Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 1

SharingandVisibilityDesignerStudyGuide

Force.comSecurity..................................................................................................................................................................................6Usersandsecurity...............................................................................................................................................................................6UserPassword.................................................................................................................................................................................6UserAuthentication........................................................................................................................................................................6Network-basedSecurity..................................................................................................................................................................6SessionSecurity...............................................................................................................................................................................6Auditing............................................................................................................................................................................................6DataAuditing...................................................................................................................................................................................6

Programmaticsecurity........................................................................................................................................................................7SecurityTokens................................................................................................................................................................................7OAuth...............................................................................................................................................................................................7

Platformsecurityframework..............................................................................................................................................................7SystemPermissions.........................................................................................................................................................................7

AdministrativePermissions.................................................................................................................................................................................7Reports.................................................................................................................................................................................................................7Data......................................................................................................................................................................................................................7

ComponentPermissions.................................................................................................................................................................8Record-basedSharing......................................................................................................................................................................8

Organization-wideDefaults.................................................................................................................................................................................8Sharing.................................................................................................................................................................................................................8

SharingArchitecture................................................................................................................................................................................9Licenses................................................................................................................................................................................................9FullSharingModelUsageUsers/Licenses.......................................................................................................................................9HighVolumeCustomerPortalLicense............................................................................................................................................9ChatterFreeLicense........................................................................................................................................................................9CommunityLicense.........................................................................................................................................................................9

CommunityLicensesandlimits.........................................................................................................................................................................10Components......................................................................................................................................................................................10ControlDataAccess.......................................................................................................................................................................11ProfilesandPermissionSet...........................................................................................................................................................11RecordOwnershipandQueues....................................................................................................................................................11OrganizationwideDefaults...........................................................................................................................................................11RoleHierarchy...............................................................................................................................................................................12PublicGroups.................................................................................................................................................................................12Ownership-basedSharingRules....................................................................................................................................................13Criteria-basedSharingRules.........................................................................................................................................................13ManualSharing..............................................................................................................................................................................13Teams.............................................................................................................................................................................................13TerritoryHierarchy........................................................................................................................................................................13AccountTerritorySharingRules....................................................................................................................................................14ProgrammaticSharing...................................................................................................................................................................14ImplicitSharing..............................................................................................................................................................................14

Sharingbetweenaccountsandchildrecords...................................................................................................................................................15Sharingbehaviorforportalusers......................................................................................................................................................................15

Considerationswhenterritorymanagementisneed.......................................................................................................................15WhathappenstotheRoleHierarchy?..........................................................................................................................................15CanYouStillUseTeams?..............................................................................................................................................................15RealignmentandReassignment....................................................................................................................................................16

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 2

LargeDataVolumes.......................................................................................................................................................................16DeferSharingCalculations............................................................................................................................................................16DataSkews/OwnershipSkews......................................................................................................................................................16AccountDataSkew........................................................................................................................................................................16

HowtoAvoidAccountDataSkew.....................................................................................................................................................................16TheAccountHierarchiesImpactonDataAccess.........................................................................................................................16

Troubleshooting................................................................................................................................................................................17TerritoryManagement..........................................................................................................................................................................18Setup..................................................................................................................................................................................................18TerritoryModel.................................................................................................................................................................................18TerritoryModelState........................................................................................................................................................................19AssignmentRule................................................................................................................................................................................19Filter-basedopportunityterritoryassignment.................................................................................................................................19GettheMostfromTerritoryManagement......................................................................................................................................20ReportonTerritories.........................................................................................................................................................................20Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)................................................................21PermissionsAffectEnterpriseTerritoryManagement?...................................................................................................................21Considerations:..................................................................................................................................................................................21

Account&OpportunityTeams..............................................................................................................................................................22AccountTeams..................................................................................................................................................................................22

SetUpandManageAccountTeams.................................................................................................................................................................22EnableAccountTeams............................................................................................................................................................................22CustomizeAccountTeamRoles..............................................................................................................................................................22Considerations.........................................................................................................................................................................................22

AddAccountTeamMembers............................................................................................................................................................................22ConsiderationsforRemovingAccountTeamMembers...................................................................................................................................22AccountTeamFields..........................................................................................................................................................................................23

OpportunityTeams............................................................................................................................................................................23UnderstandingSharing..........................................................................................................................................................................24ManagedSharing...............................................................................................................................................................................24UserManagedSharing......................................................................................................................................................................24ApexManagedSharing......................................................................................................................................................................24TheSharingReasonField..................................................................................................................................................................24AccessLevels.....................................................................................................................................................................................25SharingConsiderations..................................................................................................................................................................25

SecurityandSharinginCustomer&PartnerCommunity................................................................................................................26ShareGroup...................................................................................................................................................................................26SharingSets...................................................................................................................................................................................26

ObjectsSupported.............................................................................................................................................................................................26Userlicenses......................................................................................................................................................................................................26Usage..................................................................................................................................................................................................................27

SharingDatawithPartnerUsers.......................................................................................................................................................27Groups/Categories........................................................................................................................................................................27Usage.............................................................................................................................................................................................27

ApexManagedSharing......................................................................................................................................................................28SharingaRecordUsingApex.........................................................................................................................................................28ShareObjectProperties................................................................................................................................................................28CreatingUserManagedSharingUsingApex................................................................................................................................29CreatingApexManagedSharing...................................................................................................................................................29ApexSharingReasonCreation......................................................................................................................................................29Considerations...............................................................................................................................................................................30

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 3

CreatingApexManagedSharingforCustomerCommunityPlususers.......................................................................................30Waystoshare:...................................................................................................................................................................................................30

ApexSharingRecalculation...........................................................................................................................................................30AssociateanApexmanagedsharingrecalculationclass..................................................................................................................................30

Considerationsforrecalculations.................................................................................................................................................30WithSharing..................................................................................................................................................................................31WithoutSharing.............................................................................................................................................................................31InheritedSharing...........................................................................................................................................................................31

EnforcingSharingRules.....................................................................................................................................................................31WhoCanSeeMyFile?...........................................................................................................................................................................33Actionsforyourfilepermissions.......................................................................................................................................................33Considerations...................................................................................................................................................................................33

CreateaCustomListViewinSalesforceClassic...................................................................................................................................34USERPERMISSIONSNEEDED...................................................................................................................................................................34

Considerations...................................................................................................................................................................................34ShareaReportorDashboardFolderinSalesforceClassic...................................................................................................................34

USERPERMISSIONSNEEDED...................................................................................................................................................................34AccessandLimits...............................................................................................................................................................................34

DesigningRecordLevelAccessforEnterpriseScale.............................................................................................................................36SurvivingOwnerChangeOperations................................................................................................................................................36UsingApexSharingReasons.........................................................................................................................................................36UsingOutboundMessaging..........................................................................................................................................................36UsingaTrigger...............................................................................................................................................................................36UsingaShadowTable....................................................................................................................................................................36CompletingtheArchitecture.........................................................................................................................................................36

GroupMaintenanceTables...............................................................................................................................................................37GroupsandComposition...............................................................................................................................................................37Example.........................................................................................................................................................................................38TerritoryManagementGroups.....................................................................................................................................................38Considerations...............................................................................................................................................................................38Obtainpeakperformance:............................................................................................................................................................38

AccessGrants.....................................................................................................................................................................................39CommonGroupandDataUpdates...................................................................................................................................................39GroupMembershipLocking..............................................................................................................................................................40Takeaway:TuningGroupMembershipforPerformance.................................................................................................................40Takeaway:TuningDataRelationshipsandUpdatesforPerformance.............................................................................................40Force.comRecordLockingCheatsheet.............................................................................................................................................40ToolsforLarge-ScaleRealignments..................................................................................................................................................41ParallelSharingRuleRecalculation...............................................................................................................................................41DeferredSharingMaintenance.....................................................................................................................................................41

Howworksinpractice.......................................................................................................................................................................................41Howithelps.......................................................................................................................................................................................................41Considerations:..................................................................................................................................................................................................42

GranularLocking............................................................................................................................................................................42KeyAdvantages..................................................................................................................................................................................................42Considerations:..................................................................................................................................................................................................42

ClassicEncryptionforCustomFields....................................................................................................................................................43Restrictions........................................................................................................................................................................................43BestPractices.....................................................................................................................................................................................43

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 4

SalesforceShield....................................................................................................................................................................................44PlatformEncryption...........................................................................................................................................................................44EncryptFields................................................................................................................................................................................44DifferenceBetweenClassicEncryptionandShieldPlatformEncryption.....................................................................................45ShieldPlatformEncryptionBestPractices....................................................................................................................................45

EventMonitoring...............................................................................................................................................................................46FieldAuditTrail..................................................................................................................................................................................46Usage.............................................................................................................................................................................................46ObjectsSupported.........................................................................................................................................................................46Fieldcan’tbetracked....................................................................................................................................................................47Considerations...............................................................................................................................................................................47

DataLeakPrevention............................................................................................................................................................................48Authorization.....................................................................................................................................................................................48HowtheSalesforcePlatformEnforcesAuthorization?....................................................................................................................48UserContext..................................................................................................................................................................................48SystemContext..............................................................................................................................................................................48

PurposeofMultipleContexts............................................................................................................................................................48CRUDandFLSEnforcementinVisualForceandLighttning..............................................................................................................49ProtectAgainstCRUDandFLSViolations.........................................................................................................................................49IsMyApplicationVulnerable?...........................................................................................................................................................49HowCanITestMyApplication?.......................................................................................................................................................49

runAsMethod........................................................................................................................................................................................50Nesting...............................................................................................................................................................................................50OtherUsesofrunAs..........................................................................................................................................................................50

InjectionVulnerabilityPrevention.........................................................................................................................................................51Cross-SiteScripting(XSS)....................................................................................................................................................................51TypesofXSSAttacks......................................................................................................................................................................51ImpactofXSS.................................................................................................................................................................................51CommonXSSMitigations..............................................................................................................................................................51Built-inXSSProtectionsinLightningPlatform..............................................................................................................................51PreventXSSinLightningPlatformApplications............................................................................................................................52PlatformEncodinginApex............................................................................................................................................................52

SOQLInjection...................................................................................................................................................................................52ImpactofSOQLInjection...............................................................................................................................................................52SOQLInjectionPrevention............................................................................................................................................................52

StoringSensitiveData............................................................................................................................................................................53SensitiveData-Whatisit?................................................................................................................................................................53Measures...........................................................................................................................................................................................53HardcodedSecrets........................................................................................................................................................................53DebugLogs....................................................................................................................................................................................53SensitiveInfoinURL......................................................................................................................................................................53Salesforce.comIntegrations..........................................................................................................................................................53

SampleVulnerability..........................................................................................................................................................................53SecuringDatainApplication.................................................................................................................................................................54IsMyApplicationVulnerable?...........................................................................................................................................................54HowCanITestMyApplication?.......................................................................................................................................................54HowDoIProtectMyApplication?....................................................................................................................................................54

Problem1...........................................................................................................................................................................................................54Problem2...........................................................................................................................................................................................................54

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 5

Problem3...........................................................................................................................................................................................................54ApexandVisualforceApplications................................................................................................................................................55

GeneralGuidance..............................................................................................................................................................................................56ASP.NET..........................................................................................................................................................................................56Java................................................................................................................................................................................................56PHP.................................................................................................................................................................................................56RubyonRails..................................................................................................................................................................................56Python............................................................................................................................................................................................57Flash/Airapps................................................................................................................................................................................57

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 6

Force.comSecurity

Usersandsecurity

UserPassword• PasswordPoliciesletsyoudeterminepasswordexpiration,minimumpasswordcomplexityrequirementsandlockout

periods. • Resetpasswordofselectedusers.

UserAuthentication• DelegatedAuthentication

o auserlogsintotheplatformasusual,buttheplatformusesawebservicecallouttosubmittheusernameandpasswordtoanexternalauthorizationauthority.

o Oncethatauthorityapprovesthelogon,theapprovalispassedbacktotheplatformandtheusercanproceed.

• SecurityAssertionMarkupLanguage(SAML)o UsingSAML,yourrequestgoestotheSAML"identityprovider",aloginpagehostedbyyourorganizationthat

validatesyouridentityandreturnsatoken.o Thetokenispassedtotheplatform,whichverifiestheuserbyvalidatingthatitissignedbytheappropriate

identityprovider.o Thisapproachistypicallyusedwhenyourusersareaccessingyourplatformapplicationsthroughaportal,

whichwouldhandletheinitialauthenticationandavoidtheneedtologintoForce.comagain.

Network-basedSecurity• Thefirstoptionistoallowfromusersfromtrustedlocations,butchallengethemwhentheycomefromnewand

untrustedlocations.Setup|SecurityControls|NetworkAccessallowsyoutowhitelistasetofIPaddressrangesthatyoutrust.

• IfaprofilehasLoginIPrestrictionsdefined,anyuserwiththatprofilecanonlylogintotheplatformfromthoseIPaddresses.

• ThelimitationsimposedonIPaddressesareusedtohelpprotectagainstphishingattacks.

SessionSecurity• TheSetup|SecurityControls|SessionSettingspageletsyoucontrolthissession.

o sessiontimeouto allpagesalwaysbeaccessedusingasecureconnection

Auditing• Setup|ManageUsers|LoginHistorydisplaysthelast20loginstoyourorganization,aswellasaccesstodownload6

monthsworthoflogindata,whichincludesIPaddresses,browsertypesandsoon.• TheSetup|SecurityControls|ViewSetupAuditTrailpageletsyouauditmetadataandsystemchanges.

DataAuditing• Object-levelauditingtrackschangesintheoverallobjectrecords,suchasrecordcreation.• Youcanalsoenableauditingforindividualfields,automaticallytrackinganychangesinthevaluesofselectedfields.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 7

Programmaticsecurity

SecurityTokens• TheemailchallengemechanismisawaytoallowausertologinfromoutsideofanIPrange.• IfaclientisrunfromahostoutsidethewhitelistedIPranges,theclienthastoappendasecuritytokentothepassword

oftheuserthatisbeingauthorized.

OAuth• OAuthisanopenprotocolthatallowsawebsitetoaccessresourcesofanotherwebsitewithouthavingtoexposea

user'scredentials.• Insteadofsupplyingausernameandpassword,OAuthallowsuserstohandoutsecuritytokenstospecificsitesfor

accesstospecificresourcesforadefinedduration.

