypowerfulpermissionthat,ifgrantedglobally,allowsuserstomodifyalldataintheForce.com
organization.• ViewAllData-allowsusertoseealldataintheForce.comorganization,ifgrantedglobally.• EditRead-OnlyFields-allowsuserswiththispermissionintheirprofiletoeditread-onlylimitationssetinapagelayout.• ViewEncryptedData-allowsuserswiththispermissionintheirprofiletoseeplaintextrepresentationofencrypted
data.• WeeklyDataExport-allowsuserswiththispermissionintheirprofiletoperformaweeklydataexport.• DisableOutboundMessaging-preventstheuseofoutboundmessagingfortheprofile.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 8
ComponentPermissionsForce.complatformalsoallowsyoutosetpermissionsonindividualForce.comcomponents:
• Applications• Tabs• Recordtypes• Apexclasses• Visualforcepages
Ø However,permissionsetsandprofilesdon’tincludeaccessforsomecustomprocessesandappsØ Custompermissionsletyoudefineaccesschecksthatcanbeassignedtousersviapermissionsetsorprofiles,similarto
howyouassignuserpermissionsandotheraccesssettings.Youcanquerycustompermissionsintheseways.
• Todeterminewhichusershaveaccesstoaspecificcustompermission,useSalesforceObjectQueryLanguage(SOQL)withtheSetupEntityAccessandCustomPermissionsObjects.
• Todeterminewhatcustompermissionsusershavewhentheyauthenticateinaconnectedapp,referencetheuser'sIdentityURL,whichSalesforceprovidesalongwiththeaccesstokenfortheconnectedapp.
Record-basedSharing
Organization-wideDefaults• Specifytheabsoluteminimumlevelofaccesstotherecordsinanobject.
Sharing• Manually
o Thisbuttonisonalldetailpagesbydefault,althoughthebuttoncanberemovedfromapagelayout.o TheSharebuttonwillnotappearforrecordswhoseorganization-widedefaultissettoPublicRead-Write,as
thereisnoneedtograntfurthersharingprivilegesforrecordsinthisobject.• Sharingrules
o Youcansharerecordstoaroleoragroup,orwithaterritory,whichisdesignedtosupportCRMimplementations.
• Apexo eitherbyautomaticallyassigningsharingwhenarecordiscreated,orbyusingtheApexmanagedsharing
(whichonlyappliestocustomobjects.)
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 9
SharingArchitecture
Licenses
FullSharingModelUsageUsers/Licenses• MostStandardSalesforcelicensetypestakefulladvantageofthesharingmodelcomponents.• Thelicensemightnotmakeamoduleaccessible,orevensomeobjectsaccessible.Forexample,theForce.comFree
editioncan'taccessanyCRMobjects.• However,thesharingentities,andfunctionality,stillexistsandisreadywhenandifthemoduleeverdoesbecome
active.
HighVolumeCustomerPortalLicense• HighVolumeCustomerPortal(HVPU)licenseusers(includingCommunityandServiceCloudlicenseusers)donotutilize
thesharingmodel.• HVPUlicenseshavetheirownsharingmodelthatworksbyforeignkeymatchbetweentheportaluser(holdingthe
license)andthedataonAccountandContactlookups.• HVPUlicenseisonlyusedfortheCustomerPortalandnotthePartnerPortal.
ChatterFreeLicense• TheChatterFreelicensedoesn'tfollowthestandardsharingmodel.• ChatterFreeisacollaboration-onlylicensewiththefollowingfeatures:Chatter,Profile,People,Groups,Files,Chatter
Desktop,andlimitedSalesforce1appaccess.• Thelicensedoesn'thaveaccesstoCRMrecords(standardorcustomobjects)andContentfunctionality,andtherefore,
thereisnosharing.
CommunityLicense
1. CustomerCommunitya. BasicLicenseb. Don’thaveanyroles,socan’tusesharingrulesbutcanusesharingserandgroups.
2. CustomerCommunityPlusa. CustomerCommunity+
i. Reportsanddashboardsii. Delegatedadminiii. Contentlibrariesiv. Recordsacrossaccounts
3. PartnerCommunitya. CustomerCommunity+
i. Leadsandopportunitiesii. Campaigns
Ø CustomerandCustomerCommunityPluslicensesrequireuniqueusernameswithintheSalesforceorgthata
communitybelongsto.Ø PartnerCommunitylicensesandEmployeeCommunitylicensesrequireuniqueusernamesacrossallSalesforceorgs
thattheuserbelongsto.Ø Communitieslicensesareassociatedwithusers,notaspecificcommunity.Ø Unlikeothercommunityusers,high-volumecommunityusersdon’thaveroles,whicheliminatesperformanceissues
associatedwithrolehierarchycalculations
CustomerCommunity CustomerCommunity
PlusPartnerCommunity EmployeeCommunity
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 10
SharingSet
ShareGroup
AccountTeamSharing CaseTeamSharing OpportunityTeamSharing
ManualSharing RoleHierarchy SharingRules ApexSharing
CommunityLicensesandlimits
• InEnterprise,Performance,andUnlimitedorgs,youcancreateupto100communitieswithoutbuyingcommunitieslicenses.
• Thedefaultnumberofrolesperorgis5,000• Unauthenticatedorguestuserswhoaccessyourcommunitydonotuseupanyofyourcommunity'slicenses.• However, to create communities using the Partner Central template, you need to purchase at least one Partner
Communitylicense.• Evenwithoutcommunities’licenses,
o externalusershavesomeaccesstoyourcommunitieso useyourcommunityasapublicknowledgebaseforunauthenticated(orguest)users
• Purchase Community Cloud licenses to allowmembers to log in or give access to Salesforce objects based on yourbusiness needs.
CommunityLicenseType NumberofUsers
PartnerorCustomerCommunityPlus 1millionCustomer 10million SalesforceEdition NumberofPageViews
EnterpriseEdition 500,000/monthUnlimitedEdition Onemillion/month
Components
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 11
ControlDataAccess
1. Createprofilesandpermissionsets–Identifythedifferenttypesofusersyouneedforyourapplication,basedonthedifferentfunctionseachtypeneedstoaccess.
a. Createabaselevelprofileforeachtypeofusersothateachprofilehasonlythepermissionsrequiredforthattypeofusertoperformthesefunctions.
b. Thencreatepermissionsetstohandleexceptions—situationsinwhichausermayneedafewmorepermissions.
2. Assignusers–Assigneachusertotheappropriateprofileandpermissionsets.3. Setsharingmodels–Foreachobject,settheorganization-widedefaultrecordsharingsettingstodeterminewhether
therecordsthateachuserownsarepublicorprivate.4. Shareprivaterecords–Useroles,groups,recordsharingrules,andothermeanstoshareprivaterecordswithother
users.
ProfilesandPermissionSet
• Foreachobject,the“ViewAll”and“ModifyAll”permissionsignoresharingrulesandsettings,allowingadministratorstoquicklygrantaccesstorecordsassociatedwithagivenobjectacrosstheorganization.
• Thesepermissionsareoftenpreferablealternativestothe“ViewAllData”and“ModifyAllData”administrativepermissions
RecordOwnershipandQueues
• Everyrecordmustbeownedbyasingleuseroraqueue• Usershigherinahierarchy(roleorterritory)inheritthesamedataaccessastheirsubordinatesforstandardobjects• Queueshelpyouprioritize,distribute,andassignrecordstoteamswhoshareworkloads.• Queuemembersandusershigherinarolehierarchycanaccessqueuesfromlistviewsandtakeownershipofrecords
inaqueue.
Ifasingleuserownsmorethan10,000records,asabestpractice:
• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole
hierarchy.
OrganizationwideDefaults
• Youuseorganization-widesharingsettingstolockdownyourdatatothemostrestrictivelevel,andthenusetheotherrecord-levelsecurityandsharingtoolstoselectivelygiveaccesstootherusers.
• Organization-widedefaultsaretheonlywaytorestrictuseraccesstoarecord.• Forcustomobjectsonly,usetheGrantAccessUsingHierarchiessetting,whichifunchecked(defaultischecked),
preventsmanagersfrominheritingaccess.• EvenifGrantAccessUsingHierarchiesisdeselected,someusers—suchasthosewiththe“ViewAll”and“ModifyAll”
objectpermissionsandthe“ViewAllData”and“ModifyAllData”systempermissions—canstillaccessrecordstheydon’town.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 12
RoleHierarchy
• Anorganizationisallowed500roles;however,thisnumbercanbeincreasedbySalesforce.• Asabestpractice,keepthe
o numberofnon-portalrolesto25,000andthenumberofportalrolesto100,000.o rolehierarchytonomorethan10levelsofbranchesinthehierarchy.
• Overlaysarealwaysthetrickypartofthehierarchy.Ifthey'reintheirownbranch,they'llrequireeithersharingrules,teams,orterritorymanagementtogainneededaccess
PublicGroupsPublicgroupscanconsistof:
• Users• CustomerPortalUsers• PartnerUsers• Roles• RolesandInternalSubordinates• Roles,InternalandPortalSubordinates• PortalRoles• PortalRolesandSubordinates• Territories• TerritoriesandSubordinates• Otherpublicgroups(nesting)
Ø Asabestpractice,keepthetotalnumberofpublicgroupsforanorganizationto100,000.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 13
Ø Groupsalsohavetheabilitytoprotectdatasharedinthegroupfrombeingmadeaccessibletopeopleintherolehierarchyabovethegroupmembers.
Ø This(anddealingwiththeaccessofrecordownersandtheirmanagementhierarchy)allowsthecreationofgroupsinwhichveryhighlyconfidentialinformationcanbeshared—thedatawillbeaccessibleONLYtogroupmembers,andnobodyelseintheorganization.ThisisaccomplishedbyusingtheGrantAccessUsingHierarchiessetting.
Ownership-basedSharingRules
• Ownership-basedsharingrulesarebasedontherecordowneronly.• Contactownership-basedsharingrulesdon'tapplytoprivatecontacts.• Asabestpractice,keepthenumberofownership-basedsharingrulesperobjectto1,000
Ownership-basedSharingisusedtoprovidedataaccessto
• peerswhoholdthesamerole/territory• othergroupingsofusers(publicgroups,portal.roles,territories).
Criteria-basedSharingRules• Asabestpractice,keepthenumberofcriteria-sharingrulesperobjectto50;however,canbeincreasedbySalesforce.• Toprovidedataaccesstousersorgroupsbasedonthevalueofafieldontherecord.
ManualSharing
• Manualsharingisremovedwhentherecordownerchangesorwhenthesharingaccessgranteddoesn'tgrantadditionalaccessbeyondtheobject'sorganization-widesharingdefaultaccesslevel.
• Onlymanualsharerecordscanbecreatedonstandardobjects• Manualsharerecordsaredefinedassharerecordswiththerowcausesettomanualshare• Allsharerecords(standardandcustomobjects)witharowcausesettomanualsharecanbeeditedanddeletedbythe
Sharebuttonontheobject'spagelayout,evenifthesharerecordwascreatedprogrammatically.• YouhaveaccesstotheSharingbuttonwhenyoursharingmodeliseitherPrivateorPublicReadOnlyforatypeof
recordorrelatedrecord.
Teams• Onlyowners,peoplehigherinthehierarchy,andadministratorscanaddteammembersandprovidemoreaccessto
themember.• Ateammemberwithread/writeaccesscanaddanothermemberwhoalreadyhasaccesstotherecordwithwhichthe
teamisassociated.Theteammembercan'tprovidethemadditionalaccess.• Theteamobjectisnotafirst-classobject.Youcan'tcreatecustomfields,validationsrules,ortriggersforteams.
TerritoryHierarchy
• Territorymanagementisnotreversible,soit’sextremelyimportanttoknowitsimplications• Whenterritorymanagementisenabledyoumustmanageboththerolehierarchyandterritoryhierarchy• TerritoriesexistonlyonAccount,Opportunityandmaster/detailchildrenofAccountsandOpportunities.• Organizationscanhaveupto500territories;• Iftheassignmentrulesforaterritoryarechanged,anyAccountTerritorysharingrulesusingthatterritoryasthesource
willberecalculated.Likewise,ifthemembershipofaterritorychanges,anyownership-basedsharingrulesthatusetheterritoryasthesourcewillberecalculated
TerritoryManagementwillbeusedorconsidered:
• Multiplegroupsofpeople(multipleteams)requireeitherread-onlyorread/writeaccesstoaccounts.• Anadditionalhierarchicalstructure(differentfromtherolehierarchy)isneeded.• Asingleuserneedstoholdmultiplelevelsinthehierarchy.• Globalusers(GAM–globalaccountmanager)needtoseeeverythingfromtheglobalaccountdownward
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 14
AccountTerritorySharingRules• AccountterritorysharingrulesbecomeavailableonlywhenTerritoryManagementhasbeenenabledforan
organization.• Toprovidedataaccesstoaccountswithinaterritory(notbasedonownership)toagroupingofusers.
