Data Categorization and Access Superbadge Unit
Define and configure data access levels based on sensitivity and compliance requirements.
Data Categorization and Access Superbadge Unit
What You'll Be Doing to Earn This Superbadge
- Create new fields according to various business requirements and security needs.
- Configure flexible and scalable field access.
- Explain data categorization and access best practices.
Concepts Tested in This Superbadge
- Data Security
Prework and Notes
Sign Up for a Developer Edition Org with Special Configuration
To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.
-
Sign up for a free Developer Edition org with special configuration.
Fill out the form. For Email address, enter an active email address.
- After you fill out the form, click Sign me up.
When you receive the activation email (this might take a few minutes), open it and click Verify Account.
Complete your registration by setting your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access later.
You are logged in to your superbadge Developer Edition org.
Now, connect your new Developer Edition org to Trailhead.
Make sure you’re logged in to your Trailhead account.
In the Challenge section at the bottom of this page, select Connect Org from the picklist.
On the login screen, enter the username and password for the Developer Edition org you just set up.
On the Allow Access? page, click Allow.
On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge.
Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.
Tips
Some of the terminology used in this superbadge is descriptive and may not match the name as it appears in the user interface (UI). This is to test your knowledge of Salesforce features and ability to select the correct feature to satisfy a business need.
Descriptions must be set for all new fields, permission sets, and so on in order to pass the challenges.
For the purposes of this superbadge unit, do not use Salesforce Shield security tools to complete the challenges.
Use Case
Rain Check is a growing organization looking for ways to improve efficiency without sacrificing security. The company recently launched its Salesforce Center of Excellence (CoE) to help unite stakeholders and streamline decision-making for the Salesforce org. The CoE just completed the group’s first major project: a data dictionary used to catalog and categorize data in the org. Part of the data dictionary project includes guidelines for configuring field access for new and existing fields.
As a Salesforce admin at Rain Check, one aspect of your job is to create new fields, evaluate existing fields, and configure field access according to access requirements and company policies. You’ve been tasked with creating a handful of new fields and adjusting access for some existing fields.
Business Requirements
This section represents requirements for a set of fields and related access levels based on the outcome of the data dictionary project.
Here are the new fields you’ve been asked to create.
- Service Plan PIN (Account)
- Tax ID (Account)
- Social Security Number (Contact)
- Closed Lost Reason (Opportunity)
Additionally, you’ve been asked to review access for the following standard fields.
- Serial Number (Asset)
- Birthdate (Contact)
Important: Review all field and access requirements before completing the challenges. As an admin, you’ll need to consider a variety of factors to determine the types of fields to create and the appropriate access levels.
General Policies and Guidelines
In keeping with the industry best practices, and to allow for increased flexibility, the CoE policy is to grant access to fields via permission sets instead of profiles. Profile-based field-level security should only be used for the system administrator.
- Permission sets are configured for specific, granular access requirements.
- Permission set groups are built by persona and assigned to users with similar job requirements.
- Permission sets are reused across multiple permission set groups with selected permissions muted where needed.
Legal and Compliance
Protecting customer data and confidential business information is a top priority for Rain Check. As part of the data dictionary project, the CoE worked with Rain Check’s legal and compliance departments to define data sensitivity categories. These categories are aligned with the level of risk and impact to the Rain Check organization if the data were leaked or compromised.
Here are the data sensitivity levels and the corresponding security requirements for the Rain Check Salesforce org.
- High: Data must be partially masked* at minimum.
- Medium: Data must have the highest possible security measures while meeting business requirements. Data should be partially masked* if possible.
- Low: Data should only be visible to users who need it to perform job duties.
The legal and compliance departments have approved the following sensitivity levels for the fields you’re responsible for creating and updating.
Object | Field | Sensitivity |
---|---|---|
Account | Service Plan PIN | Medium |
Account | Tax ID | Medium |
Contact | Birthdate | Medium |
Contact | Social Security Number | High |
Opportunity | Closed Lost Reason | Low |
Asset | Serial Number | Low |
New Field Information
This table outlines business needs and requirements for some of the new fields you need to create. In conjunction with the other details in the scenario, use this information to determine various field settings.
Required Field Functionality | |
---|---|
Service Plan PIN (Account) |
|
Tax ID (Account) |
|
Closed Lost Reason (Opportunity) |
|
Use the information provided here to create the new fields in your org.
Object | Field Label | Field Name | Other Field Information |
---|---|---|---|
Account | Service Plan PIN |
Service_Plan_PIN |
PIN is a four-digit number. |
Account | Tax ID |
Tax_ID |
Field needs to accommodate Tax IDs up to 12 digits. |
Contact | Social Security Number |
Social_Security_Number |
Data must display in nine-digit Social Security number format. |
Opportunity | Closed Lost Reason |
Closed_Lost_Reason |
Field will house detailed explanation for a closed lost opportunity. |
Field Access Requirements
This table lists the field access requirements for different sets of users.
Account Executives | Sales Managers | Accounting | Call Center Agents | System Administrators | |
---|---|---|---|---|---|
Service Plan PIN (Account) | Read | Read | Read | Read, Update | Read, Update |
Tax ID (Account) | No Access | No Access | Read, Update | No Access | Read, Update |
Birthdate (Contact) | Read, Update | Read, Update | Read | Read | Read, Update |
Social Security Number (Contact) | No Access | No Access | Read, Update | No Access | Read |
Closed Lost Reason (Opportunity) | Read, Update | Read, Update | Read | No Access | Read, Update |
Serial Number (Asset) | Read | Read, Update | Read, Update | Read | Read, Update |
The Rain Check admin team has built the org access structure to maximize flexibility and scalability. Use the following permission set groups to set the appropriate access to the six fields according to the requirements. For the purposes of this challenge, don’t create any new permission sets or permission set groups for your solution.
Permission Set Groups:
- Account Executive
- Sales Manager
- Accounting
- Call Center Agent