Platformsecurityframework

SystemPermissions• Systempermissionsaregrantedtoprofiles

AdministrativePermissions• ManageUsers-allowsusertomodifyalluserattributes.• API-enabled-Withoutthispermission,ausercannotaccesstheForce.comsystemfromoutsideoftheenvironment.• API-OnlyUser-preventsuserswiththispermissionintheirprofilefromloggingintotheForce.complatform,except

throughoneoftheWebservicesAPIs.• ViewSetupandConfiguration-allowsuserstoviewcompleteSetupmenu,withouttheabilitytomakechanges.• Passwordneverexpires-asitsays.• Customizeapplication-allowscompleteeditingaccesstooptionsforForce.comapplications• EditHTMLTemplates,ManageLetterheads,ManagePublicTemplates-allrelatedtocomponentsusedforForce.com

messages.• AuthorApex-allowsuserswiththispermissionintheirprofiletocreateandeditApex.RequirestheModifyAllData

permissionasaprerequisite.

Reports• CreateandCustomizeReports-grantsaccesstocreatenewreportsormodifyexistingreports.• RunReports-allowsuserstoaccessthereportstab.• ExportReports-allowsuserstoexportdatafromreportstoanExcelspreadsheetformat.• ManageCustomReportTypes,ManageDashboards,ManagePublicReports,ScheduleDashboards-allowsusersto

manageandmodifytherespectivecomponenttypes.Data

• Thefollowingpermissionsregarddatamanipulation,butfromanadministrativeperspective.SeeRecord-basedSharingforadeveloperperspective:

• ModifyAllData-averypowerfulpermissionthat,ifgrantedglobally,allowsuserstomodifyalldataintheForce.com

organization.• ViewAllData-allowsusertoseealldataintheForce.comorganization,ifgrantedglobally.• EditRead-OnlyFields-allowsuserswiththispermissionintheirprofiletoeditread-onlylimitationssetinapagelayout.• ViewEncryptedData-allowsuserswiththispermissionintheirprofiletoseeplaintextrepresentationofencrypted

data.• WeeklyDataExport-allowsuserswiththispermissionintheirprofiletoperformaweeklydataexport.• DisableOutboundMessaging-preventstheuseofoutboundmessagingfortheprofile.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 8

ComponentPermissionsForce.complatformalsoallowsyoutosetpermissionsonindividualForce.comcomponents:

• Applications• Tabs• Recordtypes• Apexclasses• Visualforcepages

Ø However,permissionsetsandprofilesdon’tincludeaccessforsomecustomprocessesandappsØ Custompermissionsletyoudefineaccesschecksthatcanbeassignedtousersviapermissionsetsorprofiles,similarto

howyouassignuserpermissionsandotheraccesssettings.Youcanquerycustompermissionsintheseways.

• Todeterminewhichusershaveaccesstoaspecificcustompermission,useSalesforceObjectQueryLanguage(SOQL)withtheSetupEntityAccessandCustomPermissionsObjects.

• Todeterminewhatcustompermissionsusershavewhentheyauthenticateinaconnectedapp,referencetheuser'sIdentityURL,whichSalesforceprovidesalongwiththeaccesstokenfortheconnectedapp.

Record-basedSharing

Organization-wideDefaults• Specifytheabsoluteminimumlevelofaccesstotherecordsinanobject.

Sharing• Manually

o Thisbuttonisonalldetailpagesbydefault,althoughthebuttoncanberemovedfromapagelayout.o TheSharebuttonwillnotappearforrecordswhoseorganization-widedefaultissettoPublicRead-Write,as

thereisnoneedtograntfurthersharingprivilegesforrecordsinthisobject.• Sharingrules

o Youcansharerecordstoaroleoragroup,orwithaterritory,whichisdesignedtosupportCRMimplementations.

• Apexo eitherbyautomaticallyassigningsharingwhenarecordiscreated,orbyusingtheApexmanagedsharing

(whichonlyappliestocustomobjects.)

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 9

SharingArchitecture

Licenses

FullSharingModelUsageUsers/Licenses• MostStandardSalesforcelicensetypestakefulladvantageofthesharingmodelcomponents.• Thelicensemightnotmakeamoduleaccessible,orevensomeobjectsaccessible.Forexample,theForce.comFree

editioncan'taccessanyCRMobjects.• However,thesharingentities,andfunctionality,stillexistsandisreadywhenandifthemoduleeverdoesbecome

active.

HighVolumeCustomerPortalLicense• HighVolumeCustomerPortal(HVPU)licenseusers(includingCommunityandServiceCloudlicenseusers)donotutilize

thesharingmodel.• HVPUlicenseshavetheirownsharingmodelthatworksbyforeignkeymatchbetweentheportaluser(holdingthe

license)andthedataonAccountandContactlookups.• HVPUlicenseisonlyusedfortheCustomerPortalandnotthePartnerPortal.

ChatterFreeLicense• TheChatterFreelicensedoesn'tfollowthestandardsharingmodel.• ChatterFreeisacollaboration-onlylicensewiththefollowingfeatures:Chatter,Profile,People,Groups,Files,Chatter

Desktop,andlimitedSalesforce1appaccess.• Thelicensedoesn'thaveaccesstoCRMrecords(standardorcustomobjects)andContentfunctionality,andtherefore,

thereisnosharing.

CommunityLicense

1. CustomerCommunitya. BasicLicenseb. Don’thaveanyroles,socan’tusesharingrulesbutcanusesharingserandgroups.

2. CustomerCommunityPlusa. CustomerCommunity+

i. Reportsanddashboardsii. Delegatedadminiii. Contentlibrariesiv. Recordsacrossaccounts

3. PartnerCommunitya. CustomerCommunity+

i. Leadsandopportunitiesii. Campaigns

Ø CustomerandCustomerCommunityPluslicensesrequireuniqueusernameswithintheSalesforceorgthata

communitybelongsto.Ø PartnerCommunitylicensesandEmployeeCommunitylicensesrequireuniqueusernamesacrossallSalesforceorgs

thattheuserbelongsto.Ø Communitieslicensesareassociatedwithusers,notaspecificcommunity.Ø Unlikeothercommunityusers,high-volumecommunityusersdon’thaveroles,whicheliminatesperformanceissues

associatedwithrolehierarchycalculations

CustomerCommunity CustomerCommunity

PlusPartnerCommunity EmployeeCommunity

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 10

SharingSet

ShareGroup

AccountTeamSharing CaseTeamSharing OpportunityTeamSharing

ManualSharing RoleHierarchy SharingRules ApexSharing

CommunityLicensesandlimits

• InEnterprise,Performance,andUnlimitedorgs,youcancreateupto100communitieswithoutbuyingcommunitieslicenses.

• Thedefaultnumberofrolesperorgis5,000• Unauthenticatedorguestuserswhoaccessyourcommunitydonotuseupanyofyourcommunity'slicenses.• However, to create communities using the Partner Central template, you need to purchase at least one Partner

Communitylicense.• Evenwithoutcommunities’licenses,

o externalusershavesomeaccesstoyourcommunitieso useyourcommunityasapublicknowledgebaseforunauthenticated(orguest)users

• Purchase Community Cloud licenses to allowmembers to log in or give access to Salesforce objects based on yourbusiness needs.

CommunityLicenseType NumberofUsers

PartnerorCustomerCommunityPlus 1millionCustomer 10million SalesforceEdition NumberofPageViews

EnterpriseEdition 500,000/monthUnlimitedEdition Onemillion/month

Components

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 11

ControlDataAccess

1. Createprofilesandpermissionsets–Identifythedifferenttypesofusersyouneedforyourapplication,basedonthedifferentfunctionseachtypeneedstoaccess.

a. Createabaselevelprofileforeachtypeofusersothateachprofilehasonlythepermissionsrequiredforthattypeofusertoperformthesefunctions.

b. Thencreatepermissionsetstohandleexceptions—situationsinwhichausermayneedafewmorepermissions.

2. Assignusers–Assigneachusertotheappropriateprofileandpermissionsets.3. Setsharingmodels–Foreachobject,settheorganization-widedefaultrecordsharingsettingstodeterminewhether

therecordsthateachuserownsarepublicorprivate.4. Shareprivaterecords–Useroles,groups,recordsharingrules,andothermeanstoshareprivaterecordswithother

users.

ProfilesandPermissionSet

• Foreachobject,the“ViewAll”and“ModifyAll”permissionsignoresharingrulesandsettings,allowingadministratorstoquicklygrantaccesstorecordsassociatedwithagivenobjectacrosstheorganization.

• Thesepermissionsareoftenpreferablealternativestothe“ViewAllData”and“ModifyAllData”administrativepermissions

RecordOwnershipandQueues

• Everyrecordmustbeownedbyasingleuseroraqueue• Usershigherinahierarchy(roleorterritory)inheritthesamedataaccessastheirsubordinatesforstandardobjects• Queueshelpyouprioritize,distribute,andassignrecordstoteamswhoshareworkloads.• Queuemembersandusershigherinarolehierarchycanaccessqueuesfromlistviewsandtakeownershipofrecords

inaqueue.

Ifasingleuserownsmorethan10,000records,asabestpractice:

• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole

hierarchy.

OrganizationwideDefaults

• Youuseorganization-widesharingsettingstolockdownyourdatatothemostrestrictivelevel,andthenusetheotherrecord-levelsecurityandsharingtoolstoselectivelygiveaccesstootherusers.

• Organization-widedefaultsaretheonlywaytorestrictuseraccesstoarecord.• Forcustomobjectsonly,usetheGrantAccessUsingHierarchiessetting,whichifunchecked(defaultischecked),

preventsmanagersfrominheritingaccess.• EvenifGrantAccessUsingHierarchiesisdeselected,someusers—suchasthosewiththe“ViewAll”and“ModifyAll”

objectpermissionsandthe“ViewAllData”and“ModifyAllData”systempermissions—canstillaccessrecordstheydon’town.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 12

RoleHierarchy

• Anorganizationisallowed500roles;however,thisnumbercanbeincreasedbySalesforce.• Asabestpractice,keepthe

o numberofnon-portalrolesto25,000andthenumberofportalrolesto100,000.o rolehierarchytonomorethan10levelsofbranchesinthehierarchy.

• Overlaysarealwaysthetrickypartofthehierarchy.Ifthey'reintheirownbranch,they'llrequireeithersharingrules,teams,orterritorymanagementtogainneededaccess

PublicGroupsPublicgroupscanconsistof:

• Users• CustomerPortalUsers• PartnerUsers• Roles• RolesandInternalSubordinates• Roles,InternalandPortalSubordinates• PortalRoles• PortalRolesandSubordinates• Territories• TerritoriesandSubordinates• Otherpublicgroups(nesting)

Ø Asabestpractice,keepthetotalnumberofpublicgroupsforanorganizationto100,000.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 13

Ø Groupsalsohavetheabilitytoprotectdatasharedinthegroupfrombeingmadeaccessibletopeopleintherolehierarchyabovethegroupmembers.

Ø This(anddealingwiththeaccessofrecordownersandtheirmanagementhierarchy)allowsthecreationofgroupsinwhichveryhighlyconfidentialinformationcanbeshared—thedatawillbeaccessibleONLYtogroupmembers,andnobodyelseintheorganization.ThisisaccomplishedbyusingtheGrantAccessUsingHierarchiessetting.

Ownership-basedSharingRules

• Ownership-basedsharingrulesarebasedontherecordowneronly.• Contactownership-basedsharingrulesdon'tapplytoprivatecontacts.• Asabestpractice,keepthenumberofownership-basedsharingrulesperobjectto1,000

Ownership-basedSharingisusedtoprovidedataaccessto

• peerswhoholdthesamerole/territory• othergroupingsofusers(publicgroups,portal.roles,territories).

Criteria-basedSharingRules• Asabestpractice,keepthenumberofcriteria-sharingrulesperobjectto50;however,canbeincreasedbySalesforce.• Toprovidedataaccesstousersorgroupsbasedonthevalueofafieldontherecord.

ManualSharing

• Manualsharingisremovedwhentherecordownerchangesorwhenthesharingaccessgranteddoesn'tgrantadditionalaccessbeyondtheobject'sorganization-widesharingdefaultaccesslevel.

• Onlymanualsharerecordscanbecreatedonstandardobjects• Manualsharerecordsaredefinedassharerecordswiththerowcausesettomanualshare• Allsharerecords(standardandcustomobjects)witharowcausesettomanualsharecanbeeditedanddeletedbythe

Sharebuttonontheobject'spagelayout,evenifthesharerecordwascreatedprogrammatically.• YouhaveaccesstotheSharingbuttonwhenyoursharingmodeliseitherPrivateorPublicReadOnlyforatypeof

recordorrelatedrecord.

Teams• Onlyowners,peoplehigherinthehierarchy,andadministratorscanaddteammembersandprovidemoreaccessto

themember.• Ateammemberwithread/writeaccesscanaddanothermemberwhoalreadyhasaccesstotherecordwithwhichthe

teamisassociated.Theteammembercan'tprovidethemadditionalaccess.• Theteamobjectisnotafirst-classobject.Youcan'tcreatecustomfields,validationsrules,ortriggersforteams.

TerritoryHierarchy

• Territorymanagementisnotreversible,soit’sextremelyimportanttoknowitsimplications• Whenterritorymanagementisenabledyoumustmanageboththerolehierarchyandterritoryhierarchy• TerritoriesexistonlyonAccount,Opportunityandmaster/detailchildrenofAccountsandOpportunities.• Organizationscanhaveupto500territories;• Iftheassignmentrulesforaterritoryarechanged,anyAccountTerritorysharingrulesusingthatterritoryasthesource

willberecalculated.Likewise,ifthemembershipofaterritorychanges,anyownership-basedsharingrulesthatusetheterritoryasthesourcewillberecalculated

TerritoryManagementwillbeusedorconsidered:

• Multiplegroupsofpeople(multipleteams)requireeitherread-onlyorread/writeaccesstoaccounts.• Anadditionalhierarchicalstructure(differentfromtherolehierarchy)isneeded.• Asingleuserneedstoholdmultiplelevelsinthehierarchy.• Globalusers(GAM–globalaccountmanager)needtoseeeverythingfromtheglobalaccountdownward

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 14

AccountTerritorySharingRules• AccountterritorysharingrulesbecomeavailableonlywhenTerritoryManagementhasbeenenabledforan

organization.• Toprovidedataaccesstoaccountswithinaterritory(notbasedonownership)toagroupingofusers.

ProgrammaticSharingIfyoucreateasharerecordprogrammatically,andtheout-of-boxrowcause(manualshare)isused,thenyoucanmaintainthissharerecordwiththeSharebuttonintheappProgrammaticSharingwillbeusedorconsidered:

• Noothermethodofsharing(declarative)meetsthedataaccessneeds.• Thereisanexisting,externalsystemoftruthforuseraccessassignmentswhichwillcontinuetodriveaccessandbe

integratedwithSalesforce.• Poorperformancebyusingnativesharingcomponents.(Usuallyappliestoverylargedatavolumes)• Teamfunctionalityoncustomobjects

ImplicitSharing• Youcanneitherturnitoff,norturniton—itisnativetotheapplication.• Parentimplicitsharingisprovidingaccesstoparentrecords(accountonly)whenauserhasaccesstochildren

opportunities,cases,orcontactsforthataccount• Childimplicitsharingisprovidingaccesstoanaccount’schildrecordstotheaccountowner.

o onlyappliestocontact,opportunity,andcaseobjects(childrenoftheaccount).• Implicitsharingdoesn'tapplytocustomobjects.• TheaccesslevelsthatcanbeprovidedareView,Edit,andNoaccessforeachofthechildrenobjectswhentheroleis

created.

