Secure Application Lifecycle Management Superbadge Unit
Employ security throughout all stages of the application lifecycle.
Secure Application Lifecycle Management Superbadge Unit
What You'll Be Doing to Earn This Superbadge
- Modify a flow and subflow without over-permissioning.
- Mitigate critical security vulnerabilities identified in an org scan.
- Describe application security best practices and requirements.
Concepts Tested in This Superbadge
- Secure Application Development
Prework and Notes
Sign Up for a Developer Edition Org with Special Configuration
To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.
-
Sign up for a free Developer Edition org with special configuration.
Fill out the form. For Email address, enter an active email address.
After you fill out the form, click Sign me up.
When you receive the activation email (this might take a few minutes), open it and click Verify Account.
Complete your registration by setting your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access later.
You are logged in to your superbadge Developer Edition org.
Now, connect your new Developer Edition org to Trailhead.
Make sure you’re logged in to your Trailhead account.
In the Challenge section at the bottom of this page, select Connect Org from the picklist.
On the login screen, enter the username and password for the Developer Edition org you just set up.
On the Allow Access? page, click Allow.
On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge unit.
Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.
Tips
Complete all steps in this superbadge in Salesforce Lightning Experience. You may switch to Salesforce Classic to view certain settings not available in Lightning.
Some of the terminology used in this superbadge is descriptive and may not match the name as it appears in the user interface (UI). This is to test your knowledge of Salesforce features and ability to select the correct feature to satisfy a business need.
Use Case
Cirrus Cash Flow is a startup that provides financial services for its customers and was recently acquired by the financial services behemoth, Stratus Global Bank. Stratus Global Bank has put Cirrus Cash Flow’s systems through a thorough security audit and now needs to make changes.
Stratus Global Bank requires that security measures are implemented throughout all stages of the application development cycle, from design and build to release and ongoing maintenance. As the security admin at Stratus Global Bank, you’ve met with key stakeholders from both companies and have compiled a set of security change requirements.
Business Requirements
This section represents the culmination of many meetings and is the basis of your work to secure Cirrus Cash Flow’s Salesforce applications and ensure the right users have the right access.
Product Creation Flow
As part of the acquisition, Cirrus Cash Flow now has more products in the company’s portfolio with price books that reflect the global market. The Salesforce team originally created the Product Creation screen flow to help admins create new products and price book entries on behalf of the sales team. Now, the team has agreed to give a select group of sales super users the ability to create products and price books using the flow.
Price Book Access
Cirrus Cash Flow has configured price book access in its org so that all sales users can see the standard price book and the price book relevant to their region. Sales users are assigned the Custom: Sales Profile. The Cirrus Cash Flow price books are manually shared as follows:
- Standard Price Book: Shared with All Internal Users
- Asia-Pacific Price Book: Shared with the VP, International Sales role and subordinates
- North American Price Book: Shared with the VP, North American Sales role and subordinates
Product Creation Flow Overview
The Product Creation screen flow is launched via the Quick Create Product custom button on the opportunity page layout. The flow gathers product information from the user, allows them to provide price book entries only for the price books they have access to, then launches the Price Book Entry Creation subflow in order to create the price book entry records.
Flow Update Requirements
The Product Creation flow currently only runs for users with the System Administrator profile. In order to allow secure access, your task is to adjust the main flow, subflow, and related access levels to meet the following requirements.
- The Product Flow custom permission should only be granted to users with the Sales Super User permission set.
- The Product Creation screen flow should respect user access levels.
- The Price Book Entry Creation subflow should allow the creation of price book entry records, even if the running user doesn’t have permission to create these records otherwise.
- The flow should run for system administrators OR any user with the Product Flow custom permission.
Following the principle of least privilege, your solution should not grant additional access to the price book and price book entry objects beyond the requirements outlined above.
Note: While there are other valid ways to configure flow access, you have decided to use the Product Flow custom permission. As an experienced admin, you know this solution will allow for the most flexible and granular access control in potential future use cases.
Test Users
Your org has two users with the Sales Super User permission set.
- Patricia Perez, APAC Sales Representative
- Kyle Daniele, AMER Sales Representative
Mitigate Critical and Warning Level Security Vulnerabilities
The Cirrus Cash Flow org is well on its way to compliance with Stratus Global Bank’s information security (infosec) policies, but there are a couple of loose ends that you need to address. Use the tools available in your org to identify and fix the critical and warning level vulnerabilities in your security settings.
Note: You can assume you’ve discussed the recommended changes with the appropriate teams and the implications of the changes have been addressed. Way to be a security advocate!