ProgrammaticSharingIfyoucreateasharerecordprogrammatically,andtheout-of-boxrowcause(manualshare)isused,thenyoucanmaintainthissharerecordwiththeSharebuttonintheappProgrammaticSharingwillbeusedorconsidered:
• Noothermethodofsharing(declarative)meetsthedataaccessneeds.• Thereisanexisting,externalsystemoftruthforuseraccessassignmentswhichwillcontinuetodriveaccessandbe
integratedwithSalesforce.• Poorperformancebyusingnativesharingcomponents.(Usuallyappliestoverylargedatavolumes)• Teamfunctionalityoncustomobjects
ImplicitSharing• Youcanneitherturnitoff,norturniton—itisnativetotheapplication.• Parentimplicitsharingisprovidingaccesstoparentrecords(accountonly)whenauserhasaccesstochildren
opportunities,cases,orcontactsforthataccount• Childimplicitsharingisprovidingaccesstoanaccount’schildrecordstotheaccountowner.
o onlyappliestocontact,opportunity,andcaseobjects(childrenoftheaccount).• Implicitsharingdoesn'tapplytocustomobjects.• TheaccesslevelsthatcanbeprovidedareView,Edit,andNoaccessforeachofthechildrenobjectswhentheroleis
created.
TypeofSharing
Provides Details
Parent Read-onlyaccesstotheparentaccountforauserwithaccesstoachildrecord
• Notusedwhensharingonthechildiscontrolledbyitsparent• Expensivetomaintainwithmanyaccountchildren• Whenauserlosesaccesstoachild,Salesforceneedstocheck
allotherchildrentoseeifitcandeletetheimplicitparent.
Child Accesstochildrecordsfortheowneroftheparentaccount
• Notusedwhensharingonthechildiscontrolledbyitsparent• Controlledbychildaccesssettingsfortheaccountowner’s
role• Supportsaccountsharingrulesthatgrantchildrecordaccess• Supportsaccountteamaccessbasedonteamsettings• Whenauserlosesaccesstotheparent,Salesforceneedsto
removealltheimplicitchildrenforthatuser.
Portal Accesstoportalaccountandallassociatedcontactsforallportalusersunderthataccount
Sharedtothelowestroleundertheportalaccount
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 15
TypeofSharing
Provides Details
HighVolume1
Accesstodataownedbyhighvolumeusersassociatedwithasharingsetforusersmemberofthesharingset'saccessgroup
Allmembersofthesharingsetaccessgroupgainaccesstoeveryrecordownedbyeveryhighvolumeuserassociatedwiththatsharingset
HighVolumeParent
Readonlyaccesstotheparentaccountofrecordssharedthroughasharingset'saccessgroupforusersmemberofthegroup
Maintainstheabilitytoseetheparentaccountwhenusersaregivenaccesstoaccountchildrenownedbyhighvolumeusers
Ø Toallowportaluserstoscaleintothemillions,Communityusershaveastreamlinedsharingmodelthatdoesnotrelyonrolesorgroups,andfunctionssimilarlytocalendareventsandactivities.
Ø CommunityusersareprovisionedwiththeServiceCloudPortalorAuthenticatedWebsitelicenses.
Sharingbetweenaccountsandchildrecords• Accesstoaparentaccount
o Ifyouhaveaccesstoanaccount’schildrecord,youhaveimplicitReadOnlyaccesstothataccount.• Accesstochildrecords
o Ifyouhaveaccesstoaparentaccount,youhaveaccesstotheassociatedchildrecords.Theaccountowner'sroledeterminesthelevelofaccesstochildrecords.
Sharingbehaviorforportalusers• Accountandcaseaccess
o Anaccount’sportaluserhasReadOnlyaccesstotheparentaccountandtoalloftheaccount’scontacts.• ManagementaccesstodataownedbyServiceCloudportalusers
o SinceServiceCloudportalusersdon'thaveroles,portalaccountownerscan'taccesstheirdataviatherolehierarchy.Tograntthemaccesstothisdata,youcanaddaccountownerstotheportal’ssharegroupwheretheServiceCloudportalusersareworking.ThisstepprovidesaccesstoalldataownedbyServiceCloudportalusersinthatportal.
• Caseaccesso Ifaportalorcustomercommunityplususerisacontactonacase,thentheuserhasReadandWriteaccess
onthecase.
Considerationswhenterritorymanagementisneed
WhathappenstotheRoleHierarchy?• Youarenowmanagingtwohierarchies,whichmeanssharingismorecomplex.• Thebestpracticeistoflatten(orsimplify)therolehierarchyasmuchaspossible• Theruleofthumbistomakeyourrolehierarchyyournon-saleshierarchy,trytoflattenthesaledepartment
branch(es),andthenusetheterritoryhierarchyasyour“sales”hierarchy. CanYouStillUseTeams?
• Yes.However,onlyimplementteamsifnootherexistingsharingcomponentwillsatisfytherequirement.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 16
RealignmentandReassignment• Asaruleofthumb,havehierarchystructural(realignments)changesoccurnomorethanquarterlyandallchangesof
highvolume(bulkormasschanges)bewellplanned,tested,andcoordinated.
LargeDataVolumes• Ifyouhavemorethantwomillionaccounts,andhaveimplementedteamsorTerritoryManagement,youespecially
needtopayattentiontoperformance.• Thesearecomplexsharingmodelcomponentsthatcanmakeforahugevolumeofsharerecordsandhence,long
runningtransactions.
DeferSharingCalculations• Natively,everyindividualchangetotherolehierarchy,territoryhierarchy,groups,sharingrules,userroles,team
membership,orownershipofrecordscaninitiateautomaticsharingcalculations.• Defersharinghelpshere.
DataSkews/OwnershipSkews• Dataskewsaredefinedasafewparentrecordswithmanychildrenrecords.
o Theratiowherewestartseeingperformancedegradationis1:10,000.o Asabestpractice,keeptheratioasclosetothataspossible(lowerispreferred).
• Ownershipskewswhereasingleuser,role,orgroupowningalargenumberofrecordsforanobjecto Therecommendedratioofownhffertonumberofrecordsisalso1:10,000.
Ifasingleuserownsmorethan10,000records,asabestpractice:
• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole
hierarchy.• Iftheuser(s)musthavearoletosharedata,werecommendthatyou:
o Placetheminaseparateroleatthetopofthehierarchyo Notmovethemoutofthattop-levelroleo Keepthemoutofpublicgroupsthatcouldbeusedasthesourceforsharingrules
AccountDataSkew• AccountdataskewoccurswhenanAccount’sparentobjecthasmorethan10,000childobjects
Twosituationsinparticularposeariskofproducinglockingerrors.
• Updatestoparentrecordsandtheirchildrenarebeingprocessedsimultaneouslyinseparatethreads.• Updatestochildrecordsthathavethesameparentrecordsarebeingprocessedsimultaneouslyinseparatethreads
HowtoAvoidAccountDataSkew
• Designarchitecturetolimitaccountobjectsto10,000children.SomepossiblemethodsincludecreatingapoolofAccountsandassigningchildreninaroundrobinfashionorusingCustomSettingsforthecurrentAccountandthenumberofchildren.
• Ifpossible,consideraPublicRead/Writesharingmodelinwhichtheparentaccountstayslocked,butsharingcalculationsdon’toccur.
• Ifyouhaveaskewedaccount,redistributechildobjectsinchunksduringoff-peakhourstolessentheimpactofrecord-levellockcontention.BatchApexortheBulkAPIareusefulwaystore-parent.
TheAccountHierarchiesImpactonDataAccess• aparent/childrelationshipbetweentworecordsdoesnotdriveaccess.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 17
TroubleshootingWhyausercanorcan'tseearecord.Hereisatroubleshootingflow:
1. Verifythattheuserhaspermissionstoaccesstotheobject.2. Identifytheuser'srolewhocan'tseetherecordandnoteit.3. Identifytheowner'sroleoftherecordandnoteit.4. Reviewtherolehierarchyandverifythesetworolesareintwodifferentbranches(theyshouldbe).5. Nowyouneedtoreviewthesharingrulesfortheobjectandmakesurethereisnorulethatwillgranttheuseraccess.6. Ifyouareusingteams,shouldthisuserbeontheteamforthatrecord?Howareteamsmaintainedandhowdidthe
missoccur?7. Ifmanualsharingisused,theusermayhavelostaccessbecausetherecordownerchanged.Manualsharesare
droppedwhenownershipchanges.ThemanualsharecouldalsohavebeenremovedusingtheSharebutton.8. Ifyouareusingterritorymanagement,istheusermissingfromoneoftheterritories?Whereisthemembershipof
territoriesmaintainedandhowdidthemissoccur?Or,maybetherecorddidnotgetstampedwiththeterritorywheretheuserisamember.
9. Ifyouarecreatingprogrammaticsharesandtherearecriteriaforcreatingtheshareincode,reviewthecodetounderstandwhythisuserwasomitted.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 18
TerritoryManagementEnterpriseTerritoryManagement:
• Salesforceadminscansetupandtestterritorymodelsbeforeimplementingthem.• It’seasytomakeassignmentsbetweenterritories,accounts,andopportunities.• Reportshelpteamsorganizeforoptimalcoverageandassessterritoryeffectiveness.• IfyouuseCollaborativeForecasts,youcanforecastbyterritory.
WhatIt’sCalled WhatItDoes
Territory • Helpsyouorganizegroupsofaccountsandthesalesrepswhoworkwiththoseaccounts.• Youcreateterritoriesbasedonterritorytypes.
Territorytype • Everyterritoryyoucreatehasaterritorytype.Youuseterritorytypesonlytoorganizeandcreateterritories.T
• heydon’tappearonterritorymodelhierarchies.Territorytypepriority • Helpsyouchoosetheappropriateterritorytypeforterritoriesyoucreateoredit.Youcreate
yourownpriorityscheme
Territorymodel • Modelingletsyoucreateandpreviewmultipleterritorystructuresanddifferentaccountanduserassignmentsbeforeyouactivatethemodelthatworksbest.
Territoryhierarchy • Youstartfromthehierarchytocreate,edit,anddeleteterritories;runassignmentrulesforterritories,andnavigatetoterritorydetailpagesformoreinformation.
• Fromthehierarchy,youcanalsoassignterritoriestoopportunities,runassignmentrulesatthemodellevel,andactivateorarchivethemodel.Yourterritoryhierarchyintheactiveterritorymodelalsodeterminestheforecastshierarchyforterritoryforecasts.
Territorymodelstate • Indicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.
Setup
• Setup->ManageTerritories->Settings->EnableTerritoryManagement• Createterritorytypeandmodel.• Fromtheterritorymodel->ViewHierarchy->createaterritory.
TerritoryModel
• Thislimitincludesmodelscreatedbycloning.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 19
TerritoryModelState
• Territorymodelstateindicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.• Youcanhaveonlyoneactiveterritorymodelatatime,butyoucancreateandmaintainmultiplemodelsinplanningor
archivedstatetouseforextramodelingorreference.
LIFECYCLESTATE DEFINITION
Planning Thedefaultstateforeverynewterritorymodelyoucreate.ThePlanningstateletsyoupreviewamodel’sterritoryhierarchybeforedeployingit.
Active Thestateofaterritorymodelafteryouactivateitandallprocessingiscomplete.OnlyonemodelinyourSalesforceorganizationcanbeactiveatatime.
Archived Thestateofaterritorymodelafteryouarchiveitandallprocessingiscomplete.Anarchivedmodelletsadminsviewhierarchyandruleassignmentsastheywereconfiguredwhenthemodelwasactive.Onlytheactivemodelcanbearchived,andarchivedmodelscannotbereactivated.
ERRORSTATE DEFINITION
ActivationFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.
ArchivingFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.
AssignmentRule
• AruletellsEnterpriseTerritoryManagementtoassignaccountswiththosecharacteristicstothatterritory.• IfyourterritoryisinPlanningstate,runningrulesletsyoupreviewaccountassignments.• IfyourterritoryisinActivestatewhenyourunrules,accountsareassignedtoterritoriesaccordingtoyourrules.