TypeofSharing

Provides Details

Parent Read-onlyaccesstotheparentaccountforauserwithaccesstoachildrecord

• Notusedwhensharingonthechildiscontrolledbyitsparent• Expensivetomaintainwithmanyaccountchildren• Whenauserlosesaccesstoachild,Salesforceneedstocheck

allotherchildrentoseeifitcandeletetheimplicitparent.

Child Accesstochildrecordsfortheowneroftheparentaccount

• Notusedwhensharingonthechildiscontrolledbyitsparent• Controlledbychildaccesssettingsfortheaccountowner’s

role• Supportsaccountsharingrulesthatgrantchildrecordaccess• Supportsaccountteamaccessbasedonteamsettings• Whenauserlosesaccesstotheparent,Salesforceneedsto

removealltheimplicitchildrenforthatuser.

Portal Accesstoportalaccountandallassociatedcontactsforallportalusersunderthataccount

Sharedtothelowestroleundertheportalaccount

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 15

TypeofSharing

Provides Details

HighVolume1

Accesstodataownedbyhighvolumeusersassociatedwithasharingsetforusersmemberofthesharingset'saccessgroup

Allmembersofthesharingsetaccessgroupgainaccesstoeveryrecordownedbyeveryhighvolumeuserassociatedwiththatsharingset

HighVolumeParent

Readonlyaccesstotheparentaccountofrecordssharedthroughasharingset'saccessgroupforusersmemberofthegroup

Maintainstheabilitytoseetheparentaccountwhenusersaregivenaccesstoaccountchildrenownedbyhighvolumeusers

Ø Toallowportaluserstoscaleintothemillions,Communityusershaveastreamlinedsharingmodelthatdoesnotrelyonrolesorgroups,andfunctionssimilarlytocalendareventsandactivities.

Ø CommunityusersareprovisionedwiththeServiceCloudPortalorAuthenticatedWebsitelicenses.

Sharingbetweenaccountsandchildrecords• Accesstoaparentaccount

o Ifyouhaveaccesstoanaccount’schildrecord,youhaveimplicitReadOnlyaccesstothataccount.• Accesstochildrecords

o Ifyouhaveaccesstoaparentaccount,youhaveaccesstotheassociatedchildrecords.Theaccountowner'sroledeterminesthelevelofaccesstochildrecords.

Sharingbehaviorforportalusers• Accountandcaseaccess

o Anaccount’sportaluserhasReadOnlyaccesstotheparentaccountandtoalloftheaccount’scontacts.• ManagementaccesstodataownedbyServiceCloudportalusers

o SinceServiceCloudportalusersdon'thaveroles,portalaccountownerscan'taccesstheirdataviatherolehierarchy.Tograntthemaccesstothisdata,youcanaddaccountownerstotheportal’ssharegroupwheretheServiceCloudportalusersareworking.ThisstepprovidesaccesstoalldataownedbyServiceCloudportalusersinthatportal.

• Caseaccesso Ifaportalorcustomercommunityplususerisacontactonacase,thentheuserhasReadandWriteaccess

onthecase.

Considerationswhenterritorymanagementisneed

WhathappenstotheRoleHierarchy?• Youarenowmanagingtwohierarchies,whichmeanssharingismorecomplex.• Thebestpracticeistoflatten(orsimplify)therolehierarchyasmuchaspossible• Theruleofthumbistomakeyourrolehierarchyyournon-saleshierarchy,trytoflattenthesaledepartment

branch(es),andthenusetheterritoryhierarchyasyour“sales”hierarchy. CanYouStillUseTeams?

• Yes.However,onlyimplementteamsifnootherexistingsharingcomponentwillsatisfytherequirement.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 16

RealignmentandReassignment• Asaruleofthumb,havehierarchystructural(realignments)changesoccurnomorethanquarterlyandallchangesof

highvolume(bulkormasschanges)bewellplanned,tested,andcoordinated.

LargeDataVolumes• Ifyouhavemorethantwomillionaccounts,andhaveimplementedteamsorTerritoryManagement,youespecially

needtopayattentiontoperformance.• Thesearecomplexsharingmodelcomponentsthatcanmakeforahugevolumeofsharerecordsandhence,long

runningtransactions.

DeferSharingCalculations• Natively,everyindividualchangetotherolehierarchy,territoryhierarchy,groups,sharingrules,userroles,team

membership,orownershipofrecordscaninitiateautomaticsharingcalculations.• Defersharinghelpshere.

DataSkews/OwnershipSkews• Dataskewsaredefinedasafewparentrecordswithmanychildrenrecords.

o Theratiowherewestartseeingperformancedegradationis1:10,000.o Asabestpractice,keeptheratioasclosetothataspossible(lowerispreferred).

• Ownershipskewswhereasingleuser,role,orgroupowningalargenumberofrecordsforanobjecto Therecommendedratioofownhffertonumberofrecordsisalso1:10,000.

Ifasingleuserownsmorethan10,000records,asabestpractice:

• Theuserrecordoftheownershouldnotholdaroleintherolehierarchy.• Iftheowner'suserrecordmustholdarole,theroleshouldbeatthetopofthehierarchyinitsownbranchoftherole

hierarchy.• Iftheuser(s)musthavearoletosharedata,werecommendthatyou:

o Placetheminaseparateroleatthetopofthehierarchyo Notmovethemoutofthattop-levelroleo Keepthemoutofpublicgroupsthatcouldbeusedasthesourceforsharingrules

AccountDataSkew• AccountdataskewoccurswhenanAccount’sparentobjecthasmorethan10,000childobjects

Twosituationsinparticularposeariskofproducinglockingerrors.

• Updatestoparentrecordsandtheirchildrenarebeingprocessedsimultaneouslyinseparatethreads.• Updatestochildrecordsthathavethesameparentrecordsarebeingprocessedsimultaneouslyinseparatethreads

HowtoAvoidAccountDataSkew

• Designarchitecturetolimitaccountobjectsto10,000children.SomepossiblemethodsincludecreatingapoolofAccountsandassigningchildreninaroundrobinfashionorusingCustomSettingsforthecurrentAccountandthenumberofchildren.

• Ifpossible,consideraPublicRead/Writesharingmodelinwhichtheparentaccountstayslocked,butsharingcalculationsdon’toccur.

• Ifyouhaveaskewedaccount,redistributechildobjectsinchunksduringoff-peakhourstolessentheimpactofrecord-levellockcontention.BatchApexortheBulkAPIareusefulwaystore-parent.

TheAccountHierarchiesImpactonDataAccess• aparent/childrelationshipbetweentworecordsdoesnotdriveaccess.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 17

TroubleshootingWhyausercanorcan'tseearecord.Hereisatroubleshootingflow:

1. Verifythattheuserhaspermissionstoaccesstotheobject.2. Identifytheuser'srolewhocan'tseetherecordandnoteit.3. Identifytheowner'sroleoftherecordandnoteit.4. Reviewtherolehierarchyandverifythesetworolesareintwodifferentbranches(theyshouldbe).5. Nowyouneedtoreviewthesharingrulesfortheobjectandmakesurethereisnorulethatwillgranttheuseraccess.6. Ifyouareusingteams,shouldthisuserbeontheteamforthatrecord?Howareteamsmaintainedandhowdidthe

missoccur?7. Ifmanualsharingisused,theusermayhavelostaccessbecausetherecordownerchanged.Manualsharesare

droppedwhenownershipchanges.ThemanualsharecouldalsohavebeenremovedusingtheSharebutton.8. Ifyouareusingterritorymanagement,istheusermissingfromoneoftheterritories?Whereisthemembershipof

territoriesmaintainedandhowdidthemissoccur?Or,maybetherecorddidnotgetstampedwiththeterritorywheretheuserisamember.

9. Ifyouarecreatingprogrammaticsharesandtherearecriteriaforcreatingtheshareincode,reviewthecodetounderstandwhythisuserwasomitted.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 18

TerritoryManagementEnterpriseTerritoryManagement:

• Salesforceadminscansetupandtestterritorymodelsbeforeimplementingthem.• It’seasytomakeassignmentsbetweenterritories,accounts,andopportunities.• Reportshelpteamsorganizeforoptimalcoverageandassessterritoryeffectiveness.• IfyouuseCollaborativeForecasts,youcanforecastbyterritory.

WhatIt’sCalled WhatItDoes

Territory • Helpsyouorganizegroupsofaccountsandthesalesrepswhoworkwiththoseaccounts.• Youcreateterritoriesbasedonterritorytypes.

Territorytype • Everyterritoryyoucreatehasaterritorytype.Youuseterritorytypesonlytoorganizeandcreateterritories.T

• heydon’tappearonterritorymodelhierarchies.Territorytypepriority • Helpsyouchoosetheappropriateterritorytypeforterritoriesyoucreateoredit.Youcreate

yourownpriorityscheme

Territorymodel • Modelingletsyoucreateandpreviewmultipleterritorystructuresanddifferentaccountanduserassignmentsbeforeyouactivatethemodelthatworksbest.

Territoryhierarchy • Youstartfromthehierarchytocreate,edit,anddeleteterritories;runassignmentrulesforterritories,andnavigatetoterritorydetailpagesformoreinformation.

• Fromthehierarchy,youcanalsoassignterritoriestoopportunities,runassignmentrulesatthemodellevel,andactivateorarchivethemodel.Yourterritoryhierarchyintheactiveterritorymodelalsodeterminestheforecastshierarchyforterritoryforecasts.

Territorymodelstate • Indicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.

Setup

• Setup->ManageTerritories->Settings->EnableTerritoryManagement• Createterritorytypeandmodel.• Fromtheterritorymodel->ViewHierarchy->createaterritory.

TerritoryModel

• Thislimitincludesmodelscreatedbycloning.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 19

TerritoryModelState

• Territorymodelstateindicateswhetheraterritoryisintheplanningstage,inactiveuse,orarchived.• Youcanhaveonlyoneactiveterritorymodelatatime,butyoucancreateandmaintainmultiplemodelsinplanningor

archivedstatetouseforextramodelingorreference.

LIFECYCLESTATE DEFINITION

Planning Thedefaultstateforeverynewterritorymodelyoucreate.ThePlanningstateletsyoupreviewamodel’sterritoryhierarchybeforedeployingit.

Active Thestateofaterritorymodelafteryouactivateitandallprocessingiscomplete.OnlyonemodelinyourSalesforceorganizationcanbeactiveatatime.

Archived Thestateofaterritorymodelafteryouarchiveitandallprocessingiscomplete.Anarchivedmodelletsadminsviewhierarchyandruleassignmentsastheywereconfiguredwhenthemodelwasactive.Onlytheactivemodelcanbearchived,andarchivedmodelscannotbereactivated.

ERRORSTATE DEFINITION

ActivationFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.

ArchivingFailed Anerroroccurredduringactivation.CheckyouremailformoreinformationfromSalesforce.

AssignmentRule

• AruletellsEnterpriseTerritoryManagementtoassignaccountswiththosecharacteristicstothatterritory.• IfyourterritoryisinPlanningstate,runningrulesletsyoupreviewaccountassignments.• IfyourterritoryisinActivestatewhenyourunrules,accountsareassignedtoterritoriesaccordingtoyourrules.

Filter-basedopportunityterritoryassignment

• Manuallyassigningaopportunitytoterritoryusing“territoryfield”inopportunity.• ApexClassrequiredforFilter-BasedOpportunityTerritoryAssignment

o ImplementsOpportunityTerritory2AssignmentFilterinterface.• EnableFilter-BasedOpportunityTerritoryAssignmentandsettheclass.• YoucanassignterritorytypepriorityviatheAPIbyupdatingtheTerritory2Typeobject’sPriorityfield.• ManuallyExcludeanOpportunityfromFilter-BasedTerritoryAssignmentusing“Excludefromtheterritoryassignment

filterlogic”inopportunity.• RunOpportunityFilterfromTerritorymodel’shierarchyinSetup.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 20

GettheMostfromTerritoryManagement

• Cloneaterritoryfromterritorymodelpage.• TerritoryUsersbyTerritoryRole

o Setup->TerritoryAssociations->RoleinTerritoryo Assignroles.TerritoryRecord->AssignedUserRelatedlist->Edit->RoleinTerritory.

• ChattertoCollaborateonTerritoryModelsusingSetup->Chatter->FeedTracking->TerritoryModel->Enablefeedtracking

ReportonTerritories

• FirstyouneedacustomTerritoryManagementreporttypethatrelatestheobjectsyouwanttoreporton.• Thenyoucreatereportsthatbelongtothattype.• Steps:

o OntheReportstab,clickNewReporto Chooseanaccountoropportunityreporttype,andthenclickContinue.o IntheShowMefilterfield,selectMyterritories’orMyterritoryteam’sasthefiltercriterion.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 21

Differences-TerritoryManagement(1.0)andEnterpriseTerritoryManagement(2.0)NOTE:Pleasenotethat(x)means"Available"inthebelowtable Features TerritoryManagement1.0 EnterpriseTerritoryManagement2.0

MultipleTerritories/Hierarchy XRunTerritoriesonTerritoryTree/ListViewPage

X

PreviewTerritory X(partial,notpersisted) XInheritedTerritoryRules X XTerritoryType/Priority XTerritoryModels XEnable/DisableTerritoryManagement X XAssignmentofTerritoryonOpportunities X X(Spring'15)IntegrationwithCustomizableForecasting X IntegrationwithCollaborativeForecasts X(forecastsbasedonterritoryhierarchy,notrole

hierarchy)ManualAssignmentofAccounttoTerritory X XSeparationofRuleExecutionvsDeployment XReports/Dashboards X XTerritoryHierarchyDeepClone XRuleSharingamongmultipleTerritories XMyTerritoriesScopeinAccountListViews X XMyTerritoriesScopeinAccountReports X X(Spring'15)AuditTrail XMetadataAPISupport XUserRoleinTerritory XTriggeronUsertoTerritoryAssociationObject XShareareport/dashboardfolderwithaterritory

X

Createapublicgroupwithterritory X

PermissionsAffectEnterpriseTerritoryManagement?

• SalesOperationsmanagersandselectedSalesmanagerstobeabletomanageterritories.o Ifso,assignthemthe“ManageTerritories”permission.

• Anyonewhowillalsocreateaccountassignmentrulesalsoo needsthe“ViewAll”permissiononAccounts.

