Skip to main content Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.
+2,000 points
Superbadge

Data Categorization and Access Superbadge Unit

Define and configure data access levels based on sensitivity and compliance requirements.

~1 hr

Prerequisites

Data Categorization and Access Superbadge Unit

What You'll Be Doing to Earn This Superbadge

  1. Create new fields according to various business requirements and security needs.
  2. Configure flexible and scalable field access.
  3. Explain data categorization and access best practices.

Concepts Tested in This Superbadge

  • Data Security

Prework and Notes

Sign Up for a Developer Edition Org with Special Configuration

To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.

  1. Sign up for a free Developer Edition org with special configuration.

  2. Fill out the form. For Email address, enter an active email address.

  3. After you fill out the form, click Sign me up.
  4. When you receive the activation email (this might take a few minutes), open it and click Verify Account.

  5. Complete your registration by setting your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access later.

  6. You are logged in to your superbadge Developer Edition org.

Now, connect your new Developer Edition org to Trailhead.

  1. Make sure you’re logged in to your Trailhead account.

  2. In the Challenge section at the bottom of this page, select Connect Org from the picklist.

  3. On the login screen, enter the username and password for the Developer Edition org you just set up.

  4. On the Allow Access? page, click Allow.

  5. On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge.

  6. Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.

Tips

  • Some of the terminology used in this superbadge is descriptive and may not match the name as it appears in the user interface (UI). This is to test your knowledge of Salesforce features and ability to select the correct feature to satisfy a business need.

  • Descriptions must be set for all new fields, permission sets, and so on in order to pass the challenges.

  • For the purposes of this superbadge unit, do not use Salesforce Shield security tools to complete the challenges.


Note

Note

Before you begin the challenges, review Data Security Specialist Superbadge: Trailhead Challenge Help.

Make sure you’re using a new Developer Edition org from this sign up link to complete the challenges in this superbadge unit. If you use an org that has been used for other work, you won’t pass the challenges in this superbadge unit.

This superbadge unit is part of the Data Security Specialist Superbadge. Complete the capstone assessment and related superbadge units to receive the Data Security Specialist Superbadge.

Review Superbadge Challenge Help for information about the Salesforce Certification Program and Superbadge Code of Conduct.

Use Case

Rain Check is a growing organization looking for ways to improve efficiency without sacrificing security. The company recently launched its Salesforce Center of Excellence (CoE) to help unite stakeholders and streamline decision-making for the Salesforce org. The CoE just completed the group’s first major project: a data dictionary used to catalog and categorize data in the org. Part of the data dictionary project includes guidelines for configuring field access for new and existing fields.

As a Salesforce admin at Rain Check, one aspect of your job is to create new fields, evaluate existing fields, and configure field access according to access requirements and company policies. You’ve been tasked with creating a handful of new fields and adjusting access for some existing fields.

Business Requirements

This section represents requirements for a set of fields and related access levels based on the outcome of the data dictionary project.

Here are the new fields you’ve been asked to create.

  1. Service Plan PIN (Account)
  2. Tax ID (Account)
  3. Social Security Number (Contact)
  4. Closed Lost Reason (Opportunity)

Additionally, you’ve been asked to review access for the following standard fields.

  1. Serial Number (Asset)
  2. Birthdate (Contact)

Important: Review all field and access requirements before completing the challenges. As an admin, you’ll need to consider a variety of factors to determine the types of fields to create and the appropriate access levels.

General Policies and Guidelines

In keeping with the industry best practices, and to allow for increased flexibility, the CoE policy is to grant access to fields via permission sets instead of profiles. Profile-based field-level security should only be used for the system administrator.

  • Permission sets are configured for specific, granular access requirements.
  • Permission set groups are built by persona and assigned to users with similar job requirements.
  • Permission sets are reused across multiple permission set groups with selected permissions muted where needed.

Legal and Compliance

Protecting customer data and confidential business information is a top priority for Rain Check. As part of the data dictionary project, the CoE worked with Rain Check’s legal and compliance departments to define data sensitivity categories. These categories are aligned with the level of risk and impact to the Rain Check organization if the data were leaked or compromised.


Note

Note

The sensitivity categories described in this section are provided to inform security configurations in your solution. The categories shouldn’t be aligned to the Data Sensitivity Level metadata field, which is used to support data management policies.

Here are the data sensitivity levels and the corresponding security requirements for the Rain Check Salesforce org.

  • High: Data must be partially masked* at minimum.
  • Medium: Data must have the highest possible security measures while meeting business requirements. Data should be partially masked* if possible.
  • Low: Data should only be visible to users who need it to perform job duties.
*When data is masked, only the last four characters should be visible.

The legal and compliance departments have approved the following sensitivity levels for the fields you’re responsible for creating and updating.

Object Field Sensitivity
Account Service Plan PIN Medium
Account Tax ID Medium
Contact Birthdate Medium
Contact Social Security Number High
Opportunity Closed Lost Reason Low
Asset Serial Number Low

New Field Information

This table outlines business needs and requirements for some of the new fields you need to create. In conjunction with the other details in the scenario, use this information to determine various field settings.

Required Field Functionality
Service Plan PIN (Account)
  • Searchable
  • Available in Validation Rules
Tax ID (Account)
  • Available in Validation Rules
  • Visible in List Views
Closed Lost Reason (Opportunity)
  • Stores formatted text and hyperlinks
  • Available in Validation Rules
  • Visible in List Views

Use the information provided here to create the new fields in your org.

Object Field Label Field Name Other Field Information
Account Service Plan PIN Service_Plan_PIN PIN is a four-digit number.
Account Tax ID Tax_ID Field needs to accommodate Tax IDs up to 12 digits.
Contact Social Security Number Social_Security_Number Data must display in nine-digit Social Security number format.
Opportunity Closed Lost Reason Closed_Lost_Reason Field will house detailed explanation for a closed lost opportunity.

Field Access Requirements

Note

Note

The User Access and Permissions Assistant app has been installed in your org for optional use. This tool may be helpful in reviewing current permissions and user assignments.

Developer Edition orgs allow only two active Salesforce users, including yourself. For this reason, most of the users in your org are set to inactive. You may find it helpful to activate and log in as specific users as you configure your solution.

This table lists the field access requirements for different sets of users.

Account Executives Sales Managers Accounting Call Center Agents System Administrators
Service Plan PIN (Account) Read Read Read Read, Update Read, Update
Tax ID (Account) No Access No Access Read, Update No Access Read, Update
Birthdate (Contact) Read, Update Read, Update Read Read Read, Update
Social Security Number (Contact) No Access No Access Read, Update No Access Read
Closed Lost Reason (Opportunity) Read, Update Read, Update Read No Access Read, Update
Serial Number (Asset) Read Read, Update Read, Update Read Read, Update

The Rain Check admin team has built the org access structure to maximize flexibility and scalability. Use the following permission set groups to set the appropriate access to the six fields according to the requirements. For the purposes of this challenge, don’t create any new permission sets or permission set groups for your solution.

Permission Set Groups:

  1. Account Executive
  2. Sales Manager
  3. Accounting
  4. Call Center Agent

Ready to Tackle This Superbadge?

Please first complete the prerequisites and the challenge for Data Categorization and Access Superbadge Unit will be unlocked.

~1 hr