Filter-basedopportunityterritoryassignment
• Manuallyassigningaopportunitytoterritoryusing“territoryfield”inopportunity.• ApexClassrequiredforFilter-BasedOpportunityTerritoryAssignment
o ImplementsOpportunityTerritory2AssignmentFilterinterface.• EnableFilter-BasedOpportunityTerritoryAssignmentandsettheclass.• YoucanassignterritorytypepriorityviatheAPIbyupdatingtheTerritory2Typeobject’sPriorityfield.• ManuallyExcludeanOpportunityfromFilter-BasedTerritoryAssignmentusing“Excludefromtheterritoryassignment
filterlogic”inopportunity.• RunOpportunityFilterfromTerritorymodel’shierarchyinSetup.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 20
GettheMostfromTerritoryManagement
• Cloneaterritoryfromterritorymodelpage.• TerritoryUsersbyTerritoryRole
o Setup->TerritoryAssociations->RoleinTerritoryo Assignroles.TerritoryRecord->AssignedUserRelatedlist->Edit->RoleinTerritory.
• ChattertoCollaborateonTerritoryModelsusingSetup->Chatter->FeedTracking->TerritoryModel->Enablefeedtracking
ReportonTerritories
• FirstyouneedacustomTerritoryManagementreporttypethatrelatestheobjectsyouwanttoreporton.• Thenyoucreatereportsthatbelongtothattype.• Steps:
o OntheReportstab,clickNewReporto Chooseanaccountoropportunityreporttype,andthenclickContinue.o IntheShowMefilterfield,selectMyterritories’orMyterritoryteam’sasthefiltercriterion.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 21
Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)NOTE:Pleasenotethat(x)means"Available"inthebelowtable Features TerritoryManagement1.0 EnterpriseTerritoryManagement2.0
MultipleTerritories/Hierarchy XRunTerritoriesonTerritoryTree/ListViewPage
X
PreviewTerritory X(partial,notpersisted) XInheritedTerritoryRules X XTerritoryType/Priority XTerritoryModels XEnable/DisableTerritoryManagement X XAssignmentofTerritoryonOpportunities X X(Spring'15)IntegrationwithCustomizableForecasting X IntegrationwithCollaborativeForecasts X(forecastsbasedonterritoryhierarchy,notrole
hierarchy)ManualAssignmentofAccounttoTerritory X XSeparationofRuleExecutionvsDeployment XReports/Dashboards X XTerritoryHierarchyDeepClone XRuleSharingamongmultipleTerritories XMyTerritoriesScopeinAccountListViews X XMyTerritoriesScopeinAccountReports X X(Spring'15)AuditTrail XMetadataAPISupport XUserRoleinTerritory XTriggeronUsertoTerritoryAssociationObject XShareareport/dashboardfolderwithaterritory
X
Createapublicgroupwithterritory X
PermissionsAffectEnterpriseTerritoryManagement?
• SalesOperationsmanagersandselectedSalesmanagerstobeabletomanageterritories.o Ifso,assignthemthe“ManageTerritories”permission.
• Anyonewhowillalsocreateaccountassignmentrulesalsoo needsthe“ViewAll”permissiononAccounts.
• SalesforceSetuptree,includingterritoriessettingso ViewSetupandConfiguration
Considerations:
• IfusingEnterpriseTerritoryManagement,territorysharinggroupscan’tbeusedinasharingrule.• IfusingEnterpriseTerritoryManagement,userscan’tmanuallysharearecordtoaterritory.• IfusingEnterpriseTerritoryManagement,youcan’tuseterritorysharinggroupsprogrammatically
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 22
Account&OpportunityTeams
AccountTeams
• Anaccountteamisateamofuserswhoworktogetheronanaccount.• Useaccountteamstoeasilytrackcollaborationonaccounts.• Accountteamsaren’tthesameasopportunityteams,althoughtheyhavethesameteammemberroles.
SetUpandManageAccountTeams
EnableAccountTeams• FromSetup,enterAccountTeamsintheQuickFindbox,thenselectAccountTeamSettings.• Definethesettings.• Saveyourchanges.
CustomizeAccountTeamRolesEveryaccountteammemberhasaroleinworkingwiththataccount,suchasAccountManagerorSalesRep.Totracktherolesthatteammembersplayinyourcompany,customizeyouraccountteamrolesinSalesforce.
• FromSetup,enterTeamRolesintheQuickFindbox,thenselectTeamRolesunderAccountTeams.• Editthepicklistvaluesforteamrolesasneeded.• Saveyourchanges.• Toupdateachangedpicklistvalueinallyourfiles,enterReplaceTeamRolesintheQuickFindbox,thenselectReplace
TeamRole.
Considerations• Accountteamsshareroleswithopportunityteams.Ifyouremoveanaccountteamrole,thatroleisnolongerlistedas
anopportunityteamrole.• Accountteamscanonlybeusedtograntgreateraccesstoanaccount.Theycan’tbeusedtorestrictaccesstoaccount
recordsbeyondtheorg-widesharingdefaults.• Whentheorg-widedefaultforcontactsissettoControlledbyParent,ContactAccessisn’tavailableforaccountteam
members.• Disablingaccountteamsirreversiblyremovesexistingteamsfromallaccountsanddeleteusers’defaultaccountteams,
andremovestheAccountTeamrelatedlistfromallpagelayouts.• YoucannotdisableaccountteamsforyourorganizationifteammembersarereferencedinApex.
• Onlyadministratorscangrantaccesstochildrecordsthataregreaterthantheaccountowner’saccesslevel.AddAccountTeamMembersAccountrecordownersandusersabovetheownerintherolehierarchycanadd,edit,anddeleteteammembers.Toeditordeleteanaccountteammember,youmustbeoneofthefollowing.
• Theaccountowner• Abovetheownerintherolehierarchy• Anyusergrantedfullaccesstotherecord• Anadministrator
ConsiderationsforRemovingAccountTeamMembers
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 23
• Ifateammemberisonyourdefaultaccountteamandyouremovethemfromaspecificaccount,thosechangesonlyaffectthataccount.Thesetupofyourdefaultaccountteamdoesnotchange.
• IfauseronanaccountteamhasRead/Writeaccess(AccountAccess,ContactAccess,OpportunityAccess,andCaseAccess)andisdeactivated,theaccesswilldefaulttoReadOnlyiftheuserisreactivated.
AccountTeamFields
FIELD DESCRIPTION
AccountAccessThelevelofaccessthatateammemberhastotheaccount.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultaccountsharingaccess.
CaseAccess Thelevelofaccessthatateammemberhastothecasesassociatedwiththeaccount.
ContactAccessThelevelofaccessthatateammemberhastothecontact.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultcontactsharingaccess.
OpportunityAccess Thelevelofaccessthatateammemberhastotheopportunitiesassociatedwiththeaccount.
TeamMember Theuserwho’slistedaspartoftheteam.
TeamRole Therolethattheteammemberplaysfortheaccount,suchasAccountManager.
OpportunityTeams
• Opportunityteamsshowwho’sworkingontheopportunityandwhateachteammember’sroleis,makingiteasytocollaboratewithyourcollegues.
• Youcangrantyouropportunityteammembersspecialaccesstotheopportunityanditsrelatedrecords,makingiteasierforeveryonetoworktogether.
• Inopportunityreports,filteropportunitiesbytheopportunityteamsthatyou’reamemberof.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 24
UnderstandingSharingAshareobjectincludesrecordssupportingallthreetypesofsharing:
1. Managedsharing2. usermanagedsharing,3. Apexmanagedsharing.
ManagedSharingManagedsharinginvolvessharingaccessgrantedbyLightningPlatformbasedonrecordownership,therolehierarchy,andsharingrules:
• RecordOwnershipo Eachrecordisownedbyauseroroptionallyaqueueforcustomobjects,casesandleads.Therecordowneris
automaticallygrantedFullAccess,allowingthemtoview,edit,transfer,share,anddeletetherecord• RoleHierarchy
o enablesusersaboveanotheruserinthehierarchytohavethesamelevelofaccesstorecordsownedbyorsharedwithusersbelow
• SharingRuleso usedbyadministratorstoautomaticallygrantuserswithinagivengrouporroleaccesstorecordsownedbya
specificgroupofusers.o Sharingrulescannotbeaddedtoapackageandcannotbeusedtosupportsharinglogicforappsinstalled
fromAppExchange.o Sharingrulescanbebasedonrecordownershiporothercriteria.Youcan’tuseApextocreatecriteria-based
sharingrules.Also,criteria-basedsharingcannotbetestedusingApex.
• AllimplicitsharingaddedbyForce.commanagedsharingcannotbealtereddirectlyusingtheSalesforceuserinterface,SOAPAPI,orApex.
UserManagedSharing
• allowstherecordowneroranyuserwithFullAccesstoarecordtosharetherecordwithauserorgroupofusers.• Thisisgenerallydonebyanenduser,forasinglerecord
ApexManagedSharing
• providesdeveloperswiththeabilitytosupportanapplication’sparticularsharingrequirementsprogrammaticallythroughApexortheSOAPAPI.
• Thistypeofsharingissimilartomanagedsharing.
TheSharingReasonFieldIntheSalesforceuserinterface,theReasonfieldonacustomobjectspecifiesthetypeofsharingusedforarecord.ThisfieldiscalledrowCauseinApexortheAPI.Sharing rowCauseValue(UsedinApexortheAPI
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 25
Managed ImplicitChild,ImplicitParentUserManaged ManualApexManaged Definedbydeveloper
AccessLevelsWhendeterminingauser’saccesstoarecord,themostpermissivelevelofaccessisused.Mostshareobjectssupportthefollowingaccesslevels:
AccessLevel
APIName
Description
Private None Onlytherecordownerandusersabovetherecordownerintherolehierarchycanviewandedittherecord.ThisaccesslevelonlyappliestotheAccountShareobject.
ReadOnly Read Thespecifieduserorgroupcanviewtherecordonly.
Read/Write Edit Thespecifieduserorgroupcanviewandedittherecord.
FullAccess All Thespecifieduserorgroupcanview,edit,transfer,share,anddeletetherecord.Thisaccesslevelcanonlybegrantedwithmanagedsharing.
SharingConsiderations
• Ifatriggerchangestheownerofarecord,therunningusermusthavereadaccesstothenewowner’suserrecordifthetriggerisstartedthroughthefollowing:
• API
• Standarduserinterface
• StandardVisualforcecontroller
• Classdefinedwiththewithsharingkeyword
• Ifatriggerisstartedthroughaclassthat’snotdefinedwiththewithsharingkeyword,thetriggerrunsinsystemmode.Inthiscase,thetriggerdoesn’trequiretherunningusertohavespecificaccess.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 26
SecurityandSharinginCustomer&PartnerCommunity
ShareGroup• SharegroupallowsyoutospecifytheSalesforceotherexternaluserswhocanaccessrecordsownedbyhigh-volume
communityusers.• Deactivatingasharegroupremovesallotherusers’accesstorecordsownedbyhigh-volumecommunityusers.An
emailisn’tsenttoyouwhenthedeactivationprocessfinishes.
SharingSetsGrantportalorcommunityusersaccess,basedontheiruserprofiles,torecordsthatareassociatedwiththeiraccountsorcontactsusingsharingsets.
• Accessgrantedtousersviasharingsetsdoesnotrolluptousershighertothemintheirrolehierarchies.• thesharegroupsfunctionalityisn’tavailabletouserswithCustomerCommunityPlusandPartnerCommunity
licenses.
ObjectsSupported
● Account○ Accountsharingsetscancontrolaccessto
Contract,Entitlement,andOrderItemobjects● Asset● Campaign(inbeta)● Case● Contact● CustomObjects
● Individual● Opportunity(inbeta)● Order(inbeta)● ServiceAppointment● ServiceContract● User● WorkOrder
Userlicenses
● AuthenticatedWebsite● CustomerCommunityLogin● CustomerCommunityPlus● PartnerCommunityLicenses(new)
● CustomerCommunityUser● HighVolumeCustomerPortal● HighVolumePortal● OvrageAuthenticatedWebsiteUser● OverageHighVolumeCustomerPortalUser
Ø Portalorcommunityusersgainaccesstoallorderentitlementsandorderitemsunderanaccounttowhichtheyhaveaccess.Tosharerecordsownedbyhigh-volumeportalusers,useasharegroupinstead.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 27
Usage
SharingDatawithPartnerUsersØ SharinggroupsandasharingrulecategoryareavailablebydefaultinyourorgtoshareSalesforcedatawithpartner
usersinacommunity.Ø Org-widedefaultsandfield-levelsecurityalsocontroldataaccessforpartnersincommunities.SettheDefault
ExternalAccesssettingtoPrivateforalltheobjectsyouwanttoexposetopartnerusersinyourcommunity.