• SalesforceSetuptree,includingterritoriessettingso ViewSetupandConfiguration

Considerations:

• IfusingEnterpriseTerritoryManagement,territorysharinggroupscan’tbeusedinasharingrule.• IfusingEnterpriseTerritoryManagement,userscan’tmanuallysharearecordtoaterritory.• IfusingEnterpriseTerritoryManagement,youcan’tuseterritorysharinggroupsprogrammatically

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 22

Account&OpportunityTeams

AccountTeams

• Anaccountteamisateamofuserswhoworktogetheronanaccount.• Useaccountteamstoeasilytrackcollaborationonaccounts.• Accountteamsaren’tthesameasopportunityteams,althoughtheyhavethesameteammemberroles.

SetUpandManageAccountTeams

EnableAccountTeams• FromSetup,enterAccountTeamsintheQuickFindbox,thenselectAccountTeamSettings.• Definethesettings.• Saveyourchanges.

CustomizeAccountTeamRolesEveryaccountteammemberhasaroleinworkingwiththataccount,suchasAccountManagerorSalesRep.Totracktherolesthatteammembersplayinyourcompany,customizeyouraccountteamrolesinSalesforce.

• FromSetup,enterTeamRolesintheQuickFindbox,thenselectTeamRolesunderAccountTeams.• Editthepicklistvaluesforteamrolesasneeded.• Saveyourchanges.• Toupdateachangedpicklistvalueinallyourfiles,enterReplaceTeamRolesintheQuickFindbox,thenselectReplace

TeamRole.

Considerations• Accountteamsshareroleswithopportunityteams.Ifyouremoveanaccountteamrole,thatroleisnolongerlistedas

anopportunityteamrole.• Accountteamscanonlybeusedtograntgreateraccesstoanaccount.Theycan’tbeusedtorestrictaccesstoaccount

recordsbeyondtheorg-widesharingdefaults.• Whentheorg-widedefaultforcontactsissettoControlledbyParent,ContactAccessisn’tavailableforaccountteam

members.• Disablingaccountteamsirreversiblyremovesexistingteamsfromallaccountsanddeleteusers’defaultaccountteams,

andremovestheAccountTeamrelatedlistfromallpagelayouts.• YoucannotdisableaccountteamsforyourorganizationifteammembersarereferencedinApex.

• Onlyadministratorscangrantaccesstochildrecordsthataregreaterthantheaccountowner’saccesslevel.AddAccountTeamMembersAccountrecordownersandusersabovetheownerintherolehierarchycanadd,edit,anddeleteteammembers.Toeditordeleteanaccountteammember,youmustbeoneofthefollowing.

• Theaccountowner• Abovetheownerintherolehierarchy• Anyusergrantedfullaccesstotherecord• Anadministrator

ConsiderationsforRemovingAccountTeamMembers

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 23

• Ifateammemberisonyourdefaultaccountteamandyouremovethemfromaspecificaccount,thosechangesonlyaffectthataccount.Thesetupofyourdefaultaccountteamdoesnotchange.

• IfauseronanaccountteamhasRead/Writeaccess(AccountAccess,ContactAccess,OpportunityAccess,andCaseAccess)andisdeactivated,theaccesswilldefaulttoReadOnlyiftheuserisreactivated.

AccountTeamFields

FIELD DESCRIPTION

AccountAccessThelevelofaccessthatateammemberhastotheaccount.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultaccountsharingaccess.

CaseAccess Thelevelofaccessthatateammemberhastothecasesassociatedwiththeaccount.

ContactAccessThelevelofaccessthatateammemberhastothecontact.Theaccesslevelcanberead/writeorreadonly,butitcan’tbelessthanyourSalesforceorg’sdefaultcontactsharingaccess.

OpportunityAccess Thelevelofaccessthatateammemberhastotheopportunitiesassociatedwiththeaccount.

TeamMember Theuserwho’slistedaspartoftheteam.

TeamRole Therolethattheteammemberplaysfortheaccount,suchasAccountManager.

OpportunityTeams

• Opportunityteamsshowwho’sworkingontheopportunityandwhateachteammember’sroleis,makingiteasytocollaboratewithyourcollegues.

• Youcangrantyouropportunityteammembersspecialaccesstotheopportunityanditsrelatedrecords,makingiteasierforeveryonetoworktogether.

• Inopportunityreports,filteropportunitiesbytheopportunityteamsthatyou’reamemberof.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 24

UnderstandingSharingAshareobjectincludesrecordssupportingallthreetypesofsharing:

1. Managedsharing2. usermanagedsharing,3. Apexmanagedsharing.

ManagedSharingManagedsharinginvolvessharingaccessgrantedbyLightningPlatformbasedonrecordownership,therolehierarchy,andsharingrules:

• RecordOwnershipo Eachrecordisownedbyauseroroptionallyaqueueforcustomobjects,casesandleads.Therecordowneris

automaticallygrantedFullAccess,allowingthemtoview,edit,transfer,share,anddeletetherecord• RoleHierarchy

o enablesusersaboveanotheruserinthehierarchytohavethesamelevelofaccesstorecordsownedbyorsharedwithusersbelow

• SharingRuleso usedbyadministratorstoautomaticallygrantuserswithinagivengrouporroleaccesstorecordsownedbya

specificgroupofusers.o Sharingrulescannotbeaddedtoapackageandcannotbeusedtosupportsharinglogicforappsinstalled

fromAppExchange.o Sharingrulescanbebasedonrecordownershiporothercriteria.Youcan’tuseApextocreatecriteria-based

sharingrules.Also,criteria-basedsharingcannotbetestedusingApex.

• AllimplicitsharingaddedbyForce.commanagedsharingcannotbealtereddirectlyusingtheSalesforceuserinterface,SOAPAPI,orApex.

UserManagedSharing

• allowstherecordowneroranyuserwithFullAccesstoarecordtosharetherecordwithauserorgroupofusers.• Thisisgenerallydonebyanenduser,forasinglerecord

ApexManagedSharing

• providesdeveloperswiththeabilitytosupportanapplication’sparticularsharingrequirementsprogrammaticallythroughApexortheSOAPAPI.

• Thistypeofsharingissimilartomanagedsharing.

TheSharingReasonFieldIntheSalesforceuserinterface,theReasonfieldonacustomobjectspecifiesthetypeofsharingusedforarecord.ThisfieldiscalledrowCauseinApexortheAPI.Sharing rowCauseValue(UsedinApexortheAPI

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 25

Managed ImplicitChild,ImplicitParentUserManaged ManualApexManaged Definedbydeveloper

AccessLevelsWhendeterminingauser’saccesstoarecord,themostpermissivelevelofaccessisused.Mostshareobjectssupportthefollowingaccesslevels:

AccessLevel

APIName

Description

Private None Onlytherecordownerandusersabovetherecordownerintherolehierarchycanviewandedittherecord.ThisaccesslevelonlyappliestotheAccountShareobject.

ReadOnly Read Thespecifieduserorgroupcanviewtherecordonly.

Read/Write Edit Thespecifieduserorgroupcanviewandedittherecord.

FullAccess All Thespecifieduserorgroupcanview,edit,transfer,share,anddeletetherecord.Thisaccesslevelcanonlybegrantedwithmanagedsharing.

SharingConsiderations

• Ifatriggerchangestheownerofarecord,therunningusermusthavereadaccesstothenewowner’suserrecordifthetriggerisstartedthroughthefollowing:

• API

• Standarduserinterface

• StandardVisualforcecontroller

• Classdefinedwiththewithsharingkeyword

• Ifatriggerisstartedthroughaclassthat’snotdefinedwiththewithsharingkeyword,thetriggerrunsinsystemmode.Inthiscase,thetriggerdoesn’trequiretherunningusertohavespecificaccess.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 26

SecurityandSharinginCustomer&PartnerCommunity

ShareGroup• SharegroupallowsyoutospecifytheSalesforceotherexternaluserswhocanaccessrecordsownedbyhigh-volume

communityusers.• Deactivatingasharegroupremovesallotherusers’accesstorecordsownedbyhigh-volumecommunityusers.An

emailisn’tsenttoyouwhenthedeactivationprocessfinishes.

SharingSetsGrantportalorcommunityusersaccess,basedontheiruserprofiles,torecordsthatareassociatedwiththeiraccountsorcontactsusingsharingsets.

• Accessgrantedtousersviasharingsetsdoesnotrolluptousershighertothemintheirrolehierarchies.• thesharegroupsfunctionalityisn’tavailabletouserswithCustomerCommunityPlusandPartnerCommunity

licenses.

ObjectsSupported

● Account○ Accountsharingsetscancontrolaccessto

Contract,Entitlement,andOrderItemobjects● Asset● Campaign(inbeta)● Case● Contact● CustomObjects

● Individual● Opportunity(inbeta)● Order(inbeta)● ServiceAppointment● ServiceContract● User● WorkOrder

Userlicenses

● AuthenticatedWebsite● CustomerCommunityLogin● CustomerCommunityPlus● PartnerCommunityLicenses(new)

● CustomerCommunityUser● HighVolumeCustomerPortal● HighVolumePortal● OvrageAuthenticatedWebsiteUser● OverageHighVolumeCustomerPortalUser

Ø Portalorcommunityusersgainaccesstoallorderentitlementsandorderitemsunderanaccounttowhichtheyhaveaccess.Tosharerecordsownedbyhigh-volumeportalusers,useasharegroupinstead.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 27

Usage

SharingDatawithPartnerUsersØ SharinggroupsandasharingrulecategoryareavailablebydefaultinyourorgtoshareSalesforcedatawithpartner

usersinacommunity.Ø Org-widedefaultsandfield-levelsecurityalsocontroldataaccessforpartnersincommunities.SettheDefault

ExternalAccesssettingtoPrivateforalltheobjectsyouwanttoexposetopartnerusersinyourcommunity.

Groups/CategoriesAfteryoubuypartnerlicensesforyourorg,thefollowinggroupsandsharingrulecategoryarecreated:

GROUPORCATEGORY DESCRIPTION

AllPartnerPortalUsersgroup Containsallpartnerusersinyourorganization

AllInternalUsersgroup ContainsallSalesforceusersinyourorganization

RolesandInternalSubordinatessharingrulecategory

AllowsyoutocreatesharingrulesinwhichyoucanchoosespecificSalesforceusersinyourorganizationbyrole,includingusersinrolesbelowtheselectedrole.Partnerrolesareexcluded.

Usage

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 28

ApexManagedSharing

SharingaRecordUsingApexToaccesssharingprogrammatically,youmustusetheshareobjectassociatedwiththestandardorcustomobjectforwhichyouwanttoshare

Ø SandardObjectShareo AccountShareo ContactShare

Ø CustomObject__Shareo UnitTree__Share

ShareObjectProperties

PropertyName Description

objectNameAccessLevel ThelevelofaccessthatthespecifieduserorgrouphasbeengrantedforasharesObject.Validvaluesare:

● Edit● Read● All

TheAllaccesslevelcanonlybeusedbymanagedsharing.

ParentID TheIDoftheobject.Thisfieldcannotbeupdated.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 29

RowCause Thereasonwhytheuserorgroupisbeinggrantedaccess.Thereasondeterminesthetypeofsharing,whichcontrolswhocanalterthesharingrecord.Thisfieldcannotbeupdated.

UserOrGroupId TheuserorgroupIDstowhichyouaregrantingaccess.Agroupcanbe:● Apublicgrouporasharinggroupassociatedwitharole.● AterritorygroupifyouusetheoriginalversionofTerritoryManagement,but

notwithEnterpriseTerritoryManagement.

Thisfieldcannotbeupdated.

CreatingUserManagedSharingUsingApex• ItispossibletomanuallysharearecordtoauseroragroupusingApexortheSOAPAPI.• Iftheowneroftherecordchanges,thesharingisautomaticallydeleted• ManualshareswrittenusingApexcontainsRowCause="Manual"bydefault.Onlyshareswiththisconditionare

removedwhenownershipchanges.

CreatingApexManagedSharing• Thistypeofsharingissimilartomanagedsharing.• ApexmanagedsharingmustuseanApexsharingreason.• Apexsharingreasonsareawayfordeveloperstotrackwhytheysharedarecordwithauserorgroupofusers.• UsingmultipleApexsharingreasonssimplifiesthecodingrequiredtomakeupdatesanddeletionsofsharingrecords.• Theyalsoenabledeveloperstosharewiththesameuserorgroupmultipletimesusingdifferentreasons.

EachApexsharingreasonhasalabelandaname:• ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.

o Thislabelallowsusersandadministratorstounderstandthesourceofthesharing.o ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.

• ThenameisusedwhenreferencingthereasonintheAPIandApex.Apexsharingreasonscanbereferencedprogrammaticallyasfollows:

Schema.CustomObject__Share.rowCause.SharingReason__c

ApexSharingReasonCreation

Ø ApexsharingreasonsandApexmanagedsharingrecalculationareonlyavailableforcustomobjects.

1. Fromthemanagementsettingsforthecustomobject,clickNewintheApexSharingReasonsrelatedlist.2. EnteralabelfortheApexsharingreason.

a. ThelabeldisplaysintheReasoncolumnwhenviewingthesharingforarecordintheuserinterface.ThelabelisalsoenabledfortranslationthroughtheTranslationWorkbench.

3. EnteranamefortheApexsharingreason.ThenameisusedwhenreferencingthereasonintheAPIandApex.a. Thisnamecancontainonlyunderscoresandalphanumericcharacters,andmustbeuniqueinyourorg.b. Itmustbeginwithaletter,notincludespaces,notendwithanunderscore,andnotcontaintwoconsecutive

underscores.4. ClickSave.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 30

ConsiderationsØ Undercertaincircumstances,insertingasharerowresultsinanupdateofanexistingsharerow.Ø Ifanaccountsharingruleiscreated,thesharingrulerowcause(whichisahigheraccesslevel)replacestheparent

implicitsharerowcause,indicatingthehigherlevelofaccess.Ø Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmay

preventthepackagefrominstalling.Ø DeletinganApexsharingreasonwilldeleteallsharingontheobjectthatusesthereason.Ø Youcancreateupto10Apexsharingreasonspercustomobject.Ø YoucancreateApexsharingreasonsusingtheMetadataAPI.

CreatingApexManagedSharingforCustomerCommunityPlususers• Shareobjects,suchasAccountShareandContactShare,aren’tavailabletotheseusers.

Waystoshare:• IfyoumustuseshareobjectsasaCustomerCommunityPlususer,considerusingatrigger,whichoperateswiththe

withoutsharingkeywordbydefault• UseaninnerclasswiththesamekeywordtoenabletheDMLoperationtorunsuccessfully.

ApexSharingRecalculation

• Whenpackagingcustomobjects,beawarethatassociatedApexsharingrecalculationsarealsoincludedandmaypreventthepackagefrominstalling.

