Skip to main content TrailblazerDX, the ultimate AI learning event is heading back to San Francisco March 6-7, 2024. Register Now and save 35% with code T24DEYE424.
+2,000 points
Superbadge

Secure Application Lifecycle Management Superbadge Unit

Employ security throughout all stages of the application lifecycle.

~1 hr

Prerequisites

Secure Application Lifecycle Management Superbadge Unit

Secure Application Lifecycle Management Superbadge Unit

What You'll Be Doing to Earn This Superbadge

  1. Modify a flow and subflow without over-permissioning.
  2. Mitigate critical security vulnerabilities identified in an org scan.
  3. Describe application security best practices and requirements.

Concepts Tested in This Superbadge

  • Secure Application Development

Prework and Notes

Sign Up for a Developer Edition Org with Special Configuration

To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.

  1. Sign up for a free Developer Edition org with special configuration.

  2. Fill out the form. For Email address, enter an active email address.

  3. After you fill out the form, click Sign me up.

  4. When you receive the activation email (this might take a few minutes), open it and click Verify Account.

  5. Complete your registration by setting your password and challenge question. Tip: Write down your username, password, and login URL for easy access later.

  6. You are logged in to your superbadge Developer Edition org.

Now, connect your new Developer Edition org to Trailhead.

  1. Make sure you’re logged in to your Trailhead account.

  2. In the Challenge section at the bottom of this page, select Connect Org from the picklist.

  3. On the login screen, enter the username and password for the Developer Edition org you just set up.

  4. On the Allow Access? page, click Allow.

  5. On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge unit.

  6. Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.

Tips

  • Complete all steps in this superbadge in Salesforce Lightning Experience. You may switch to Salesforce Classic to view certain settings not available in Lightning.

  • Some of the terminology used in this superbadge is descriptive and may not match the name as it appears in the user interface (UI). This is to test your knowledge of Salesforce features and ability to select the correct feature to satisfy a business need.


Note

Note

Before you begin the challenges, review Security Advocacy Specialist Superbadge: Trailhead Challenge Help.

Make sure you’re using a new Developer Edition org from this sign up link to complete the challenges in this superbadge unit. If you use an org that’s been used for other work, you won’t pass the challenges in this superbadge unit.

This superbadge unit is part of the Security Advocacy Specialist Superbadge. Complete the capstone assessment and related superbadge units to receive the Security Advocacy Specialist Superbadge.

Review Superbadge Challenge Help for information about the Salesforce Certification Program and Superbadge Code of Conduct.

Use Case

Cirrus Cash Flow is a startup that provides financial services for its customers and was recently acquired by the financial services behemoth, Stratus Global Bank. Stratus Global Bank has put Cirrus Cash Flow’s systems through a thorough security audit and now needs to make changes.

Stratus Global Bank requires that security measures are implemented throughout all stages of the application development cycle, from design and build to release and ongoing maintenance. As the security admin at Stratus Global Bank, you’ve met with key stakeholders from both companies and have compiled a set of security change requirements.

Business Requirements

This section represents the culmination of many meetings and is the basis of your work to secure Cirrus Cash Flow’s Salesforce applications and ensure the right users have the right access.

Product Creation Flow

As part of the acquisition, Cirrus Cash Flow now has more products in the company’s portfolio with price books that reflect the global market. The Salesforce team originally created the Product Creation screen flow to help admins create new products and price book entries on behalf of the sales team. Now, the team has agreed to give a select group of sales super users the ability to create products and price books using the flow.

Price Book Access

Cirrus Cash Flow has configured price book access in its org so that all sales users can see the standard price book and the price book relevant to their region. Sales users are assigned the Custom: Sales Profile. The Cirrus Cash Flow price books are manually shared as follows:

  1. Standard Price Book: Shared with All Internal Users
  2. Asia-Pacific Price Book: Shared with the VP, International Sales role and subordinates
  3. North American Price Book: Shared with the VP, North American Sales role and subordinates

Product Creation Flow Overview

The Product Creation screen flow is launched via the Quick Create Product custom button on the opportunity page layout. The flow gathers product information from the user, allows them to provide price book entries only for the price books they have access to, then launches the Price Book Entry Creation subflow in order to create the price book entry records.

Diagram outlining the existing “Product Creation” screen flow. The flow starts with a decision element that determines if the user has the required permission to run the flow. If they don’t, the flow ends. If they do, the flow gathers the product information from the user and creates the product record. Then, the flow loops through active price books that the user has access to and allows them to provide the data for the price book entries. Finally, the “Price Book Entry Creation” subflow is launched in order to create the price book entry records.

Flow Update Requirements

The Product Creation flow currently only runs for users with the System Administrator profile. In order to allow secure access, your task is to adjust the main flow, subflow, and related access levels to meet the following requirements.

  • The Product Flow custom permission should only be granted to users with the Sales Super User permission set.
  • The Product Creation screen flow should respect user access levels.
  • The Price Book Entry Creation subflow should allow the creation of price book entry records, even if the running user doesn’t have permission to create these records otherwise.
  • The flow should run for system administrators OR any user with the Product Flow custom permission.

Following the principle of least privilege, your solution should not grant additional access to the price book and price book entry objects beyond the requirements outlined above.

Note: While there are other valid ways to configure flow access, you have decided to use the Product Flow custom permission. As an experienced admin, you know this solution will allow for the most flexible and granular access control in potential future use cases.

Test Users

Note

Note

Developer Edition orgs allow only two active Salesforce users, including yourself. For this reason, some of the users in your org are inactive but you may choose to activate them or create additional users for testing purposes.

Your org has two users with the Sales Super User permission set.

  1. Patricia Perez, APAC Sales Representative
  2. Kyle Daniele, AMER Sales Representative

Mitigate Critical and Warning Level Security Vulnerabilities

The Cirrus Cash Flow org is well on its way to compliance with Stratus Global Bank’s information security (infosec) policies, but there are a couple of loose ends that you need to address. Use the tools available in your org to identify and fix the critical and warning level vulnerabilities in your security settings.

Note: You can assume you’ve discussed the recommended changes with the appropriate teams and the implications of the changes have been addressed. Way to be a security advocate!

Ready to Tackle This Superbadge?

Please first complete the prerequisites and the challenge for Secure Application Lifecycle Management Superbadge Unit will be unlocked.

~1 hr