Groups/CategoriesAfteryoubuypartnerlicensesforyourorg,thefollowinggroupsandsharingrulecategoryarecreated:
GROUPORCATEGORY DESCRIPTION
AllPartnerPortalUsersgroup Containsallpartnerusersinyourorganization
AllInternalUsersgroup ContainsallSalesforceusersinyourorganization
RolesandInternalSubordinatessharingrulecategory
AllowsyoutocreatesharingrulesinwhichyoucanchoosespecificSalesforceusersinyourorganizationbyrole,includingusersinrolesbelowtheselectedrole.Partnerrolesareexcluded.
Usage
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 28
ApexManagedSharing
SharingaRecordUsingApexToaccesssharingprogrammatically,youmustusetheshareobjectassociatedwiththestandardorcustomobjectforwhichyouwanttoshare
Ø SandardObjectShareo AccountShareo ContactShare
Ø CustomObject__Shareo UnitTree__Share
ShareObjectProperties
PropertyName Description
objectNameAccessLevel ThelevelofaccessthatthespecifieduserorgrouphasbeengrantedforasharesObject.Validvaluesare:
● Edit● Read● All
TheAllaccesslevelcanonlybeusedbymanagedsharing.
ParentID TheIDoftheobject.Thisfieldcannotbeupdated.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 29
RowCause Thereasonwhytheuserorgroupisbeinggrantedaccess.Thereasondeterminesthetypeofsharing,whichcontrolswhocanalterthesharingrecord.Thisfieldcannotbeupdated.
UserOrGroupId TheuserorgroupIDstowhichyouaregrantingaccess.Agroupcanbe:● Apublicgrouporasharinggroupassociatedwitharole.● AterritorygroupifyouusetheoriginalversionofTerritoryManagement,but
notwithEnterpriseTerritoryManagement.
Thisfieldcannotbeupdated.
CreatingUserManagedSharingUsingApex• ItispossibletomanuallysharearecordtoauseroragroupusingApexortheSOAPAPI.• Iftheowneroftherecordchanges,thesharingisautomaticallydeleted• ManualshareswrittenusingApexcontainsRowCause="Manual"bydefault.Onlyshareswiththisconditionare
removedwhenownershipchanges.
CreatingApexManagedSharing• Thistypeofsharingissimilartomanagedsharing.• ApexmanagedsharingmustuseanApexsharingreason.• Apexsharingreasonsareawayfordeveloperstotrackwhytheysharedarecordwithauserorgroupofusers.• UsingmultipleApexsharingreasonssimplifiesthecodingrequiredtomakeupdatesanddeletionsofsharingrecords.• Theyalsoenabledeveloperstosharewiththesameuserorgroupmultipletimesusingdifferentreasons.
EachApexsharingreasonhasalabelandaname:• ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.
o Thislabelallowsusersandadministratorstounderstandthesourceofthesharing.o ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.
• ThenameisusedwhenreferencingthereasonintheAPIandApex.Apexsharingreasonscanbereferencedprogrammaticallyasfollows:
Schema.CustomObject__Share.rowCause.SharingReason__c
ApexSharingReasonCreation
Ø ApexsharingreasonsandApexmanagedsharingrecalculationareonlyavailableforcustomobjects.
1. Fromthemanagementsettingsforthecustomobject,clickNewintheApexSharingReasonsrelatedlist.2. EnteralabelfortheApexsharingreason.
a. ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.
3. EnteranamefortheApexsharingreason.ThenameisusedwhenreferencingthereasonintheAPIandApex.a. Thisnamecancontainonlyunderscoresandalphanumericcharacters,andmustbeuniqueinyourorg.b. Itmustbeginwithaletter,notincludespaces,notendwithanunderscore,andnotcontaintwoconsecutive
underscores.4. ClickSave.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 30
ConsiderationsØ Undercertaincircumstances,insertingasharerowresultsinanupdateofanexistingsharerow.Ø Ifanaccountsharingruleiscreated,thesharingrulerowcause(whichisahigheraccesslevel)replacestheparent
implicitsharerowcause,indicatingthehigherlevelofaccess.Ø Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmay
preventthepackagefrominstalling.Ø DeletinganApexsharingreasonwilldeleteallsharingontheobjectthatusesthereason.Ø Youcancreateupto10Apexsharingreasonspercustomobject.Ø YoucancreateApexsharingreasonsusingtheMetadataAPI.
CreatingApexManagedSharingforCustomerCommunityPlususers• Shareobjects,suchasAccountShareandContactShare,aren’tavailabletotheseusers.
Waystoshare:• IfyoumustuseshareobjectsasaCustomerCommunityPlususer,considerusingatrigger,whichoperateswiththe
withoutsharingkeywordbydefault• UseaninnerclasswiththesamekeywordtoenabletheDMLoperationtorunsuccessfully.
ApexSharingRecalculation
• Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmaypreventthepackagefrominstalling.
• DeveloperscanwritebatchApexclassesthatrecalculatetheApexmanagedsharingforaspecificcustomobject.• Youcanassociatetheseclasseswithacustomobjectonitsdetailpage,andexecutethemifalockingissueprevents
Apexfromgrantingaccesstoauserasdefinedbytheapplication’slogic.• Apexsharingrecalculationsarealsousefulforresolvingvisibilityissuesduetocodingerrors.• YoucanalsorunthemprogrammaticallyusingtheDatabase.executeBatchmethod
• Salesforceautomaticallyrecalculatessharingforallrecordsonanobjectwhenitsorganization-widesharingdefault
accesslevelchanges.
AssociateanApexmanagedsharingrecalculationclass
1. Fromthemanagementsettingsforthecustomobject,gotoApexSharingRecalculations.2. ChoosetheApexclassthatrecalculatestheApexsharingforthisobject.
a. TheclassyouchoosemustimplementtheDatabase.Batchableinterface.b. YoucannotassociatethesameApexclassmultipletimeswiththesamecustomobject.
3. ClickSave.
Considerationsforrecalculations● TheApexcodethatextendsthesharingrecalculationcanprocessamaximumoffivemillionrecords.
○ IfthisApexcodeaffectsmorethanfivemillionrecords,thejobfailsimmediately.● YoucanmonitorthestatusofApexsharingrecalculationsintheApexjobqueue.● YoucanassociateamaximumoffiveApexsharingrecalculationspercustomobject.● YoucannotassociateApexsharingrecalculationswithstandardobjects.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 31
WithSharingThewithsharingkeywordallowsyoutospecifythatthesharingrulesforthecurrentuseraretakenintoaccountforaclass.
publicwithsharingclasssharingClass{}
WithoutSharingUsethewithoutsharingkeywordswhendeclaringaclasstoensurethatthesharingrulesforthecurrentuserarenotenforced.
publicwithoutsharingclassnoSharing{}
ImplementationDetailsinregardstosharingandwithoutsharingKeywords
● Ifaclassisn’tdeclaredaseitherwithorwithoutsharing,thecurrentsharingrulesremainineffect.○ iftheclassiscalledbyanotherclassthathassharingenforced,thensharingisenforcedforthecalledclass.
● Bothinnerclassesandouterclassescanbedeclaredaswithsharing.● Innerclassesdonotinheritthesharingsettingfromtheircontainerclass.● Classesinheritthissettingfromaparentclasswhenoneclassextendsorimplementsanother● Sharingdoesn’tdependonwhethertheclassexecutesasynchronouslyasascheduledjoborbatchjob.Ifyourclass
accessesstandardorcustomfields,preventsharingviolationsbydeclaringthe“withsharing”keyword.
InheritedSharing• Anexplicitinheritedsharingdeclarationmakestheintentclear,avoidingambiguityarisingfromanomitteddeclaration
orfalsepositivesfromsecurityanalysistooling.• UsinginheritedsharingenablesyoutopassAppExchangeSecurityReviewandensurethatyourprivilegedApexcodeis
notusedinunexpectedorinsecureways.• AnApexclasswithinheritedsharingrunsaswithsharingwhenusedasaLightningcomponentcontroller,aVisualforce
controller,anApexRESTservice,oranyotherentrypointtoanApextransaction.• ThereisadistinctdifferencebetweenanApexclassthatismarkedwithinheritedsharingandonewithanomitted
sharingdeclaration.• Aclassdeclaredasinheritedsharingrunsaswithoutsharingonlywhenexplicitlycalledfromanalreadyestablished
withoutsharingcontext.o Becauseoftheinheritedsharingdeclaration,onlycontactsforwhichtherunninguserhassharingaccessare
displayed.o Ifthedeclarationisomittedomitted,evencontactsthattheuserhasnorightstoviewaredisplayeddueto
theinsecuredefaultbehaviorofomittingthedeclaration.
publicinheritedsharingclassInheritedSharingClass{ publicList<Contact>getAllTheSecrets(){ return[SELECTNameFROMContact]; }}
EnforcingSharingRulesEnforcingthecurrentuser'ssharingrulescanimpact:
• SOQLandSOSLqueries.Aquerymayreturnfewerrowsthanitwouldoperatinginsystemcontext.• DMLoperations.Anoperationmayfailbecausethecurrentuserdoesn'thavethecorrectpermissions.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 32
o Forexample,iftheuserspecifiesaforeignkeyvaluethatexistsintheorganization,butwhichthecurrentuserdoesnothaveaccessto.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 33
WhoCanSeeMyFile?
SHARINGSETTING DEFINITION WHENDOESAFILEHAVETHISSETTING?
Private
• Thefileisprivate.• Ithasn'tbeensharedwithanyoneelsebesidesthe
owner.• Thefileowneranduserswith“ModifyAllData”
permissioncanfindandviewthisfile.• However,ifthefileisinaprivatelibrary,onlythe
fileownerhasaccesstoit.
Afileisprivatewhenyou:
• UploaditinFileshome• Publishittoyourprivatelibrary• Stopsharingitwitheveryone(MakePrivate)• Deletepoststhatincludethefileandthefileisn'tshared
anywhereelse
PrivatelyShared
• Thefilehasonlybeensharedwithspecificpeople,groups,orvialink.
• It'snotavailabletoallusersinyourcompany.• Onlythefileowner,userswith“ModifyAllData”
or“ViewallData”permission,andspecificfileviewerscanfindandviewthisfile.
Afileisprivatelysharedwhenit's:
• Onlysharedwithspecificpeopleoraprivategroup• Postedtoaprivategroup• Sharedvialink• Postedtoafeedonarecord• Publishedtoasharedlibrary
YourCompany Allusersinyourcompanycanfindandviewthisfile.Afileissharedwithyourcompanywhenit'spostedtoafeedthatalluserscansee,aprofile,arecord,orapublicgroup.
Actionsforyourfilepermissions.
Considerations
• NoAccessmeansthatonlythepeopleinyourcompanywithwhomthisfileissharedcanfindorviewthefile.Ifthefileissharedwithaprivategroup,onlymembersofthegroupcanfindorviewthefile.
• Userswith“ModifyAllData”permissioncanview,preview,download,share,attach,makeprivate,restrictaccess,edit,uploadnewversions,anddeletefilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.
• Userswith“ViewAllData”permissioncanviewandpreviewfilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.
• Groups(includinggroupmembers)andrecordshaveviewerpermissionforfilespostedtotheirfeeds.• Permissionsforfilessharedwithlibrariesdependonthelibrary.
ACTION FILEOWNER FILECOLLABORATOR FILEVIEWER
VieworPreview Yes Yes Yes
Download Yes Yes Yes
Share Yes Yes Yes
AttachaFiletoaPost Yes Yes Yes
UploadNewVersion Yes Yes
EditDetails Yes Yes
ChangePermission Yes Yes
MakeaFilePrivate Yes
RestrictAccess Yes
Delete Yes
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 34
CreateaCustomListViewinSalesforceClassic
USERPERMISSIONSNEEDED
• Tocreatecustomlistviews: o ReadonthetypeofrecordincludedinthelistANDCreateandCustomizeListViews
• Tocreate,edit,ordeletepubliclistviews: o ManagePublicListViews
Considerations
• AsaSalesforceadminorauserwiththe“ManagePublicListView”permission,youhavetheoptiontohidethelistview,soonlyyoucanseethislistview.
o Openthelistview.SelectVisibletocertaingroupsofusers.Choosethetypeofgrouporrolefromthedrop-downlist,selectthegrouporrolefromthelist,thenclickAdd.
• Enterprise,Unlimited,Performance,andDeveloperEditionuserscangiveaccesstoapublicgrouporrole,includingallusersbelowthatrole.
• ListviewsarevisibletoyourcommunityuserswithCustomerCommunityPlus,PartnerCommunity,LightningPlatform
Starter,andLightningPlatformPluslicenses,o iftheVisibletoalluserssettingisenabledforviewsofobjectsincommunityuserprofiles.