• DeveloperscanwritebatchApexclassesthatrecalculatetheApexmanagedsharingforaspecificcustomobject.• Youcanassociatetheseclasseswithacustomobjectonitsdetailpage,andexecutethemifalockingissueprevents

Apexfromgrantingaccesstoauserasdefinedbytheapplication’slogic.• Apexsharingrecalculationsarealsousefulforresolvingvisibilityissuesduetocodingerrors.• YoucanalsorunthemprogrammaticallyusingtheDatabase.executeBatchmethod

• Salesforceautomaticallyrecalculatessharingforallrecordsonanobjectwhenitsorganization-widesharingdefault

accesslevelchanges.

AssociateanApexmanagedsharingrecalculationclass

1. Fromthemanagementsettingsforthecustomobject,gotoApexSharingRecalculations.2. ChoosetheApexclassthatrecalculatestheApexsharingforthisobject.

a. TheclassyouchoosemustimplementtheDatabase.Batchableinterface.b. YoucannotassociatethesameApexclassmultipletimeswiththesamecustomobject.

3. ClickSave.

Considerationsforrecalculations● TheApexcodethatextendsthesharingrecalculationcanprocessamaximumoffivemillionrecords.

○ IfthisApexcodeaffectsmorethanfivemillionrecords,thejobfailsimmediately.● YoucanmonitorthestatusofApexsharingrecalculationsintheApexjobqueue.● YoucanassociateamaximumoffiveApexsharingrecalculationspercustomobject.● YoucannotassociateApexsharingrecalculationswithstandardobjects.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 31

WithSharingThewithsharingkeywordallowsyoutospecifythatthesharingrulesforthecurrentuseraretakenintoaccountforaclass.

publicwithsharingclasssharingClass{}

WithoutSharingUsethewithoutsharingkeywordswhendeclaringaclasstoensurethatthesharingrulesforthecurrentuserarenotenforced.

publicwithoutsharingclassnoSharing{}

ImplementationDetailsinregardstosharingandwithoutsharingKeywords

● Ifaclassisn’tdeclaredaseitherwithorwithoutsharing,thecurrentsharingrulesremainineffect.○ iftheclassiscalledbyanotherclassthathassharingenforced,thensharingisenforcedforthecalledclass.

● Bothinnerclassesandouterclassescanbedeclaredaswithsharing.● Innerclassesdonotinheritthesharingsettingfromtheircontainerclass.● Classesinheritthissettingfromaparentclasswhenoneclassextendsorimplementsanother● Sharingdoesn’tdependonwhethertheclassexecutesasynchronouslyasascheduledjoborbatchjob.Ifyourclass

accessesstandardorcustomfields,preventsharingviolationsbydeclaringthe“withsharing”keyword.

InheritedSharing• Anexplicitinheritedsharingdeclarationmakestheintentclear,avoidingambiguityarisingfromanomitteddeclaration

orfalsepositivesfromsecurityanalysistooling.• UsinginheritedsharingenablesyoutopassAppExchangeSecurityReviewandensurethatyourprivilegedApexcodeis

notusedinunexpectedorinsecureways.• AnApexclasswithinheritedsharingrunsaswithsharingwhenusedasaLightningcomponentcontroller,aVisualforce

controller,anApexRESTservice,oranyotherentrypointtoanApextransaction.• ThereisadistinctdifferencebetweenanApexclassthatismarkedwithinheritedsharingandonewithanomitted

sharingdeclaration.• Aclassdeclaredasinheritedsharingrunsaswithoutsharingonlywhenexplicitlycalledfromanalreadyestablished

withoutsharingcontext.o Becauseoftheinheritedsharingdeclaration,onlycontactsforwhichtherunninguserhassharingaccessare

displayed.o Ifthedeclarationisomittedomitted,evencontactsthattheuserhasnorightstoviewaredisplayeddueto

theinsecuredefaultbehaviorofomittingthedeclaration.

publicinheritedsharingclassInheritedSharingClass{ publicList<Contact>getAllTheSecrets(){ return[SELECTNameFROMContact]; }}

EnforcingSharingRulesEnforcingthecurrentuser'ssharingrulescanimpact:

• SOQLandSOSLqueries.Aquerymayreturnfewerrowsthanitwouldoperatinginsystemcontext.• DMLoperations.Anoperationmayfailbecausethecurrentuserdoesn'thavethecorrectpermissions.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 32

o Forexample,iftheuserspecifiesaforeignkeyvaluethatexistsintheorganization,butwhichthecurrentuserdoesnothaveaccessto.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 33

WhoCanSeeMyFile?

SHARINGSETTING DEFINITION WHENDOESAFILEHAVETHISSETTING?

Private

• Thefileisprivate.• Ithasn'tbeensharedwithanyoneelsebesidesthe

owner.• Thefileowneranduserswith“ModifyAllData”

permissioncanfindandviewthisfile.• However,ifthefileisinaprivatelibrary,onlythe

fileownerhasaccesstoit.

Afileisprivatewhenyou:

• UploaditinFileshome• Publishittoyourprivatelibrary• Stopsharingitwitheveryone(MakePrivate)• Deletepoststhatincludethefileandthefileisn'tshared

anywhereelse

PrivatelyShared

• Thefilehasonlybeensharedwithspecificpeople,groups,orvialink.

• It'snotavailabletoallusersinyourcompany.• Onlythefileowner,userswith“ModifyAllData”

or“ViewallData”permission,andspecificfileviewerscanfindandviewthisfile.

Afileisprivatelysharedwhenit's:

• Onlysharedwithspecificpeopleoraprivategroup• Postedtoaprivategroup• Sharedvialink• Postedtoafeedonarecord• Publishedtoasharedlibrary

YourCompany Allusersinyourcompanycanfindandviewthisfile.Afileissharedwithyourcompanywhenit'spostedtoafeedthatalluserscansee,aprofile,arecord,orapublicgroup.

Actionsforyourfilepermissions.

Considerations

• NoAccessmeansthatonlythepeopleinyourcompanywithwhomthisfileissharedcanfindorviewthefile.Ifthefileissharedwithaprivategroup,onlymembersofthegroupcanfindorviewthefile.

• Userswith“ModifyAllData”permissioncanview,preview,download,share,attach,makeprivate,restrictaccess,edit,uploadnewversions,anddeletefilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.

• Userswith“ViewAllData”permissioncanviewandpreviewfilestheydon'town.However,ifthefileisinaprivatelibrary,thenonlythefileownerhasaccesstoit.

• Groups(includinggroupmembers)andrecordshaveviewerpermissionforfilespostedtotheirfeeds.• Permissionsforfilessharedwithlibrariesdependonthelibrary.

ACTION FILEOWNER FILECOLLABORATOR FILEVIEWER

VieworPreview Yes Yes Yes

Download Yes Yes Yes

Share Yes Yes Yes

AttachaFiletoaPost Yes Yes Yes

UploadNewVersion Yes Yes

EditDetails Yes Yes

ChangePermission Yes Yes

MakeaFilePrivate Yes

RestrictAccess Yes

Delete Yes

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 34

CreateaCustomListViewinSalesforceClassic

USERPERMISSIONSNEEDED

• Tocreatecustomlistviews: o ReadonthetypeofrecordincludedinthelistANDCreateandCustomizeListViews

• Tocreate,edit,ordeletepubliclistviews: o ManagePublicListViews

Considerations

• AsaSalesforceadminorauserwiththe“ManagePublicListView”permission,youhavetheoptiontohidethelistview,soonlyyoucanseethislistview.

o Openthelistview.SelectVisibletocertaingroupsofusers.Choosethetypeofgrouporrolefromthedrop-downlist,selectthegrouporrolefromthelist,thenclickAdd.

• Enterprise,Unlimited,Performance,andDeveloperEditionuserscangiveaccesstoapublicgrouporrole,includingallusersbelowthatrole.

• ListviewsarevisibletoyourcommunityuserswithCustomerCommunityPlus,PartnerCommunity,LightningPlatform

Starter,andLightningPlatformPluslicenses,o iftheVisibletoalluserssettingisenabledforviewsofobjectsincommunityuserprofiles.

• TomakelistviewsvisibleonlytoyourSalesforceusers,selectVisibletocertaingroupsofusers.ThensharetheviewwiththeAllInternalUsersgrouporaselectedsetofinternalgroupsandroles.

• Whenimplementingacommunity,createcustomviewsthatcontainonlyrelevantinformationforcommunityusers.

ThenmakethoseviewsvisibletocommunityusersbysharingthemwiththeAllCustomerPortalUsersgroup,orasetofcommunitygroupsandroles.

ShareaReportorDashboardFolderinSalesforceClassic

USERPERMISSIONSNEEDED• Toshareareportfolderwithpublicgroups:

o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders

• Toshareadashboardfolderwithpublicgroups: o RunReportsANDManageDashboardsORo ManageReportsinPublicFolders

AccessandLimits

• Whenyoucreateafolder,you’reitsmanager.o Onlyyouandotherswithadministrativepermissionscanseeit.

• IfafolderdoesnothaveManageraccess,it’spublic,anduserswiththeViewReportsinPublicFolderspermissioncanviewit.

• Youcanshareareportordashboardfolderwithupto25users,groups,roles,orterritoriesatonetime.• Youcanshareafolderwithupto100users,groups,roles,orterritoriesusingthefoldersharingRESTAPI.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 35

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 36

DesigningRecordLevelAccessforEnterpriseScale

SurvivingOwnerChangeOperations

• Sowhentheownerofarecordischanged,theplatformdeletesallthemanualsharesassociatedwiththerecord.• Ineffect,we“cleantheslate”forthenewownerandletthemdecidewhethertheywanttoshareittoanybody.• Andifyouhavebeenwritingcodethatsharestherecord,yourshareswillgetdeleted,too,becausetheyhavethe

same‘manual’rowcause—theplatformcannotdistinguishbetweenasharingrowyoucreatedandasharingrowcreatedthroughtheUI

UsingApexSharingReasons

• Becauseyourrowcausefortheseshareswillnolongerbe‘manual’,theplatformwon’ttouchthemwhenperformingthechangeowneroperation.

• Standardobjectslikeaccountsorcontacts?o Therelationshipbetweentheseobjectscanbecomplex,andtheremightbegoodreasonsfortheplatformto

changeordeleteasharingrow,evenonethatyouhavecreatedprogrammatically.

UsingOutboundMessaging

• Withstandardobjects,whereyoucan’tuseacustomsharingreason,andyouareintegratingwithanassignmentengineexternaltoSalesforce.

• Youcanconfigureaworkflowruletodetectwhenarecordownerischanged,anduseanoutboundmessagetotriggeryourassignmentenginetotakeappropriateaction

• Enter“OwnerId<>PRIORVALUE(OwnerID)”fortheformula.

UsingaTrigger

• Appliestostandardobjectswhereyoucan’tuseacustomsharingreason,butinthiscaseyouareintegratingwithanassignmentenginebuiltontheSalesforceplatform.

UsingaShadowTable

• Yourlogicforstandardobjectsmightnotbecomplexenoughtojustifybuildingafull-blownassignmentengine.• Youmightbeabletoaccomplishthesamegoalthroughtheuseofatriggerandacustomobjectthatkeepstrackof

yourprogrammaticshares.

Account:LookuptoAccountTeamMember:LookuptoUserAccountAccess:Picklist(Read,Edit)OpportunityAccess:Picklist(None,Read,Edit)CaseAccess:Picklist(None,Read,Edit)ContactAccess:Picklist(None,Read,Edit)TeamRole:Picklist(AccountManager,ChannelManager,ExecutiveSponsor,LeadQualifier,Pre-SalesConsultant,SalesManager,SalesRep)

CompletingtheArchitecture

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 37

thereareadditionalplatformfeaturesthatcouldimpactthesharingsystemyouhavebuilt,whichyoucan’tcodearound.

• Auserwithappropriateaccesstoarecordcanchangeorremoveyourprogrammaticsharesthroughthesharingbuttonontherecord’sdetailpage.

• Auserwithpermissiontoupdatethemembershipofanaccountteamcanchangeorremovesharesyourcodehaswrittentomanageteammembership.

o Thisdoesnotapplytosalesteams,becausetheplatformnowincludestheabilitytodefinetriggersforthesalesteamobjectthatyoucanusetoprotectyourshares.

• AnyApexorAPIoperationperformingDMLonthesharingobjectscouldalsoimpactyoursharingsystem.

GroupMaintenanceTables

• Sharingrowsgrantaccesstousersandgroups,butthedatathatspecifieswhobelongstoeachgroupresidesintheGroupMaintenancetables.

• ThesetablesstoremembershipdataforeverySalesforcegroup,includingsystem-definedgroups.o System-definedgroupsaregroupsofusersthatSalesforcecreatesandmanagesinternallytosupportvarious

featuresandbehaviors,suchasqueues.§ rolehierarchy§ territoryhierarchy§ queues

o User-definedgroupsinSalesforcearegroupsthatdirectlymodifythegroupmembershipobject.Theydifferfromsystem-definedgroupsinthatyoucannotdirectlymodifysystem-definedgroups

§ publicgroups§ privategroups

• Thistypeofmanagementletsthedatathatsupportsqueuesandpersonalorpublicgroupscoexistinthesamedatabasetables,andunifieshowSalesforcemanagesthedata.

GroupsandComposition• Salesforcealsousessystem-definedgroupstoimplementhierarchies.• Duringrecalculation,Salesforcecreatestwotypesofsystem-definedgroups,RolegroupsandRoleAndSubordinates

groups,foreverynodeintherolehierarchy.• Iftheorganizationhasexternalorganization-widedefaultsenabled,athirdtypeofsystem-defined

group,RoleAndInternalSubordinates,iscreated.

Group Consistsof Purpose

Role Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles

Usedtogivemanagersaccesstotheirsubordinates’records

RoleAndSubordinates Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles

Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:

● Aparticularrole● Itssubordinates

RoleAndInternalSubordinates

Usersassignedtoanyofthefollowing.● Aspecificrole● Oneofitsmanagerroles● Oneofitssubordinateroles,excluding

Portalroles

Usedwhenanorganizationdefinesarulethatsharesasetofrecordswith:

● Aparticularrole● Itssubordinates,excluding

Portalroles

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 38

Allthreegrouptypeshave:

• Indirectmembers,whoinheritrecordaccessfromthegroup’sdirectmembersandareassignedtomanagerroles.• Directmembers,whoaredefinedaccordingtotheirgrouptype

Example

TerritoryManagementGroups● Territorygroup,inwhichuserswhoareassignedtotheterritoryaredirectmembers,whileusersassignedtoterritories

higherinthehierarchyareindirectmembers● TerritoryAndSubordinatesgroup,inwhichuserswhoareassignedtothatterritoryorterritorieslowerinthehierarchy

aredirectmembers,whileusersassignedtoterritorieshigherinthatbranchareindirectmembers

Considerations• Userscan’tmodifysystem-definedgroupsthroughtheuserinterfaceorAPIinthewaysthattheycanpersonaland

publicgroups

Obtainpeakperformance:

• Movingusersfromonegrouptoanothertriggerorganizationwidegroupmembershiplocks,sohighlydynamicgroupscanhaveanegativeimpactonperformance.

• Theusecasewhichwillprovidepeakperformanceincludesagroupofuserswhosharethesamevisibilityanddon’tfrequentlymovefromonegrouptoanotherviaanautomatedprocess.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 39

• Thesharingperformancebenefitwilldecreaseasthenumberofgroupmembersdecreases,andthefrequencyofusermovementwithinthegroupsincreases.

AccessGrantsWhenanobjecthasitsorganization-widedefaultsettoPrivateorPublicReadOnly,Salesforceusesaccessgrantstodefinehowmuchaccessauserorgrouphastothatobject’srecords.Salesforceusesfourtypesofaccessgrants:

1. ExplicitGrantsa. Salesforceusesexplicitgrantswhenrecordsareshareddirectlytousersorgroups.Specifically,

Salesforceusesexplicitgrantswhen:i. Auseroraqueuebecomestheownerofarecord.ii. Asharingrulesharestherecordtoapersonalorpublicgroup,aqueue,arole,oraterritory.1iii. Anassignmentrulesharestherecordtoauseroraqueue.iv. Aterritoryassignmentrulesharestherecordtoaterritory.v. Ausermanuallysharestherecordtoauser,apersonalorpublicgroup,aqueue,arole,ora

territory.2vi. Auserbecomespartofateamforanaccount,opportunity,orcase.vii. Aprogrammaticcustomizationsharestherecordtoauser,apersonalorpublicgroup,a

queue,arole,oraterritoryb. Ifyourorganizationdoesn’thaveanefficientsharingarchitecture,itmightencounterperformance

problemswhenyouuseautomatedprocessesthatgenerateaverylargenumberofexplicitgrants,suchasmajorsalesrealignments

c. d2. GroupMembershipGrants

a. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryisamemberofagroupthathasexplicitaccesstotherecord.

3. InheritedGrantsa. Grantsthatoccurwhenauser,personalorpublicgroup,queue,role,orterritoryinheritsaccessthrough

aroleorterritoryhierarchy,orisamemberofagroupthatinheritsaccessthroughagrouphierarchy.4. ImplicitGrants

a. SsGrantsthatoccurwhennon-configurablerecord-sharingbehaviorsbuiltintoSalesforceSales,Service,andPortalapplicationsgrant

b. accesstocertainparentandchildrecords.

CommonGroupandDataUpdatesInsteadofmovingauserfromonebranchofthehierarchytoanother,wecan:

• Movingaroletoanotherbranchinthehierarchyo Onebenefittomovingawholeroleisthatanyportalaccountssimplymovealongwiththeirparentrole,and

Salesforcedoesn’thavetochangetherelatedsharing.o Ontheotherhand,Salesforcemustdoalloftheworkinvolvedinmovingasingleuserforall

usersintherolebeingmovedandforallofthoseusers’data• Changingtheownerofaportalaccount

o Theeffortrequiredforwhatlookslikeasimpledataupdate—changingthenameoftheuserintheAccountOwnerfield—canbesurprising.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 40

o Whentheoldandnewownersareindifferentroles,Salesforceisnotonlymovingtheportalrolestoanewparentrolebutalsoadjustingthesharingforallthedataassociatedwiththeportalaccount.

GroupMembershipLockingCustomerscanlessenthechanceoflockingerrorsby:

• Schedulingseparategroupmaintenanceprocessescarefullysotheydon’toverlap• Implementingretrylogicinintegrationsandotherautomatedgroupmaintenanceprocessestorecoverfromafailure

toacquirealock• Usingthegranularlockingfeaturetoallowsomegroupmaintenanceoperationstoproceedsimultaneously

Takeaway:TuningGroupMembershipforPerformanceHerearesomespecificsuggestions.

• Identifyuserandgroupupdatesthatarecomplex,suchasuserroleandportalaccountownershipchanges,orupdatesthatinvolvealargeamountofassociateddata.Allowforadditionaltimetoprocessthesechanges.

• Whenmakingchangestothehierarchy,processchangestothebottom(leaf)nodesfirst,thenmoveupwardtoavoidduplicateprocessing.

• Limitthenumberofrecordsofanobjectownedbyasingleuserto10,000.• Rungroupmaintenanceoperationssinglethreadedtopreventlocking.Investigatewhethertheuseofgranularlocking

willallowsomeofyouroperationstorunsimultaneously.• TuneyourupdatesformaximumthroughputbyexperimentingwithbatchsizesandusingthebulkAPI,wherepossible.• Removeredundantpathsofaccess,suchassharingrulesthatprovideaccesstopeoplewhoalreadyhaveitthroughthe

hierarchy

Takeaway:TuningDataRelationshipsandUpdatesforPerformanceHerearesomespecificsuggestions.

• UseaPublicReadOnlyorRead/Writeorganization-widedefaultsharingmodelforallnon-confidentialdata.• Toavoidcreatingimplicitshares,configurechildobjectstobeControlledbyParentwhereverthisconfigurationmeets

securityrequirements.• Configureparent-childrelationshipswithnomorethan10,000childrentooneparentrecord.• Ifyouareencounteringonlyoccasionallockingerrors,seeiftheadditionofretrylogicissufficienttosolvethe

problem.• SequenceoperationsonparentandchildobjectsbyParentIDandensurethatdifferentthreadsareoperatingon

uniquesetsofrecords.• Tuneyourupdatesformaximumthroughputbyworkingwithbatchsizes,timeoutvalues,theBulkAPI,andother

performance-optimizingtechniques

Force.comRecordLockingCheatsheet

http://resources.docs.salesforce.com/194/0/en-us/sfdc/pdf/record_locking_cheatsheet.pdf

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 41

ToolsforLarge-ScaleRealignments

ParallelSharingRuleRecalculation

• Normally,whenanadministratorcreates,deletes,oreditsasharingrule,therecalculationrequiredtomakethosechangestakeeffecttisprocessedsynchronously.

• Whenasharingrulechangeaffectsaccessrightstoaverylargeamountofdata,therecalculationcanrunlonger.Inaddition,arecalculationjobcangetkilledifitisrunningwhenSalesforceperformsascheduledfeatureorpatchrelease.

• Ifyouhaveexperiencedlong-runningprocessingtimesorjobsthatwerekilledduringrealignments,considerusingparallelsharingrulerecalculation.

• Whenthisfeatureisturnedon,sharingrulesareprocessedasynchronouslyandsplitintomultiplesimultaneousexecutionthreadsbasedonload.

• Theprocessingisalsomoreresilient;duringaserverrestart,thejobswillbereinstatedonthequeue,andtheprocesswillcontinuewhentheservercomesbackonline.

DeferredSharingMaintenance• Inanenterpriseenvironmentinwhichmultiplesystemsarecontinuallyprocessingupdates,itcanbedifficultto

scheduleanorganizationorsharingrulechangethatmighttakesubstantialtimetocomplete.• Inordertoincreasethepredictabilityofthesekindsofupdates,theLightningPlatformplatformhasrecently

introducedtheconceptofdeferredsharingmaintenance.

Howworksinpractice

1. Basedonrequestsfromthebusiness,anadministratoridentifiesanumberofchangestotherolehierarchyandgroupmembership,orupdatestosharingrules.

2. Givenbestestimatesoftheremainingoverallwork,theadministratornegotiatesamaintenancewindowforcompletingtheprocessing.

3. Thiswindowshouldbemodelledinasandboxenvironmenttogetthebestestimatepossible.

4. Insteadofprocessingeachseparateupdateandwaitingforittocomplete,theadministratorpreparesallthe

informationrequiredtoperformallupdatesaheadoftheplannedmaintenancewindow.5. Atthestartofthemaintenancewindow,theadministratorusesthedeferralfeaturetoessentially“turnoff”processing

ofgroupmaintenanceoperations,andthenmakesallthedesiredchangestoroleandgroupmembershipatthesametime.

6. Sharingruleprocessingisalsodeferredatthistimesotheadministratorcanperformallsharingruleupdates.7. Oncethechangeshavecompleted,theadministratorresumesprocessinggroupmaintenance,andthesystem

performsarecalculationtomakealltheroleandgroupchangestakeeffect.8. Atthispoint,thesystemisinastatethatrequiresafullrecalculationofallsharingrulesforuseraccessrightstobe

completeandaccurate.Theadministratorcanresumesharingruleprocessingimmediatelyorwaittostarttheprocessatalatertime.Afterthesharingrulerecalculationhascompleted,alltheaccesschangestakeeffect.

Howithelps

● Benchmarkhowlongtheoverallrecalculationislikelytotakeinproduction● Smoothoutanykinksinorchestratingdeferredsharingmaintenance● Deferredsharingmaintenancedoesnotdefertherecalculationofimplicitsharingasdescribedintheimplicitsharing

table.Thecascadingeffectstoimplicitsharescontinuetobeprocessedimmediatelywhensharingrulesarechangedbyadministratorsorthroughthecode.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 42

Considerations:

• ifyouareabletonegotiatedowntimewithyourbusinesscustomersandhavebeenstrugglingtocompleteupdatesina

timelyfashion,deferredsharingmightbeagreatsolutiontoyourproblem.

GranularLocking

• LightningPlatformplatformlockstheentiregroupmembershiptabletoprotectdataintegritywhenSalesforcemakeschangestorolesandgroups.

• Thislockingmakesitimpossibletoprocessgroupchangesinmultiplethreadstoincreasethroughputonupdates.• Whenthegranularlockingfeatureisenabled,thesystememploysadditionallogictoallowmultipleupdatestoproceed

simultaneouslyifthereisnohierarchicalorotherrelationshipbetweentherolesorgroupsinvolvedintheupdates.• Administratorscanadjusttheirmaintenanceprocessesandintegrationcodetotakeadvantageofthislimited

concurrencytoprocesslarge-scaleupdatesfaster,allwhilestillavoidinglockingerrors.

KeyAdvantages

● Groupsthatareinseparatehierarchiesarenowabletobemanipulatedconcurrently.● Publicgroupsandrolesthatdonotincludeterritoriesarenolongerblockedbyterritoryoperations.● Userscanbeaddedconcurrentlytoterritoriesandpublicgroups.● Userprovisioningcannowoccurinparallel.

○ Portalusercreationrequireslocksonlyifnewportalrolesarebeingcreated.○ Provisioningnewportalusersinexistingaccountsoccursconcurrently.

● Asingle-longrunningprocess,suchasaroledelete,blocksonlyasmallsubsetofoperations.

SeetableformoredetailsintheotherdocumentConsiderations:

• Theusermustnotownanypartnerorcustomerportalaccounts.• Customersmayconsiderusinggranularlockingiftheyexperiencefrequentandpersistentlockingthatseverelyrestricts

theirabilitytomanagemanualandautomatedupdatesatthesametime,orseverelydegradesthethroughputofintegrationsorotherautomatedgroupmaintenanceoperations.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 43

ClassicEncryptionforCustomFields

RestrictionsEncryptedtextfields:

• Cannotbeunique,haveanexternalID,orhavedefaultvalues.• Forleadsarenotavailableformappingtootherobjects.• Arelimitedto175charactersbecauseoftheencryptionalgorithm.• Arenotavailableforuseinfilterssuchaslistviews,reports,roll-upsummaryfields,andrulefilters.• Cannotbeusedtodefinereportcriteria,buttheycanbeincludedinreportresults.• Arenotsearchable,buttheycanbeincludedinsearchresults.• Arenotavailablefor:ConnectOffline,SalesforceforOutlook,leadconversion,workflowrulecriteriaorformulas,

formulafields,outboundmessages,defaultvalues,andWeb-to-LeadandWeb-to-Caseforms.

BestPractices

• Encryptedfieldsareeditableregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.o Usevalidationrules,field-levelsecuritysettings,orpagelayoutsettingstopreventusersfromediting

encryptedfields.• YoucanstillvalidatethevaluesofencryptedfieldsusingvalidationrulesorApex.• Bothworkregardlessofwhethertheuserhasthe“ViewEncryptedData”permission.• Encryptedfielddataisnotalwaysmaskedinthedebuglog.

o EncryptedfielddataismaskediftheApexrequestoriginatesfromanApexWebservice,atrigger,aworkflow,aninlineVisualforcepage(apageembeddedinapagelayout),oraVisualforceemailtemplate.Inothercases,encryptedfielddataisn’tmaskedinthedebuglog,likeforexamplewhenrunningApexfromtheDeveloperConsole.

• Existingcustomfieldscannotbeconvertedintoencryptedfieldsnorcanencryptedfieldsbeconvertedintoanotherdatatype.

o Toencryptthevaluesofanexisting(unencrypted)field,exportthedata,createanencryptedcustomfieldtostorethatdata,andimportthatdataintothenewencryptedfield.

• MaskTypeisnotaninputmaskthatensuresthedatamatchestheMaskType.o Usevalidationrulestoensurethatthedataenteredmatchesthemasktypeselected.

• Useencryptedcustomfieldsonlywhengovernmentregulationsrequireitbecausetheyinvolvemoreprocessingandhavesearch-relatedlimitations.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 44

SalesforceShield

• SalesforceShieldisatrioofsecuritytoolsthatadminsanddeveloperscanusetobuildanewleveloftrust,transparency,compliance,andgovernancerightintobusiness-criticalapps.

• ItincludesPlatformEncryption,EventMonitoring,andFieldAuditTrail.AskyourSalesforceadministratorifSalesforceShieldisavailableinyourorganization.

PlatformEncryption

• Itenablesyoutoencryptsensitivedataatrest,andnotjustwhentransmittedoveranetwork,soyourcompanycanconfidentlycomplywithprivacypolicies,regulatoryrequirements,andcontractualobligationsforhandlingprivatedata.

• DatastoredinmanystandardandcustomfieldsandinfilesandattachmentsisencryptedusinganadvancedHSM-basedkeyderivationsystem,soitisprotectedevenwhenotherlinesofdefensehavebeencompromised.

EncryptFields1. Makesurethatyourorghasanactiveencryptionkey.Ifyou’renotsure,checkwithyouradministrator.2. FromSetup,intheQuickFindbox,enterPlatformEncryption,andthenselectEncryptionPolicy.3. ClickEncryptFields.4. ClickEdit.5. Selectthefieldsyouwanttoencrypt.6. ClickSave.