• TomakelistviewsvisibleonlytoyourSalesforceusers,selectVisibletocertaingroupsofusers.ThensharetheviewwiththeAllInternalUsersgrouporaselectedsetofinternalgroupsandroles.
• Whenimplementingacommunity,createcustomviewsthatcontainonlyrelevantinformationforcommunityusers.
ThenmakethoseviewsvisibletocommunityusersbysharingthemwiththeAllCustomerPortalUsersgroup,orasetofcommunitygroupsandroles.
ShareaReportorDashboardFolderinSalesforceClassic
USERPERMISSIONSNEEDED• Toshareareportfolderwithpublicgroups:
o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders
• Toshareadashboardfolderwithpublicgroups: o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders
AccessandLimits
• Whenyoucreateafolder,you’reitsmanager.o Onlyyouandotherswithadministrativepermissionscanseeit.
• IfafolderdoesnothaveManageraccess,it’spublic,anduserswiththeViewReportsinPublicFolderspermissioncanviewit.
• Youcanshareareportordashboardfolderwithupto25users,groups,roles,orterritoriesatonetime.• Youcanshareafolderwithupto100users,groups,roles,orterritoriesusingthefoldersharingRESTAPI.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 35
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 36
DesigningRecordLevelAccessforEnterpriseScale
SurvivingOwnerChangeOperations
• Sowhentheownerofarecordischanged,theplatformdeletesallthemanualsharesassociatedwiththerecord.• Ineffect,we“cleantheslate”forthenewownerandletthemdecidewhethertheywanttoshareittoanybody.• Andifyouhavebeenwritingcodethatsharestherecord,yourshareswillgetdeleted,too,becausetheyhavethe
same‘manual’rowcause—theplatformcannotdistinguishbetweenasharingrowyoucreatedandasharingrowcreatedthroughtheUI
UsingApexSharingReasons
• Becauseyourrowcausefortheseshareswillnolongerbe‘manual’,theplatformwon’ttouchthemwhenperformingthechangeowneroperation.
• Standardobjectslikeaccountsorcontacts?o Therelationshipbetweentheseobjectscanbecomplex,andtheremightbegoodreasonsfortheplatformto
changeordeleteasharingrow,evenonethatyouhavecreatedprogrammatically.
UsingOutboundMessaging
• Withstandardobjects,whereyoucan’tuseacustomsharingreason,andyouareintegratingwithanassignmentengineexternaltoSalesforce.
• Youcanconfigureaworkflowruletodetectwhenarecordownerischanged,anduseanoutboundmessagetotriggeryourassignmentenginetotakeappropriateaction
• Enter“OwnerId<>PRIORVALUE(OwnerID)”fortheformula.
UsingaTrigger
• Appliestostandardobjectswhereyoucan’tuseacustomsharingreason,butinthiscaseyouareintegratingwithanassignmentenginebuiltontheSalesforceplatform.
UsingaShadowTable
• Yourlogicforstandardobjectsmightnotbecomplexenoughtojustifybuildingafull-blownassignmentengine.• Youmightbeabletoaccomplishthesamegoalthroughtheuseofatriggerandacustomobjectthatkeepstrackof
yourprogrammaticshares.
Account:LookuptoAccountTeamMember:LookuptoUserAccountAccess:Picklist(Read,Edit)OpportunityAccess:Picklist(None,Read,Edit)CaseAccess:Picklist(None,Read,Edit)ContactAccess:Picklist(None,Read,Edit)TeamRole:Picklist(AccountManager,ChannelManager,ExecutiveSponsor,LeadQualifier,Pre-SalesConsultant,SalesManager,SalesRep)
CompletingtheArchitecture
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 37
thereareadditionalplatformfeaturesthatcouldimpactthesharingsystemyouhavebuilt,whichyoucan’tcodearound.
• Auserwithappropriateaccesstoarecordcanchangeorremoveyourprogrammaticsharesthroughthesharingbuttonontherecord’sdetailpage.
• Auserwithpermissiontoupdatethemembershipofanaccountteamcanchangeorremovesharesyourcodehaswrittentomanageteammembership.
o Thisdoesnotapplytosalesteams,becausetheplatformnowincludestheabilitytodefinetriggersforthesalesteamobjectthatyoucanusetoprotectyourshares.
• AnyApexorAPIoperationperformingDMLonthesharingobjectscouldalsoimpactyoursharingsystem.
GroupMaintenanceTables
• Sharingrowsgrantaccesstousersandgroups,butthedatathatspecifieswhobelongstoeachgroupresidesintheGroupMaintenancetables.
• ThesetablesstoremembershipdataforeverySalesforcegroup,includingsystem-definedgroups.o System-definedgroupsaregroupsofusersthatSalesforcecreatesandmanagesinternallytosupportvarious
featuresandbehaviors,suchasqueues.§ rolehierarchy§ territoryhierarchy§ queues
o User-definedgroupsinSalesforcearegroupsthatdirectlymodifythegroupmembershipobject.Theydifferfromsystem-definedgroupsinthatyoucannotdirectlymodifysystem-definedgroups
§ publicgroups§ privategroups
• Thistypeofmanagementletsthedatathatsupportsqueuesandpersonalorpublicgroupscoexistinthesamedatabasetables,andunifieshowSalesforcemanagesthedata.
GroupsandComposition• Salesforcealsousessystem-definedgroupstoimplementhierarchies.• Duringrecalculation,Salesforcecreatestwotypesofsystem-definedgroups,RolegroupsandRoleAndSubordinates
groups,foreverynodeintherolehierarchy.• Iftheorganizationhasexternalorganization-widedefaultsenabled,athirdtypeofsystem-defined
group,RoleAndInternalSubordinates,iscreated.
Group Consistsof Purpose
Role Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles
Usedtogivemanagersaccesstotheirsubordinates’records
RoleAndSubordinates Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles
Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:
● Aparticularrole● Itssubordinates
RoleAndInternalSubordinates
Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles,excluding
Portalroles
Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:
● Aparticularrole● Itssubordinates,excluding
Portalroles
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 38
Allthreegrouptypeshave:
• Indirectmembers,whoinheritrecordaccessfromthegroup’sdirectmembersandareassignedtomanagerroles.• Directmembers,whoaredefinedaccordingtotheirgrouptype
Example
TerritoryManagementGroups● Territorygroup,inwhichuserswhoareassignedtotheterritoryaredirectmembers,whileusersassignedtoterritories
higherinthehierarchyareindirectmembers● TerritoryAndSubordinatesgroup,inwhichuserswhoareassignedtothatterritoryorterritorieslowerinthehierarchy
aredirectmembers,whileusersassignedtoterritorieshigherinthatbranchareindirectmembers
Considerations• Userscan’tmodifysystem-definedgroupsthroughtheuserinterfaceorAPIinthewaysthattheycanpersonaland
publicgroups
Obtainpeakperformance:
• Movingusersfromonegrouptoanothertriggerorganizationwidegroupmembershiplocks,sohighlydynamicgroupscanhaveanegativeimpactonperformance.
• Theusecasewhichwillprovidepeakperformanceincludesagroupofuserswhosharethesamevisibilityanddon’tfrequentlymovefromonegrouptoanotherviaanautomatedprocess.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 39
• Thesharingperformancebenefitwilldecreaseasthenumberofgroupmembersdecreases,andthefrequencyofusermovementwithinthegroupsincreases.
AccessGrantsWhenanobjecthasitsorganization-widedefaultsettoPrivateorPublicReadOnly,Salesforceusesaccessgrantstodefinehowmuchaccessauserorgrouphastothatobject’srecords.Salesforceusesfourtypesofaccessgrants:
1. ExplicitGrantsa. Salesforceusesexplicitgrantswhenrecordsareshareddirectlytousersorgroups.Specifically,
Salesforceusesexplicitgrantswhen:i. Auseroraqueuebecomestheownerofarecord.ii. Asharingrulesharestherecordtoapersonalorpublicgroup,aqueue,arole,oraterritory.1iii. Anassignmentrulesharestherecordtoauseroraqueue.iv. Aterritoryassignmentrulesharestherecordtoaterritory.v. Ausermanuallysharestherecordtoauser,apersonalorpublicgroup,aqueue,arole,ora
territory.2vi. Auserbecomespartofateamforanaccount,opportunity,orcase.vii. Aprogrammaticcustomizationsharestherecordtoauser,apersonalorpublicgroup,a
queue,arole,oraterritoryb. Ifyourorganizationdoesn’thaveanefficientsharingarchitecture,itmightencounterperformance
problemswhenyouuseautomatedprocessesthatgenerateaverylargenumberofexplicitgrants,suchasmajorsalesrealignments
c. d2. GroupMembershipGrants
a. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryisamemberofagroupthathasexplicitaccesstotherecord.
3. InheritedGrantsa. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryinheritsaccessthrough
aroleorterritoryhierarchy,orisamemberofagroupthatinheritsaccessthroughagrouphierarchy.4. ImplicitGrants
a. SsGrantsthatoccurwhennon-configurablerecord-sharingbehaviorsbuiltintoSalesforceSales,Service,andPortalapplicationsgrant
b. accesstocertainparentandchildrecords.
CommonGroupandDataUpdatesInsteadofmovingauserfromonebranchofthehierarchytoanother,wecan:
• Movingaroletoanotherbranchinthehierarchyo Onebenefittomovingawholeroleisthatanyportalaccountssimplymovealongwiththeirparentrole,and
Salesforcedoesn’thavetochangetherelatedsharing.o Ontheotherhand,Salesforcemustdoalloftheworkinvolvedinmovingasingleuserforall
usersintherolebeingmovedandforallofthoseusers’data• Changingtheownerofaportalaccount
o Theeffortrequiredforwhatlookslikeasimpledataupdate—changingthenameoftheuserintheAccountOwnerfield—canbesurprising.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 40
o Whentheoldandnewownersareindifferentroles,Salesforceisnotonlymovingtheportalrolestoanewparentrolebutalsoadjustingthesharingforallthedataassociatedwiththeportalaccount.
GroupMembershipLockingCustomerscanlessenthechanceoflockingerrorsby:
• Schedulingseparategroupmaintenanceprocessescarefullysotheydon’toverlap• Implementingretrylogicinintegrationsandotherautomatedgroupmaintenanceprocessestorecoverfromafailure
toacquirealock• Usingthegranularlockingfeaturetoallowsomegroupmaintenanceoperationstoproceedsimultaneously
Takeaway:TuningGroupMembershipforPerformanceHerearesomespecificsuggestions.
• Identifyuserandgroupupdatesthatarecomplex,suchasuserroleandportalaccountownershipchanges,orupdatesthatinvolvealargeamountofassociateddata.Allowforadditionaltimetoprocessthesechanges.
• Whenmakingchangestothehierarchy,processchangestothebottom(leaf)nodesfirst,thenmoveupwardtoavoidduplicateprocessing.
• Limitthenumberofrecordsofanobjectownedbyasingleuserto10,000.• Rungroupmaintenanceoperationssinglethreadedtopreventlocking.Investigatewhethertheuseofgranularlocking
willallowsomeofyouroperationstorunsimultaneously.• TuneyourupdatesformaximumthroughputbyexperimentingwithbatchsizesandusingthebulkAPI,wherepossible.• Removeredundantpathsofaccess,suchassharingrulesthatprovideaccesstopeoplewhoalreadyhaveitthroughthe
hierarchy
Takeaway:TuningDataRelationshipsandUpdatesforPerformanceHerearesomespecificsuggestions.
• UseaPublicReadOnlyorRead/Writeorganization-widedefaultsharingmodelforallnon-confidentialdata.• Toavoidcreatingimplicitshares,configurechildobjectstobeControlledbyParentwhereverthisconfigurationmeets
securityrequirements.• Configureparent-childrelationshipswithnomorethan10,000childrentooneparentrecord.• Ifyouareencounteringonlyoccasionallockingerrors,seeiftheadditionofretrylogicissufficienttosolvethe
problem.• SequenceoperationsonparentandchildobjectsbyParentIDandensurethatdifferentthreadsareoperatingon
uniquesetsofrecords.• Tuneyourupdatesformaximumthroughputbyworkingwithbatchsizes,timeoutvalues,theBulkAPI,andother
performance-optimizingtechniques
Force.comRecordLockingCheatsheet
http://resources.docs.salesforce.com/194/0/en-us/sfdc/pdf/record_locking_cheatsheet.pdf
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 41
ToolsforLarge-ScaleRealignments
ParallelSharingRuleRecalculation
• Normally,whenanadministratorcreates,deletes,oreditsasharingrule,therecalculationrequiredtomakethosechangestakeeffecttisprocessedsynchronously.
• Whenasharingrulechangeaffectsaccessrightstoaverylargeamountofdata,therecalculationcanrunlonger.Inaddition,arecalculationjobcangetkilledifitisrunningwhenSalesforceperformsascheduledfeatureorpatchrelease.
• Ifyouhaveexperiencedlong-runningprocessingtimesorjobsthatwerekilledduringrealignments,considerusingparallelsharingrulerecalculation.
• Whenthisfeatureisturnedon,sharingrulesareprocessedasynchronouslyandsplitintomultiplesimultaneousexecutionthreadsbasedonload.
• Theprocessingisalsomoreresilient;duringaserverrestart,thejobswillbereinstatedonthequeue,andtheprocesswillcontinuewhentheservercomesbackonline.
DeferredSharingMaintenance• Inanenterpriseenvironmentinwhichmultiplesystemsarecontinuallyprocessingupdates,itcanbedifficultto
scheduleanorganizationorsharingrulechangethatmighttakesubstantialtimetocomplete.• Inordertoincreasethepredictabilityofthesekindsofupdates,theLightningPlatformplatformhasrecently
introducedtheconceptofdeferredsharingmaintenance.
Howworksinpractice
1. Basedonrequestsfromthebusiness,anadministratoridentifiesanumberofchangestotherolehierarchyandgroupmembership,orupdatestosharingrules.
2. Givenbestestimatesoftheremainingoverallwork,theadministratornegotiatesamaintenancewindowforcompletingtheprocessing.
3. Thiswindowshouldbemodelledinasandboxenvironmenttogetthebestestimatepossible.
4. Insteadofprocessingeachseparateupdateandwaitingforittocomplete,theadministratorpreparesallthe
informationrequiredtoperformallupdatesaheadoftheplannedmaintenancewindow.5. Atthestartofthemaintenancewindow,theadministratorusesthedeferralfeaturetoessentially“turnoff”processing
ofgroupmaintenanceoperations,andthenmakesallthedesiredchangestoroleandgroupmembershipatthesametime.
6. Sharingruleprocessingisalsodeferredatthistimesotheadministratorcanperformallsharingruleupdates.7. Oncethechangeshavecompleted,theadministratorresumesprocessinggroupmaintenance,andthesystem
performsarecalculationtomakealltheroleandgroupchangestakeeffect.8. Atthispoint,thesystemisinastatethatrequiresafullrecalculationofallsharingrulesforuseraccessrightstobe
completeandaccurate.Theadministratorcanresumesharingruleprocessingimmediatelyorwaittostarttheprocessatalatertime.Afterthesharingrulerecalculationhascompleted,alltheaccesschangestakeeffect.
Howithelps
● Benchmarkhowlongtheoverallrecalculationislikelytotakeinproduction● Smoothoutanykinksinorchestratingdeferredsharingmaintenance● Deferredsharingmaintenancedoesnotdefertherecalculationofimplicitsharingasdescribedintheimplicitsharing
table.Thecascadingeffectstoimplicitsharescontinuetobeprocessedimmediatelywhensharingrulesarechangedbyadministratorsorthroughthecode.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 42
Considerations:
• ifyouareabletonegotiatedowntimewithyourbusinesscustomersandhavebeenstrugglingtocompleteupdatesina
timelyfashion,deferredsharingmightbeagreatsolutiontoyourproblem.
GranularLocking
• LightningPlatformplatformlockstheentiregroupmembershiptabletoprotectdataintegritywhenSalesforcemakeschangestorolesandgroups.
• Thislockingmakesitimpossibletoprocessgroupchangesinmultiplethreadstoincreasethroughputonupdates.• Whenthegranularlockingfeatureisenabled,thesystememploysadditionallogictoallowmultipleupdatestoproceed
simultaneouslyifthereisnohierarchicalorotherrelationshipbetweentherolesorgroupsinvolvedintheupdates.• Administratorscanadjusttheirmaintenanceprocessesandintegrationcodetotakeadvantageofthislimited
concurrencytoprocesslarge-scaleupdatesfaster,allwhilestillavoidinglockingerrors.
KeyAdvantages
● Groupsthatareinseparatehierarchiesarenowabletobemanipulatedconcurrently.● Publicgroupsandrolesthatdonotincludeterritoriesarenolongerblockedbyterritoryoperations.● Userscanbeaddedconcurrentlytoterritoriesandpublicgroups.● Userprovisioningcannowoccurinparallel.
○ Portalusercreationrequireslocksonlyifnewportalrolesarebeingcreated.○ Provisioningnewportalusersinexistingaccountsoccursconcurrently.
● Asingle-longrunningprocess,suchasaroledelete,blocksonlyasmallsubsetofoperations.
SeetableformoredetailsintheotherdocumentConsiderations:
• Theusermustnotownanypartnerorcustomerportalaccounts.• Customersmayconsiderusinggranularlockingiftheyexperiencefrequentandpersistentlockingthatseverelyrestricts
theirabilitytomanagemanualandautomatedupdatesatthesametime,orseverelydegradesthethroughputofintegrationsorotherautomatedgroupmaintenanceoperations.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 43
ClassicEncryptionforCustomFields
RestrictionsEncryptedtextfields:
• Cannotbeunique,haveanexternalID,orhavedefaultvalues.• Forleadsarenotavailableformappingtootherobjects.• Arelimitedto175charactersbecauseoftheencryptionalgorithm.• Arenotavailableforuseinfilterssuchaslistviews,reports,roll-upsummaryfields,andrulefilters.• Cannotbeusedtodefinereportcriteria,buttheycanbeincludedinreportresults.• Arenotsearchable,buttheycanbeincludedinsearchresults.• Arenotavailablefor:ConnectOffline,SalesforceforOutlook,leadconversion,workflowrulecriteriaorformulas,
formulafields,outboundmessages,defaultvalues,andWeb-to-LeadandWeb-to-Caseforms.
BestPractices
• Encryptedfieldsareeditableregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.o Usevalidationrules,field-levelsecuritysettings,orpagelayoutsettingstopreventusersfromediting
encryptedfields.• YoucanstillvalidatethevaluesofencryptedfieldsusingvalidationrulesorApex.• Bothworkregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.• Encryptedfielddataisnotalwaysmaskedinthedebuglog.
o EncryptedfielddataismaskediftheApexrequestoriginatesfromanApexWebservice,atrigger,aworkflow,aninlineVisualforcepage(apageembeddedinapagelayout),oraVisualforceemailtemplate.Inothercases,encryptedfielddataisn’tmaskedinthedebuglog,likeforexamplewhenrunningApexfromtheDeveloperConsole.
• Existingcustomfieldscannotbeconvertedintoencryptedfieldsnorcanencryptedfieldsbeconvertedintoanotherdatatype.
o Toencryptthevaluesofanexisting(unencrypted)field,exportthedata,createanencryptedcustomfieldtostorethatdata,andimportthatdataintothenewencryptedfield.
• MaskTypeisnotaninputmaskthatensuresthedatamatchestheMaskType.o Usevalidationrulestoensurethatthedataenteredmatchesthemasktypeselected.
• Useencryptedcustomfieldsonlywhengovernmentregulationsrequireitbecausetheyinvolvemoreprocessingandhavesearch-relatedlimitations.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 44
SalesforceShield
• SalesforceShieldisatrioofsecuritytoolsthatadminsanddeveloperscanusetobuildanewleveloftrust,transparency,compliance,andgovernancerightintobusiness-criticalapps.
• ItincludesPlatformEncryption,EventMonitoring,andFieldAuditTrail.AskyourSalesforceadministratorifSalesforceShieldisavailableinyourorganization.
PlatformEncryption
• Itenablesyoutoencryptsensitivedataatrest,andnotjustwhentransmittedoveranetwork,soyourcompanycanconfidentlycomplywithprivacypolicies,regulatoryrequirements,andcontractualobligationsforhandlingprivatedata.
• DatastoredinmanystandardandcustomfieldsandinfilesandattachmentsisencryptedusinganadvancedHSM-basedkeyderivationsystem,soitisprotectedevenwhenotherlinesofdefensehavebeencompromised.
EncryptFields1. Makesurethatyourorghasanactiveencryptionkey.Ifyou’renotsure,checkwithyouradministrator.2. FromSetup,intheQuickFindbox,enterPlatformEncryption,andthenselectEncryptionPolicy.3. ClickEncryptFields.4. ClickEdit.5. Selectthefieldsyouwanttoencrypt.6. ClickSave.
FEATURE CLASSICENCRYPTION PLATFORMENCRYPTION
Pricing Includedinbaseuserlicense Additionalfeeapplies
EncryptionatRest NativeSolution(NoHardwareorSoftwareRequired)
EncryptionAlgorithm128-bitAdvancedEncryptionStandard(AES)
256-bitAdvancedEncryptionStandard(AES)
HSM-basedKeyDerivation ManageEncryptionKeysPermission Generate,Export,Import,andDestroyKeys PCI-DSSL1Compliance Masking
MaskTypesandCharacters
ViewEncryptedDataPermissionRequiredtoReadEncryptedFieldValues
EncryptedStandardFields EncryptedAttachments,Files,andContent
EncryptedCustomFieldsDedicatedcustomfieldtype,limitedto175characters
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 45
DifferenceBetweenClassicEncryptionandShieldPlatformEncryptionWithShieldPlatformEncryption,youcanencryptavarietyofwidelyusedstandardfields,alongwithsomecustomfieldsandmanykindsoffiles.ShieldPlatformEncryptionalsosupportspersonaccounts,cases,search,approvalprocesses,andotherkeySalesforcefeatures.Classicencryptionletsyouprotectonlyaspecialtypeofcustomtextfield,whichyoucreateforthatpurpose.
ShieldPlatformEncryptionBestPractices• Thisprocesshelpsyoudistinguishdatathatneedsencryptionfromdatathatdoesn’t,sothatyoucanencryptonly
whatyouneedto.
1. Defineathreatmodelforyourorganization.2. Toidentifythethreatsthataremostlikelytoaffectyourorganization.
○ Useyourfindingstocreateadataclassificationscheme,whichcanhelpyoudecidewhatdatatoencrypt.3. Encryptonlywherenecessary.
○ Focusoninformationthatrequiresencryptiontomeetyourregulatory,security,compliance,andprivacyrequirements.Unnecessarilyencryptingdataimpactsfunctionalityandperformance.
○ Balancebusiness-criticalfunctionalityagainstsecurityandriskmeasuresandchallengeyourassumptionsperiodically.
4. Createastrategyearlyforbackingupandarchivingkeysanddata.5. Ifyourtenantsecretsaredestroyed,reimportthemtoaccessyourdata.Youaresolelyresponsibleformakingsurethat
yourdataandtenantsecretsarebackedupandstoredinasafeplace.6. ReadtheShieldPlatformEncryptionconsiderationsandunderstandtheirimplicationsonyourorganization.
○ TestShieldPlatformEncryptioninasandboxenvironmentbeforedeployingtoaproductionenvironment.Encryptionpolicysettingscanbedeployedusingchangesets.
○ Beforeenablingencryption,fixanyviolationsthatyouuncover.○ Whenrequestingfeatureenablement,suchaspilotfeatures,giveSalesforceCustomerSupportseveraldays
leadtime.7. AnalyzeandtestAppExchangeappsbeforedeployingthem.
○ IfyouuseanappfromtheAppExchange,testhowitinteractswithencrypteddatainyourorganizationandevaluatewhetheritsfunctionalityisaffected.
○ Ifanappinteractswithencrypteddatathat'sstoredoutsideofSalesforce,investigatehowandwheredataprocessingoccursandhowinformationisprotected.
○ IfyoususpectShieldPlatformEncryptioncouldaffectthefunctionalityofanapp,asktheproviderforhelpwithevaluation.AlsodiscussanycustomsolutionsthatmustbecompatiblewithShieldPlatformEncryption.
○ AppsontheAppExchangethatarebuiltexclusivelyusingLightningPlatforminheritShieldPlatformEncryptioncapabilitiesandlimitations.
8. Useout-of-the-boxsecuritytools.○ ShieldPlatformEncryptionisnotauserauthenticationorauthorizationtool.
9. GranttheManageEncryptionKeysuserpermissiontoauthorizedusersonly.○ UserswiththeManageEncryptionKeyspermissioncangenerate,export,import,anddestroyorganization-
specifickeys.Monitorthekeymanagementactivitiesoftheseusersregularlywiththesetupaudittrail.