FEATURE CLASSICENCRYPTION PLATFORMENCRYPTION

Pricing Includedinbaseuserlicense Additionalfeeapplies

EncryptionatRest NativeSolution(NoHardwareorSoftwareRequired)

EncryptionAlgorithm128-bitAdvancedEncryptionStandard(AES)

256-bitAdvancedEncryptionStandard(AES)

HSM-basedKeyDerivation ManageEncryptionKeysPermission Generate,Export,Import,andDestroyKeys PCI-DSSL1Compliance Masking

MaskTypesandCharacters

ViewEncryptedDataPermissionRequiredtoReadEncryptedFieldValues

EncryptedStandardFields EncryptedAttachments,Files,andContent

EncryptedCustomFieldsDedicatedcustomfieldtype,limitedto175characters

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 45

DifferenceBetweenClassicEncryptionandShieldPlatformEncryptionWithShieldPlatformEncryption,youcanencryptavarietyofwidelyusedstandardfields,alongwithsomecustomfieldsandmanykindsoffiles.ShieldPlatformEncryptionalsosupportspersonaccounts,cases,search,approvalprocesses,andotherkeySalesforcefeatures.Classicencryptionletsyouprotectonlyaspecialtypeofcustomtextfield,whichyoucreateforthatpurpose.

ShieldPlatformEncryptionBestPractices• Thisprocesshelpsyoudistinguishdatathatneedsencryptionfromdatathatdoesn’t,sothatyoucanencryptonly

whatyouneedto.

1. Defineathreatmodelforyourorganization.2. Toidentifythethreatsthataremostlikelytoaffectyourorganization.

○ Useyourfindingstocreateadataclassificationscheme,whichcanhelpyoudecidewhatdatatoencrypt.3. Encryptonlywherenecessary.

○ Focusoninformationthatrequiresencryptiontomeetyourregulatory,security,compliance,andprivacyrequirements.Unnecessarilyencryptingdataimpactsfunctionalityandperformance.

○ Balancebusiness-criticalfunctionalityagainstsecurityandriskmeasuresandchallengeyourassumptionsperiodically.

4. Createastrategyearlyforbackingupandarchivingkeysanddata.5. Ifyourtenantsecretsaredestroyed,reimportthemtoaccessyourdata.Youaresolelyresponsibleformakingsurethat

yourdataandtenantsecretsarebackedupandstoredinasafeplace.6. ReadtheShieldPlatformEncryptionconsiderationsandunderstandtheirimplicationsonyourorganization.

○ TestShieldPlatformEncryptioninasandboxenvironmentbeforedeployingtoaproductionenvironment.Encryptionpolicysettingscanbedeployedusingchangesets.

○ Beforeenablingencryption,fixanyviolationsthatyouuncover.○ Whenrequestingfeatureenablement,suchaspilotfeatures,giveSalesforceCustomerSupportseveraldays

leadtime.7. AnalyzeandtestAppExchangeappsbeforedeployingthem.

○ IfyouuseanappfromtheAppExchange,testhowitinteractswithencrypteddatainyourorganizationandevaluatewhetheritsfunctionalityisaffected.

○ Ifanappinteractswithencrypteddatathat'sstoredoutsideofSalesforce,investigatehowandwheredataprocessingoccursandhowinformationisprotected.

○ IfyoususpectShieldPlatformEncryptioncouldaffectthefunctionalityofanapp,asktheproviderforhelpwithevaluation.AlsodiscussanycustomsolutionsthatmustbecompatiblewithShieldPlatformEncryption.

○ AppsontheAppExchangethatarebuiltexclusivelyusingLightningPlatforminheritShieldPlatformEncryptioncapabilitiesandlimitations.

8. Useout-of-the-boxsecuritytools.○ ShieldPlatformEncryptionisnotauserauthenticationorauthorizationtool.

9. GranttheManageEncryptionKeysuserpermissiontoauthorizedusersonly.○ UserswiththeManageEncryptionKeyspermissioncangenerate,export,import,anddestroyorganization-

specifickeys.Monitorthekeymanagementactivitiesoftheseusersregularlywiththesetupaudittrail.

EncryptExistingFieldsforSupportedCustomFieldTypes

Search(UI,PartialSearch,Lookups,CertainSOSLQueries)

APIAccess AvailableinWorkflowRulesandWorkflowFieldUpdates

AvailableinApprovalProcessEntryCriteriaandApprovalStepCriteria

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 46

10. ExistingfieldandfiledataisnotautomaticallyencryptedwhenyouturnonShieldPlatformEncryption.Toencryptexistingfielddata,updatetherecordsassociatedwiththefielddata.Toencryptexistingfilesorgethelpupdatingotherencrypteddata,contactSalesforce.

○ allowatleastaweekbeforeyouneedthebackgroundencryptioncompleted.11. Handlecurrencyandnumberdatawithcare.

○ CurrencyandNumberfieldscan’tbeencryptedbecausetheycouldhavebroadfunctionalconsequencesacrosstheplatform

12. Communicatetoyourusersabouttheimpactofencryption.○ BeforeyouenableShieldPlatformEncryptioninaproductionenvironment,informusersabouthowitaffects

yourbusinesssolution.13. Encryptyourdatausingthemostcurrentkey.

○ Whenyougenerateanewtenantsecret,anynewdataisencryptedusingthiskey.However,existingsensitivedataremainsencryptedusingpreviouskeys.Inthissituation,Salesforcestronglyrecommendsre-encryptingthesefieldsusingthelatestkey.ContactSalesforceforhelpwithre-encryptingyourdata.

14. UsediscretionwhengrantingloginasaccesstousersorSalesforceCustomerSupport.○ thatuserisabletoviewencrypteddatainthatfieldinplaintext.

15. IfyouwantSalesforceCustomerSupporttofollowspecificprocessesaroundaskingfororusingloginasaccess,youcancreatespecialhandlinginstructions.

○ Tosetupthesespecialhandlinginstructions,contactyouraccountexecutive.

EventMonitoring

FieldAuditTrail

• FieldAuditTrailletsyouknowthestateandvalueofyourdataforanydate,atanytime.• Youcanuseitforregulatorycompliance,internalgovernance,audit,orcustomerservice.• Builtonabigdatabackendformassivescalability,FieldAuditTrailhelpscompaniescreateaforensicdata-levelaudit

trailwithupto10yearsofhistory,andsettriggersforwhendataisdeleted.

Usage• UseSalesforceMetadataAPItodefinearetentionpolicyforyourfieldhistoryforfieldsthathavefieldhistorytracking

enabled.• ThenuseRESTAPI,SOAPAPI,andToolingAPItoworkwithyourarchiveddata• FieldhistoryiscopiedfromtheHistoryrelatedlistintotheFieldHistoryArchivebigobject.• YoudefineoneHistoryRetentionPolicyforyourrelatedhistorylists,suchasAccountHistory,tospecifyFieldAuditTrail

retentionpoliciesfortheobjectsyouwanttoarchive.• YoucanthendeploythebigobjectbyusingtheMetadataAPI(WorkbenchorAntMigrationTool).

ObjectsSupported

● Accounts,includingPersonAccounts● Assets● Cases● Contacts

● PriceBooks● Products● ServiceAppointments● ServiceContracts

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 47

● Contracts● ContractLineItems● Entitlements● Leads● Opportunities

● Solutions● WorkOrders● WorkOrderLineItems● Customobjectswithfieldhistorytrackingenabled

Fieldcan’tbetracked

• Formula,roll-upsummary,orauto-numberfields• CreatedByandLastModifiedBy• ExpectedRevenuefieldonopportunities• MasterSolutionTitleortheMasterSolutionDetailsfieldsonsolutions• Longtextfields• Multi-selectfields

Considerations

Ø HistoryRetentionPolicyisautomaticallysetonthesupportedobjects,onceFieldAuditTrailisenabled.Ø Bydefault,dataisarchivedafter18monthsinaproductionorganization,afteronemonthinasandboxorganization,

andallarchiveddataisstoredfor10years.Ø AfteryoudefineanddeployaFieldAuditTrailpolicy,productiondataismigratedfromrelatedhistoryØ Thefirstcopywritesthefieldhistorythat’sdefinedbyyourpolicytoarchivestorageandsometimestakesalongtime.Ø AboundedsetofSOQLisavailabletoqueryyourarchiveddata.Ø UseAsyncSOQLtobuildaggregatereportsfromacustomobjectbasedonthevolumeofthedatainthe

FieldHistoryArchivebigobject.Ø IfyourorganizationhasFieldAuditTrailenabled,previouslyarchiveddataisn'tencryptedifyouturnonPlatform

Encryptionlater.Ø Ifyourorganizationneedstoencryptpreviouslyarchiveddata,contactSalesforce.

o Weencryptandrearchivethestoredfieldhistorydata,thendeletetheunencryptedarchive.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 48

DataLeakPrevention

AuthorizationAccesstoonlinedataisgenerallyrestrictedtoonlythosewhoare

• identified,• authenticated,• andauthorized.

Thisisaccomplishedinthreemainways:

1. Create,read,update,anddelete(CRUD)settingsDeterminewhichobjectsausercancreate,read,update,anddelete

2. Fieldlevelsecurity(FLS)settingsDeterminewhichfieldsausercanreadandedit

3. SharingRulesDeterminewhichrecordsarevisibletousers

HowtheSalesforcePlatformEnforcesAuthorization?

UserContextTheplatformrunsinusercontextwhen:

• AuserbrowsestheapplicationviathestandardSalesforce-providedUI• AuserviewsaVisualforcepagethatusesastandardcontroller• AuserviewsaVisualforcepagethatreferencesobjectswithstandardobjectnotation• TheplatformexecutesAnonymousApexviaconsoleorAPIcalls• AnapplicationontheplatformmakesastandardAPIcall

SystemContext• Apexgenerallyrunsinsystemcontext;thatis,

o thecurrentuser'spermissions,o field-levelsecurity,o andsharingrulesaren’ttakenintoaccountduringcodeexecution.

• TheonlyexceptionstothisruleareApexcodethatisexecutedwiththe

o executeAnonymouscallo ChatterinApex.

Theplatformexecutescodeinsystemcontextin:

• ApexClasses(includingwebservices)• ApexTriggers• ApexwebservicescalledfromtheAPI

PurposeofMultipleContexts

• Fromasecurityperspective,usercontextispreferablebecauseuseraccesscontrolsaremaintainedthroughoutthetransaction.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 49

o ThisiswhystandardpagesandVisualforcepagesbuiltonstandardcontrollersruninusercontext.• CustomApexandVisualforceapplicationsoftenrequirepermissionsbeyondthescopeofuser'saccess.Systemcontext

providesthenecessaryflexibilityfortheseapplications.

CRUDandFLSEnforcementinVisualForceandLighttning

• WhenrenderingVisualForcepages,theplatformwillautomaticallyenforceCRUDandFLSwhenthedeveloperreferencesSObjectsandSObjectfieldsdirectlyintheVisualForcepage.

• ifauserwithoutFLSvisibility,itbeautomaticallyremovedfromthetable.• Inputtagssuchasapex:inputTextandapex:inputTextAreawillalsoautomaticallyenforceFLSrestrictions.• Lightningcomponentsdon’tautomaticallyenforceCRUDandFLSwhenyoureferenceobjectsorretrievetheobjects

fromanApexcontroller,CRUDandFLSshouldbeenforcedwhenusingthe“@AuraEnabled”notation.

ProtectAgainstCRUDandFLSViolations

• Youcanenforcethesepermissionsinyourcodethatcheckthecurrentuser'saccesspermissionlevelsbyexplicitlycallingthe

o sObjectdescriberesultmethods(ofSchema.DescribeSObjectResult)andfielddescriberesultmethods(ofSchema.DescribeFieldResult)

§ IsCreateable()§ IsAccessible()§ IsUpdateable()§ IsDeleteable()

IsMyApplicationVulnerable?

• CRUDandFLSalwaysneedstobeenforcedforcreate,read,update,anddeleteoperationsonstandardobjects.• Anyapplicationperformingcreates/updates/deletesinApexcode,passingdatatypesotherthanSObjectsto

VisualForcepages,usingApexwebservicesorthe@AuraEnabled”notationshouldbecheckedthatitiscallingtheappropriateaccesscontrolfunctions.

HowCanITestMyApplication?1. DataDisplayedtotheUser

a. ExamineeachVisualForcepageandattheareasonthepagewheredataisembeddedusingmergefields(i.e.{!object.field}).

i. MergefieldsreferencingSObjectdatathroughotherobjectslikestrings,integers,orApexclassesrequirethatthepagecontrollerorcontrollerextensionperformtheappropriateaccesscontrolcheck.

b. ApexwebservicesdonothaveaVisualForcelayertoautomaticallyenforceCRUD/FLSandalwaysneedtocallisAccessible()onallSObjectfieldsbeforereturningdatatotheuser,

i. samegoesforLightningcomponentsorcontrollers.2. Create,Update,andDeleteOperations

a. ExamineeachApexclassthatcallsinsert,update,upsert,delete,orsimilarcommands.i. Forcreateandupdateoperations,eachfieldassignedavaluedirectlyinApexshouldhaveits

describeresultisCreateable()orisUpdateable()methodcheckedbeforeperformingtheoperation.ii. Deleteoperationsoccuratanobjectlevelbynatureandtheobject'sdescriberesultisDeleteable()

methodshouldbecalledinsteadoffield-levelchecks.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 50

b. Apexwebservicesandauraenabledmethodsalwaysneedtoperformtheappropriateaccesscontrolchecksonallobjectsandfieldsbeforeperformingcreate,update,anddeleteoperations.

runAsMethod

• ThesystemmethodrunAsenablesyoutowritetestmethodsthatchangetheusercontexttoanexistinguseroranewusersothattheuser’srecordsharingisenforced.

• TherunAsmethoddoesn’tenforceuserpermissionsorfield-levelpermissions,onlyrecordsharing.• YoucanuserunAsonlyintestmethods.

NestingYoucannestmorethanonerunAsmethod.Forexample:

Useru2=newUser(Alias='newUser',Email='newuser@testorg.com',System.runAs(u2){ //something Useru3=[SELECTIdFROMUserWHEREUserName='newuser@testorg.com']; System.runAs(u3){ }}

OtherUsesofrunAs

• therunAsmethodtoperformmixedDMLoperationsinyourtestbyenclosingtheDMLoperationswithintherunAsblock.

• ThereisanotheroverloadoftherunAsmethod(runAs(System.Version))thattakesapackageversionasanargument.Thismethodcausesthecodeofaspecificversionofamanagedpackagetobeused

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 51

InjectionVulnerabilityPrevention

Cross-SiteScripting(XSS)

• XSSisaninjectionvulnerabilitythatoccurswhenanattackercaninsertunauthorizedJavaScript,VBScript,HTML,orotheractivecontentintoawebpage.

• Whenotherusersviewthepage,themaliciouscodeexecutesandaffectsorattackstheuser.basicText=apexpages.currentpage().getparameters().get('text'); outputText = basicText.replace('\r\n','<br/>'); document.getElementById('{!$Component.textOutput}').innerHTML = '<p>{!outputText}</p>';

<img src=x onerror="alert(\'I said, HEAR YE, HEAR YE, COME ONE, COME ALL!!\');"></img>

TypesofXSSAttacks• StoredXSS

o StoredXSSoccurswhenamaliciousinputispermanentlystoredonaserverandreflectedbacktotheuserinavulnerablewebapplication.

• ReflectedXSSo ReflectedXSSoccurswhenmaliciousinputissenttoaserverandreflectedbacktotheuserontheresponse

page.

• DOM-basedXSSo DOM-basedXSSoccurswhenanattackpayloadisexecutedasaresultofmodifyingthewebpage’s

documentobjectmodel(DOM)inthevictimuser’sbrowser.

ImpactofXSS• Arbitraryrequests

o AnattackercanuseXSStosendrequeststhatappeartobefromthevictimtothewebserver.• Malwaredownload

o XSScanprompttheusertodownloadmalware.Sincethepromptlookslikealegitimaterequestfromthesite,theusermaybemorelikelytotrusttherequestandactuallyinstallthemalware.

• Logkeystrokeso Theattackercanmonitorkeyboardentries,possiblyfindingusernamesandpasswordstoaccessaccountsat

laterdates.

CommonXSSMitigations• InputFiltering

o Blacklisting—Specific“bad”charactersorcombinationsofcharactersarebanned,meaningtheycan’tbeenteredorstored.

o Whitelisting—Onlycharactersorwordsfromaknownlistofentriesarepermitted,preventingmaliciousinput

• OutputEncoding

Built-inXSSProtectionsinLightningPlatform• AutomaticHTMLEncoding

o SalesforceautomaticallyHTMLencodesanyvaluesandmergefieldsplacedinHTMLcontext.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 52

o Theplatformchanged"<"and"<"into"&lt;"and"&gt;"byautomaticallyHTMLencodingthespecialcharacters.Theplatformtreatsthedataastext,notcode.

o DisablingAutomaticHTMLEncoding§ <apex:outputTextescape="false">

• SalesforceDefaultProtectionsinDifferentExecutionContextso HMTLContexto ScriptContexto StypeContext

PreventXSSinLightningPlatformApplications• IfthevalueisgoingtobeparsedbytheJavaScriptparser,useJSENCODE().• IfthevalueisgoingtobeparsedbytheHTMLparser,useHTMLENCODE().• Ifit’sacombinationofboth…

o UseJSENCODE(HTMLENCODE())o OrJSINHTMLENCODE().

PlatformEncodinginApex• SalesforceprovidesvariousApexencodingfunctionsthroughtheLightningPlatformESAPI,whichexportsglobalstatic

methodsthatyoucanuseinyourpackagetoperformsecurityencoding.• ThispackagecanbeinstalledinanySalesforceorgasanunmanagedpackage.

SOQLInjection

ImpactofSOQLInjection• SinceSOQLisnarrowerthanSQLintermsofwhatausercando,SOQLreducestheattacksurfaceandlimitswhatan

attackercandowithavulnerablequery.o Nocommandexecution,thereforenoabilitytoexploittheunderlyingOSrunningtheSalesforceservice.o Nodeletemethod,thereforenoabilitytointeractdestructively.o Noinsertorupdatemethods,thereforenoabilitytoadddata,useraccounts,orpermissionstothesystem

• AnattackerwhoisabletosuccessfullyexploitSOQLinjectioncanaccessfieldsthatadeveloperdidnotintendtorevealorthatausershouldnotordinarilyhaveaccessto.

SOQLInjectionPrevention• Staticquerieswithbindvariables• String.escapeSingleQuotes()• Typecasting• Replacingcharacters

o Usevar.replaceAll('[^\w]','')• Whitelisting

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 53

StoringSensitiveData• Sensitivedataisalsocalledpersonally-identifyinginformation(PII)orhighbusinessimpact(HBI)data.

SensitiveData-Whatisit?Sensitivedatacaninclude:

● Passwords● Passphrases● Encryptionkeys● OAuthtokens● Purchaseinstruments,suchascreditcardnumbers● Personalcontactinformationsuchasnames,phonenumbers,emailaddresses,accountusernames,physicaladdresses,

andmore● Demographicinformationsuchasincome,gender,age,ethnicity,education● Insomestatesandcountries:machineidentifyinginformationsuchasMACaddress,serialnumbers,IPaddresses,and

more

Measures

HardcodedSecrets• Storingsensitiveinformationinthesourcecodeofyourapplicationmightnotalwaysbeagoodpractice,anyone

thathasaccesstothesourcecodecanviewthesecretsincleartext.

DebugLogs• Debuglogsinapexcodeshouldnotcontainanysensitivedata• Sensitiveinformationshouldalsobenotbesentto3rdpartybyemailsorothermeansaspartofreporting

possibleerrors.

SensitiveInfoinURL• Longtermsecretslikeusername/passwords,APItokensandlonglastingaccesstokensshouldnotbesentvia

GETparametersinthequerystring.• ItisfinetosendshortlivedtokenslikeCSRFtokensintheURL.SalesforcesessionidoranyPIIdatashouldnotbe

sentoverURLtoexternalapplications.

Salesforce.comIntegrations• ExternalapplicationsshouldnotstoreSalesforce.comusercredentials(usernames,passwords,orsessionID's)in

externaldatabases.• InordertointegrateanexternalapplicationwithSalesforce.comuseraccounts,theOAuthflowshouldbeused.

SampleVulnerability

• Ifyoumuststorepasswords(includingnon-Salesforcepasswords),notethatstoringtheminplaintextorhashed(suchaswiththeMD5function)makesyourapplicationvulnerabletomassuserexploitation

• ifanattackercangetaccess(evenjustread-onlyaccess)toyourdatabase(suchasthroughstealingabackuptapeorSQLinjection).

• AlthoughasuccessfulSQLinjectionordataexposureattackisahugeprobleminitself,iftheattackercanrecoverpasswordsfromthedata,theycantransparentlycompromiseuseraccountsonamassscale.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 54

SecuringDatainApplication

IsMyApplicationVulnerable?

• Ifyourapplicationstoresthesalesforce.comuserpassword,yourapplicationmaybevulnerable.

• Ifyourapplicationcollectsotherformsofsensitivedata,yourapplicationmaynotbecompliantwithindustrystandardsandtheleakageofthatsensitivedatamaycauseasignificantprivacyincidentwithlegalconsequences.

HowCanITestMyApplication?

• Reviewtheschemeusedtostoresensitivedataandidentifyinformationcollectedinusecasesandworkflows.

HowDoIProtectMyApplication?Consideranapplicationthatmustauthenticateusers.

• Wehavetostoresomeformoftheuser’spasswordinordertoauthenticatethem.

• Wedon’twanttostorethepasswordinplaintextform

Problem1

• Wecouldencryptthepasswords,butthatwouldrequireanencryptionkey — andwherewouldwestorethat?

Ø Developershavehistoricallyusedacryptographichashfunction,aone-wayfunctionthatis(supposedly)computationallyinfeasibletoreverse.Theythenstorethehashoutput:

hash=md5 #orSHA1,orTiger,orSHA512,etc.storedPasswordHash=hash(password)authenticated?=hash(password)==storedPasswordHash

• Theplaintextpasswordisneverstored.

Problem2• theattackercaneasilypre-computethehashesofalargepassworddictionary.Thentheattackermatchestheir

hashestothoseintheirstolendatabase.

• Toaddressthisproblem,developershavehistorically“salted”thehash:

salt=generateRandomBytes(2)storedPasswordHash=salt+hash(salt+password)

• Thegoalistomakeattackershavetocomputeamuchlargerdictionaryofhashes• Theonlyobstaclehereisthecostofthecomputingresourcesrequiredtoperformthesecalculations,andasingle

roundofMD5orSHA-1isnolongerexpensiveenoughtoslowattackersdown.

Problem3• Fast,cheapandhighlyparallelcomputationonspecializedhardwareorcommoditycomputeclustersmakesbrute

forcesearchwithadictionaryquiteaffordableandaccessible,eventoadversarieswithfewresources.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 55

Ø ThecanonicalsolutionisbcryptbyNielsProvosandDavidMazières.Theideaisthatwetunethehashingfunctiontobe

pessimal;ProvosandMazièresuseamodifiedformoftheBlowfishciphertopessimizeitsalready-slowsetuptimeØ Thebenefitofthisapproachisthatitslowsdowntheattackergreatly,butfortheapplicationtoverifyasingle

passwordcandidatestilltakesessentiallynotime.

ApexandVisualforceApplicationsTherearemultiplewaystoprotectsensitivedata,dependingonthetypeofsecretbeingstored,whoshouldhaveaccess,andhowthesecretshouldbeupdated.

Ø ProtectedCustomMetadataTypeso Withinanamespacedmanagedpackage,protectedcustommetadatatypesaresuitableforstoring

authenticationdataandothersecretso .CustommetadatatypescanalsobeupdatedviatheMetadataAPIintheorganizationthatcreatedthetype,

andcanberead(butnotupdated)atruntimeviaSOQLcodewithinanapexclassinthesamenamespaceasthemetadatatype.

Ø ProtectedCustomSettingso SettingthevisibilityoftheCustomSettingDefinitionto“Protected”andincludingitinamanagedpackage

ensuresthatit’sonlyaccessibleprogrammaticallyviaApexcodethatexistswithinyourpackageo Unlikecustommetadatatypes,customsettingscanbeupdatedatruntimeinyourApexclass,butcannotbe

updatedviatheMetadataAPI.o The“transient”keywordshouldbeusedtodeclareinstancevariableswithinVisualforcecontrollerstoensure

theyarenottransmittedaspartoftheviewstate.Ø ApexCryptoFunctions

o TheApexcryptoclassprovidesalgorithmsforcreatingdigests,MACs,signaturesandAESencryption.o WhenusingthecryptofunctionstoimplementAESencryption,keysmustbegeneratedrandomlyandstored

securelyinaProtectedCustomSettingorProtectedCustomMetadatatype.o NeverhardcodethekeyinwithinanApexclass.

Method SupportedStandards

Encrypt()EncryptWithManagedIv()Decrypt()DecryptWithManagedIv()

AES128,AES192,AES256forencryption.PCKS#5paddingandCipherBlockChaining.

generateDigest()generateMac()

MD5,SHA1,SHA256,SHA512

sign() SHA1withRSA

Ø EncryptedCustomFieldso Encryptedcustomfieldsaretextfieldsthatcancontainletters,numbers,orsymbolsbutareencryptedwith

128-bitkeysandusetheAESalgorithm.o Thevalueofanencryptedfieldisonlyvisibletousersthathavethe“ViewEncryptedData”permission.o Wedonotrecommendstoringauthenticationdatainencryptedcustomfields,howeverthesefieldsare

suitableforstoringothertypesofsensitivedata(creditcardinformation,socialsecuritynumbers,etc).• NamedCredentials

o NamedCredentialsareasafeandsecurewayofstoringauthenticationdataforexternalservicescalledfromyourapexcodesuchasauthenticationtokens.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 56

o Beawarethatuserswithcustomizeapplicationpermissioncanviewnamedcredentials,soifyoursecuritypolicyrequiresthatthesecretsbehiddenfromsubscribers,thenpleaseuseaprotectedcustommetadatatypeorprotectedcustomsetting.

GeneralGuidanceWhenstoringsensitiveinformationonamachine:

● Allauthenticationsecretsmustbeencryptedwhenstoredondisk.● Forclientappsrunningonadesktop,laptop,tablet,ormobiledevice,storeallsecretsinthevendorprovidedkey

store(keychaininOSX/iOSdevices,keystoreinAndroiddevices,orintheregistryprotectedwiththeDP-APIonwindowsdevices.)Thisisahardrequirementtopassthesecurityreview.

● Forservicesrunningonserversthatmustbootwithoutuserinteraction,storesecretsinadatabaseencryptedwithakeynotavailabletothedatabaseprocess.Theapplicationlayershouldprovidethekeyasneededtothedatabaseatruntimeorshoulddecrypt/encryptasneededinitsownprocessspace.

● Donotstoreanycryptographickeysusedforprotectingsecretsinyourapplicationcode● Salthashes,andifpossiblestoresaltsandhashesseparately● Leveragestrongplatformcryptographicsolutions● Checkifframeworks/platformshavealreadyaddressedtheproblem● UseSSL/TLStotransmitsensitivedata

ASP.NET• ASP.NETprovidesaccesstotheWindowsCryptoAPIsandDataProtectionAPI(DPAPI).• Thisisintendedtobeusedforthestorageofsensitiveinformationlikepasswordsandencryptionkeysifthe

DataProtectionPermissionhasbeengrantedtothecode.• ThestrongestsolutionforASP.NETwouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,

suchasacryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingtheunderlyingCryptoAPIwithavendorsuppliedCryptoAPICryptographicServiceProvider(CSP).

Java• JavaprovidestheKeyStoreclassforstoringcryptographickeys.Bydefaultthisusesaflatfileontheserverthatis

encryptedwithapassword.Forthisreason,analternativeCryptographicServiceProvider(CSP)isrecommended.• ThestrongestsolutionforJavawouldbetorelyonahardwaresolutionforsecurelystoringcryptographickeys,suchas

acryptographicsmartcardorHardwareSecurityModule(HSM),thatisaccessiblebyusingthevendor'ssuppliedCSPinthatjava.securityconfigurationfile

• WhennotusingaCSP,iftheproductisaclientapplication,youmustuseJAVAbindingstostorethepassphraseprotectingthekeystoreinthevendorprovidedkeystore

PHP• PHPdoesnotprovidecryptographicallysecurerandomnumbergenerators.Makesuretouse/dev/urandomasthe

sourceforrandomnumbers.• Usethemcryptlibraryforcryptographyoperations.Saltedhashesandsaltscouldbesubsequentlystoredina

database.• Aframeworkcalledphpassoffers"OpenBSD-styleBlowfish-basedbcrypt"forPHP.• Forclientapps,youmustusenativebindingstostoreusersecretsinthevendorprovidedkeystore.

RubyonRails

• ThereisacopyofbcryptspecificallyforRubycalledbcrypt-ruby.• Forclientapps,youmustuserubybindingstostoresecretsinthevendorprovidedkeystore.

Shar ing and V i s ib i l i t y Des igner – S tudy Gu ide

TAHSINZULKARNINE 57

Python

• Useamodulethatinteractswiththevendorprovidedkeystoressuchasthepythonkeyringmodule.

Flash/Airapps

• UsetheEncryptedLocalStorewhichcontainsbindingstousevendorprovidedkeystorestostoresecrets.