EncryptExistingFieldsforSupportedCustomFieldTypes
Search(UI,PartialSearch,Lookups,CertainSOSLQueries)
APIAccess AvailableinWorkflowRulesandWorkflowFieldUpdates
AvailableinApprovalProcessEntryCriteriaandApprovalStepCriteria
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 46
10. ExistingfieldandfiledataisnotautomaticallyencryptedwhenyouturnonShieldPlatformEncryption.Toencryptexistingfielddata,updatetherecordsassociatedwiththefielddata.Toencryptexistingfilesorgethelpupdatingotherencrypteddata,contactSalesforce.
○ allowatleastaweekbeforeyouneedthebackgroundencryptioncompleted.11. Handlecurrencyandnumberdatawithcare.
○ CurrencyandNumberfieldscan’tbeencryptedbecausetheycouldhavebroadfunctionalconsequencesacrosstheplatform
12. Communicatetoyourusersabouttheimpactofencryption.○ BeforeyouenableShieldPlatformEncryptioninaproductionenvironment,informusersabouthowitaffects
yourbusinesssolution.13. Encryptyourdatausingthemostcurrentkey.
○ Whenyougenerateanewtenantsecret,anynewdataisencryptedusingthiskey.However,existingsensitivedataremainsencryptedusingpreviouskeys.Inthissituation,Salesforcestronglyrecommendsre-encryptingthesefieldsusingthelatestkey.ContactSalesforceforhelpwithre-encryptingyourdata.
14. UsediscretionwhengrantingloginasaccesstousersorSalesforceCustomerSupport.○ thatuserisabletoviewencrypteddatainthatfieldinplaintext.
15. IfyouwantSalesforceCustomerSupporttofollowspecificprocessesaroundaskingfororusingloginasaccess,youcancreatespecialhandlinginstructions.
○ Tosetupthesespecialhandlinginstructions,contactyouraccountexecutive.
EventMonitoring
FieldAuditTrail
• FieldAuditTrailletsyouknowthestateandvalueofyourdataforanydate,atanytime.• Youcanuseitforregulatorycompliance,internalgovernance,audit,orcustomerservice.• Builtonabigdatabackendformassivescalability,FieldAuditTrailhelpscompaniescreateaforensicdata-levelaudit
trailwithupto10yearsofhistory,andsettriggersforwhendataisdeleted.
Usage• UseSalesforceMetadataAPItodefinearetentionpolicyforyourfieldhistoryforfieldsthathavefieldhistorytracking
enabled.• ThenuseRESTAPI,SOAPAPI,andToolingAPItoworkwithyourarchiveddata• FieldhistoryiscopiedfromtheHistoryrelatedlistintotheFieldHistoryArchivebigobject.• YoudefineoneHistoryRetentionPolicyforyourrelatedhistorylists,suchasAccountHistory,tospecifyFieldAuditTrail
retentionpoliciesfortheobjectsyouwanttoarchive.• YoucanthendeploythebigobjectbyusingtheMetadataAPI(WorkbenchorAntMigrationTool).
ObjectsSupported
● Accounts,includingPersonAccounts● Assets● Cases● Contacts
● PriceBooks● Products● ServiceAppointments● ServiceContracts
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 47
● Contracts● ContractLineItems● Entitlements● Leads● Opportunities
● Solutions● WorkOrders● WorkOrderLineItems● Customobjectswithfieldhistorytrackingenabled
Fieldcan’tbetracked
• Formula,roll-upsummary,orauto-numberfields• CreatedByandLastModifiedBy• ExpectedRevenuefieldonopportunities• MasterSolutionTitleortheMasterSolutionDetailsfieldsonsolutions• Longtextfields• Multi-selectfields
Considerations
Ø HistoryRetentionPolicyisautomaticallysetonthesupportedobjects,onceFieldAuditTrailisenabled.Ø Bydefault,dataisarchivedafter18monthsinaproductionorganization,afteronemonthinasandboxorganization,
andallarchiveddataisstoredfor10years.Ø AfteryoudefineanddeployaFieldAuditTrailpolicy,productiondataismigratedfromrelatedhistoryØ Thefirstcopywritesthefieldhistorythat’sdefinedbyyourpolicytoarchivestorageandsometimestakesalongtime.Ø AboundedsetofSOQLisavailabletoqueryyourarchiveddata.Ø UseAsyncSOQLtobuildaggregatereportsfromacustomobjectbasedonthevolumeofthedatainthe
FieldHistoryArchivebigobject.Ø IfyourorganizationhasFieldAuditTrailenabled,previouslyarchiveddataisn'tencryptedifyouturnonPlatform
Encryptionlater.Ø Ifyourorganizationneedstoencryptpreviouslyarchiveddata,contactSalesforce.
o Weencryptandrearchivethestoredfieldhistorydata,thendeletetheunencryptedarchive.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 48
DataLeakPrevention
AuthorizationAccesstoonlinedataisgenerallyrestrictedtoonlythosewhoare
• identified,• authenticated,• andauthorized.
Thisisaccomplishedinthreemainways:
1. Create,read,update,anddelete(CRUD)settingsDeterminewhichobjectsausercancreate,read,update,anddelete
2. Fieldlevelsecurity(FLS)settingsDeterminewhichfieldsausercanreadandedit
3. SharingRulesDeterminewhichrecordsarevisibletousers
HowtheSalesforcePlatformEnforcesAuthorization?
UserContextTheplatformrunsinusercontextwhen:
• AuserbrowsestheapplicationviathestandardSalesforce-providedUI• AuserviewsaVisualforcepagethatusesastandardcontroller• AuserviewsaVisualforcepagethatreferencesobjectswithstandardobjectnotation• TheplatformexecutesAnonymousApexviaconsoleorAPIcalls• AnapplicationontheplatformmakesastandardAPIcall
SystemContext• Apexgenerallyrunsinsystemcontext;thatis,
o thecurrentuser'spermissions,o field-levelsecurity,o andsharingrulesaren’ttakenintoaccountduringcodeexecution.
• TheonlyexceptionstothisruleareApexcodethatisexecutedwiththe
o executeAnonymouscallo ChatterinApex.
Theplatformexecutescodeinsystemcontextin:
• ApexClasses(includingwebservices)• ApexTriggers• ApexwebservicescalledfromtheAPI
PurposeofMultipleContexts
• Fromasecurityperspective,usercontextispreferablebecauseuseraccesscontrolsaremaintainedthroughoutthetransaction.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 49
o ThisiswhystandardpagesandVisualforcepagesbuiltonstandardcontrollersruninusercontext.• CustomApexandVisualforceapplicationsoftenrequirepermissionsbeyondthescopeofuser'saccess.Systemcontext
providesthenecessaryflexibilityfortheseapplications.
CRUDandFLSEnforcementinVisualForceandLighttning
• WhenrenderingVisualForcepages,theplatformwillautomaticallyenforceCRUDandFLSwhenthedeveloperreferencesSObjectsandSObjectfieldsdirectlyintheVisualForcepage.
• ifauserwithoutFLSvisibility,itbeautomaticallyremovedfromthetable.• Inputtagssuchasapex:inputTextandapex:inputTextAreawillalsoautomaticallyenforceFLSrestrictions.• Lightningcomponentsdon’tautomaticallyenforceCRUDandFLSwhenyoureferenceobjectsorretrievetheobjects
fromanApexcontroller,CRUDandFLSshouldbeenforcedwhenusingthe“@AuraEnabled”notation.
ProtectAgainstCRUDandFLSViolations
• Youcanenforcethesepermissionsinyourcodethatcheckthecurrentuser'saccesspermissionlevelsbyexplicitlycallingthe
o sObjectdescriberesultmethods(ofSchema.DescribeSObjectResult)andfielddescriberesultmethods(ofSchema.DescribeFieldResult)
§ IsCreateable()§ IsAccessible()§ IsUpdateable()§ IsDeleteable()
IsMyApplicationVulnerable?
• CRUDandFLSalwaysneedstobeenforcedforcreate,read,update,anddeleteoperationsonstandardobjects.• Anyapplicationperformingcreates/updates/deletesinApexcode,passingdatatypesotherthanSObjectsto
VisualForcepages,usingApexwebservicesorthe@AuraEnabled”notationshouldbecheckedthatitiscallingtheappropriateaccesscontrolfunctions.
HowCanITestMyApplication?1. DataDisplayedtotheUser
a. ExamineeachVisualForcepageandattheareasonthepagewheredataisembeddedusingmergefields(i.e.{!object.field}).
i. MergefieldsreferencingSObjectdatathroughotherobjectslikestrings,integers,orApexclassesrequirethatthepagecontrollerorcontrollerextensionperformtheappropriateaccesscontrolcheck.
b. ApexwebservicesdonothaveaVisualForcelayertoautomaticallyenforceCRUD/FLSandalwaysneedtocallisAccessible()onallSObjectfieldsbeforereturningdatatotheuser,
i. samegoesforLightningcomponentsorcontrollers.2. Create,Update,andDeleteOperations
a. ExamineeachApexclassthatcallsinsert,update,upsert,delete,orsimilarcommands.i. Forcreateandupdateoperations,eachfieldassignedavaluedirectlyinApexshouldhaveits
describeresultisCreateable()orisUpdateable()methodcheckedbeforeperformingtheoperation.ii. Deleteoperationsoccuratanobjectlevelbynatureandtheobject'sdescriberesultisDeleteable()
methodshouldbecalledinsteadoffield-levelchecks.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 50
b. Apexwebservicesandauraenabledmethodsalwaysneedtoperformtheappropriateaccesscontrolchecksonallobjectsandfieldsbeforeperformingcreate,update,anddeleteoperations.
runAsMethod
• ThesystemmethodrunAsenablesyoutowritetestmethodsthatchangetheusercontexttoanexistinguseroranewusersothattheuser’srecordsharingisenforced.
• TherunAsmethoddoesn’tenforceuserpermissionsorfield-levelpermissions,onlyrecordsharing.• YoucanuserunAsonlyintestmethods.
NestingYoucannestmorethanonerunAsmethod.Forexample:
Useru2=newUser(Alias='newUser',Email='[email protected]',System.runAs(u2){ //something Useru3=[SELECTIdFROMUserWHEREUserName='[email protected]']; System.runAs(u3){ }}
OtherUsesofrunAs
• therunAsmethodtoperformmixedDMLoperationsinyourtestbyenclosingtheDMLoperationswithintherunAsblock.
• ThereisanotheroverloadoftherunAsmethod(runAs(System.Version))thattakesapackageversionasanargument.Thismethodcausesthecodeofaspecificversionofamanagedpackagetobeused
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 51
InjectionVulnerabilityPrevention
Cross-SiteScripting(XSS)
• XSSisaninjectionvulnerabilitythatoccurswhenanattackercaninsertunauthorizedJavaScript,VBScript,HTML,orotheractivecontentintoawebpage.
• Whenotherusersviewthepage,themaliciouscodeexecutesandaffectsorattackstheuser.basicText=apexpages.currentpage().getparameters().get('text'); outputText = basicText.replace('\r\n','<br/>'); document.getElementById('{!$Component.textOutput}').innerHTML = '<p>{!outputText}</p>';
<img src=x onerror="alert(\'I said, HEAR YE, HEAR YE, COME ONE, COME ALL!!\');"></img>
TypesofXSSAttacks• StoredXSS
o StoredXSSoccurswhenamaliciousinputispermanentlystoredonaserverandreflectedbacktotheuserinavulnerablewebapplication.
• ReflectedXSSo ReflectedXSSoccurswhenmaliciousinputissenttoaserverandreflectedbacktotheuserontheresponse
page.
• DOM-basedXSSo DOM-basedXSSoccurswhenanattackpayloadisexecutedasaresultofmodifyingthewebpage’s
documentobjectmodel(DOM)inthevictimuser’sbrowser.
ImpactofXSS• Arbitraryrequests
o AnattackercanuseXSStosendrequeststhatappeartobefromthevictimtothewebserver.• Malwaredownload
o XSScanprompttheusertodownloadmalware.Sincethepromptlookslikealegitimaterequestfromthesite,theusermaybemorelikelytotrusttherequestandactuallyinstallthemalware.
• Logkeystrokeso Theattackercanmonitorkeyboardentries,possiblyfindingusernamesandpasswordstoaccessaccountsat
laterdates.
CommonXSSMitigations• InputFiltering
o Blacklisting—Specific“bad”charactersorcombinationsofcharactersarebanned,meaningtheycan’tbeenteredorstored.
o Whitelisting—Onlycharactersorwordsfromaknownlistofentriesarepermitted,preventingmaliciousinput
• OutputEncoding
Built-inXSSProtectionsinLightningPlatform• AutomaticHTMLEncoding
o SalesforceautomaticallyHTMLencodesanyvaluesandmergefieldsplacedinHTMLcontext.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 52
o Theplatformchanged"<"and"<"into"<"and">"byautomaticallyHTMLencodingthespecialcharacters.Theplatformtreatsthedataastext,notcode.
o DisablingAutomaticHTMLEncoding§ <apex:outputTextescape="false">
• SalesforceDefaultProtectionsinDifferentExecutionContextso HMTLContexto ScriptContexto StypeContext
PreventXSSinLightningPlatformApplications• IfthevalueisgoingtobeparsedbytheJavaScriptparser,useJSENCODE().• IfthevalueisgoingtobeparsedbytheHTMLparser,useHTMLENCODE().• Ifit’sacombinationofboth…
o UseJSENCODE(HTMLENCODE())o OrJSINHTMLENCODE().
PlatformEncodinginApex• SalesforceprovidesvariousApexencodingfunctionsthroughtheLightningPlatformESAPI,whichexportsglobalstatic
methodsthatyoucanuseinyourpackagetoperformsecurityencoding.• ThispackagecanbeinstalledinanySalesforceorgasanunmanagedpackage.
SOQLInjection
ImpactofSOQLInjection• SinceSOQLisnarrowerthanSQLintermsofwhatausercando,SOQLreducestheattacksurfaceandlimitswhatan
attackercandowithavulnerablequery.o Nocommandexecution,thereforenoabilitytoexploittheunderlyingOSrunningtheSalesforceservice.o Nodeletemethod,thereforenoabilitytointeractdestructively.o Noinsertorupdatemethods,thereforenoabilitytoadddata,useraccounts,orpermissionstothesystem
• AnattackerwhoisabletosuccessfullyexploitSOQLinjectioncanaccessfieldsthatadeveloperdidnotintendtorevealorthatausershouldnotordinarilyhaveaccessto.
SOQLInjectionPrevention• Staticquerieswithbindvariables• String.escapeSingleQuotes()• Typecasting• Replacingcharacters
o Usevar.replaceAll('[^\w]','')• Whitelisting
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 53
StoringSensitiveData• Sensitivedataisalsocalledpersonally-identifyinginformation(PII)orhighbusinessimpact(HBI)data.
SensitiveData-Whatisit?Sensitivedatacaninclude:
● Passwords● Passphrases● Encryptionkeys● OAuthtokens● Purchaseinstruments,suchascreditcardnumbers● Personalcontactinformationsuchasnames,phonenumbers,emailaddresses,accountusernames,physicaladdresses,
andmore● Demographicinformationsuchasincome,gender,age,ethnicity,education● Insomestatesandcountries:machineidentifyinginformationsuchasMACaddress,serialnumbers,IPaddresses,and
more
Measures
HardcodedSecrets• Storingsensitiveinformationinthesourcecodeofyourapplicationmightnotalwaysbeagoodpractice,anyone
thathasaccesstothesourcecodecanviewthesecretsincleartext.
DebugLogs• Debuglogsinapexcodeshouldnotcontainanysensitivedata• Sensitiveinformationshouldalsobenotbesentto3rdpartybyemailsorothermeansaspartofreporting
possibleerrors.
SensitiveInfoinURL• Longtermsecretslikeusername/passwords,APItokensandlonglastingaccesstokensshouldnotbesentvia
GETparametersinthequerystring.• ItisfinetosendshortlivedtokenslikeCSRFtokensintheURL.SalesforcesessionidoranyPIIdatashouldnotbe
sentoverURLtoexternalapplications.
Salesforce.comIntegrations• ExternalapplicationsshouldnotstoreSalesforce.comusercredentials(usernames,passwords,orsessionID's)in
externaldatabases.• InordertointegrateanexternalapplicationwithSalesforce.comuseraccounts,theOAuthflowshouldbeused.
SampleVulnerability
• Ifyoumuststorepasswords(includingnon-Salesforcepasswords),notethatstoringtheminplaintextorhashed(suchaswiththeMD5function)makesyourapplicationvulnerabletomassuserexploitation
• ifanattackercangetaccess(evenjustread-onlyaccess)toyourdatabase(suchasthroughstealingabackuptapeorSQLinjection).
• AlthoughasuccessfulSQLinjectionordataexposureattackisahugeprobleminitself,iftheattackercanrecoverpasswordsfromthedata,theycantransparentlycompromiseuseraccountsonamassscale.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 54
SecuringDatainApplication
IsMyApplicationVulnerable?
• Ifyourapplicationstoresthesalesforce.comuserpassword,yourapplicationmaybevulnerable.
• Ifyourapplicationcollectsotherformsofsensitivedata,yourapplicationmaynotbecompliantwithindustrystandardsandtheleakageofthatsensitivedatamaycauseasignificantprivacyincidentwithlegalconsequences.
HowCanITestMyApplication?
• Reviewtheschemeusedtostoresensitivedataandidentifyinformationcollectedinusecasesandworkflows.
HowDoIProtectMyApplication?Consideranapplicationthatmustauthenticateusers.
• Wehavetostoresomeformoftheuser’spasswordinordertoauthenticatethem.
• Wedon’twanttostorethepasswordinplaintextform
Problem1
• Wecouldencryptthepasswords,butthatwouldrequireanencryptionkey — andwherewouldwestorethat?
Ø Developershavehistoricallyusedacryptographichashfunction,aone-wayfunctionthatis(supposedly)computationallyinfeasibletoreverse.Theythenstorethehashoutput:
hash=md5 #orSHA1,orTiger,orSHA512,etc.storedPasswordHash=hash(password)authenticated?=hash(password)==storedPasswordHash
• Theplaintextpasswordisneverstored.
Problem2• theattackercaneasilypre-computethehashesofalargepassworddictionary.Thentheattackermatchestheir
hashestothoseintheirstolendatabase.
• Toaddressthisproblem,developershavehistorically“salted”thehash:
salt=generateRandomBytes(2)storedPasswordHash=salt+hash(salt+password)
• Thegoalistomakeattackershavetocomputeamuchlargerdictionaryofhashes• Theonlyobstaclehereisthecostofthecomputingresourcesrequiredtoperformthesecalculations,andasingle
roundofMD5orSHA-1isnolongerexpensiveenoughtoslowattackersdown.
Problem3• Fast,cheapandhighlyparallelcomputationonspecializedhardwareorcommoditycomputeclustersmakesbrute
forcesearchwithadictionaryquiteaffordableandaccessible,eventoadversarieswithfewresources.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 55
Ø ThecanonicalsolutionisbcryptbyNielsProvosandDavidMazières.Theideaisthatwetunethehashingfunctiontobe
pessimal;ProvosandMazièresuseamodifiedformoftheBlowfishciphertopessimizeitsalready-slowsetuptimeØ Thebenefitofthisapproachisthatitslowsdowntheattackergreatly,butfortheapplicationtoverifyasingle
passwordcandidatestilltakesessentiallynotime.
ApexandVisualforceApplicationsTherearemultiplewaystoprotectsensitivedata,dependingonthetypeofsecretbeingstored,whoshouldhaveaccess,andhowthesecretshouldbeupdated.
Ø ProtectedCustomMetadataTypeso Withinanamespacedmanagedpackage,protectedcustommetadatatypesaresuitableforstoring
authenticationdataandothersecretso .CustommetadatatypescanalsobeupdatedviatheMetadataAPIintheorganizationthatcreatedthetype,
andcanberead(butnotupdated)atruntimeviaSOQLcodewithinanapexclassinthesamenamespaceasthemetadatatype.
Ø ProtectedCustomSettingso SettingthevisibilityoftheCustomSettingDefinitionto“Protected”andincludingitinamanagedpackage
ensuresthatit’sonlyaccessibleprogrammaticallyviaApexcodethatexistswithinyourpackageo Unlikecustommetadatatypes,customsettingscanbeupdatedatruntimeinyourApexclass,butcannotbe
updatedviatheMetadataAPI.o The“transient”keywordshouldbeusedtodeclareinstancevariableswithinVisualforcecontrollerstoensure
theyarenottransmittedaspartoftheviewstate.Ø ApexCryptoFunctions
o TheApexcryptoclassprovidesalgorithmsforcreatingdigests,MACs,signaturesandAESencryption.o WhenusingthecryptofunctionstoimplementAESencryption,keysmustbegeneratedrandomlyandstored
securelyinaProtectedCustomSettingorProtectedCustomMetadatatype.o NeverhardcodethekeyinwithinanApexclass.
Method SupportedStandards
Encrypt()EncryptWithManagedIv()Decrypt()DecryptWithManagedIv()
AES128,AES192,AES256forencryption.PCKS#5paddingandCipherBlockChaining.
generateDigest()generateMac()
MD5,SHA1,SHA256,SHA512
sign() SHA1withRSA
Ø EncryptedCustomFieldso Encryptedcustomfieldsaretextfieldsthatcancontainletters,numbers,orsymbolsbutareencryptedwith
128-bitkeysandusetheAESalgorithm.o Thevalueofanencryptedfieldisonlyvisibletousersthathavethe“ViewEncryptedData”permission.o Wedonotrecommendstoringauthenticationdatainencryptedcustomfields,howeverthesefieldsare
suitableforstoringothertypesofsensitivedata(creditcardinformation,socialsecuritynumbers,etc).• NamedCredentials
o NamedCredentialsareasafeandsecurewayofstoringauthenticationdataforexternalservicescalledfromyourapexcodesuchasauthenticationtokens.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 56
o Beawarethatuserswithcustomizeapplicationpermissioncanviewnamedcredentials,soifyoursecuritypolicyrequiresthatthesecretsbehiddenfromsubscribers,thenpleaseuseaprotectedcustommetadatatypeorprotectedcustomsetting.
GeneralGuidanceWhenstoringsensitiveinformationonamachine:
● Allauthenticationsecretsmustbeencryptedwhenstoredondisk.● Forclientappsrunningonadesktop,laptop,tablet,ormobiledevice,storeallsecretsinthevendorprovidedkey
store(keychaininOSX/iOSdevices,keystoreinAndroiddevices,orintheregistryprotectedwiththeDP-APIonwindowsdevices.)Thisisahardrequirementtopassthesecurityreview.
● Forservicesrunningonserversthatmustbootwithoutuserinteraction,storesecretsinadatabaseencryptedwithakeynotavailabletothedatabaseprocess.Theapplicationlayershouldprovidethekeyasneededtothedatabaseatruntimeorshoulddecrypt/encryptasneededinitsownprocessspace.
● Donotstoreanycryptographickeysusedforprotectingsecretsinyourapplicationcode● Salthashes,andifpossiblestoresaltsandhashesseparately● Leveragestrongplatformcryptographicsolutions● Checkifframeworks/platformshavealreadyaddressedtheproblem● UseSSL/TLStotransmitsensitivedata
ASP.NET• ASP.NETprovidesaccesstotheWindowsCryptoAPIsandDataProtectionAPI(DPAPI).• Thisisintendedtobeusedforthestorageofsensitiveinformationlikepasswordsandencryptionkeysifthe
DataProtectionPermissionhasbeengrantedtothecode.• ThestrongestsolutionforASP.NETwouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,
suchasacryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingtheunderlyingCryptoAPIwithavendorsuppliedCryptoAPICryptographicServiceProvider(CSP).
Java• JavaprovidestheKeyStoreclassforstoringcryptographickeys.Bydefaultthisusesaflatfileontheserverthatis
encryptedwithapassword.Forthisreason,analternativeCryptographicServiceProvider(CSP)isrecommended.• ThestrongestsolutionforJavawouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,suchas
acryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingthevendor'ssuppliedCSPinthatjava.securityconfigurationfile
• WhennotusingaCSP,iftheproductisaclientapplication,youmustuseJAVAbindingstostorethepassphraseprotectingthekeystoreinthevendorprovidedkeystore
PHP• PHPdoesnotprovidecryptographicallysecurerandomnumbergenerators.Makesuretouse/dev/urandomasthe
sourceforrandomnumbers.• Usethemcryptlibraryforcryptographyoperations.Saltedhashesandsaltscouldbesubsequentlystoredina
database.• Aframeworkcalledphpassoffers"OpenBSD-styleBlowfish-basedbcrypt"forPHP.• Forclientapps,youmustusenativebindingstostoreusersecretsinthevendorprovidedkeystore.
RubyonRails
• ThereisacopyofbcryptspecificallyforRubycalledbcrypt-ruby.• Forclientapps,youmustuserubybindingstostoresecretsinthevendorprovidedkeystore.
Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide
TAHSINZULKARNINE 57
Python
• Useamodulethatinteractswiththevendorprovidedkeystoressuchasthepythonkeyringmodule.
Flash/Airapps
• UsetheEncryptedLocalStorewhichcontainsbindingstousevendorprovidedkeystorestostoresecrets.