Extended User Access and Restriction Superbadge Unit
Build effective sharing solutions to provide the right access to the right records.
Extended User Access and Restriction Superbadge Unit
Ce que vous devez accomplir pour gagner ce superbadge
- Adjust organization-wide sharing settings.
- Create roles and sharing using hierarchies.
- Build owner and criteria-based sharing rules.
- Use restriction rules to filter record access.
Concepts testés avec ce Superbadge
- Sharing Settings
Prework and Notes
Sign Up for a Developer Edition Org with Special Configuration
To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.
-
Sign up for a free Developer Edition org with special configuration.
Fill out the form. For Email address, enter an active email address.
After you fill out the form, click Sign me up.
When you receive the activation email (this might take a few minutes), open it and click Verify Account.
Complete your registration by setting your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access later.
You are logged in to your superbadge Developer Edition org.
Now, connect your new Developer Edition org to Trailhead.
Make sure you’re logged in to your Trailhead account.
In the Challenge section at the bottom of this page, select Connect Org from the picklist.
On the login screen, enter the username and password for the Developer Edition org you just set up.
On the Allow Access? page, click Allow.
On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge unit.
Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.
Use Case
Thunderground, the lightning-fast ecommerce start-up, has experienced booming sales overseas throughout the last fiscal year. As a result, the company is bringing on a new sales team to focus on the business-to-customer (B2C) markets in Europe, the Middle East, and Africa (EMEA).
The fastest-growing region is centered in the European Union (EU) and adherence to the General Data Protection Regulation (GDPR) has become increasingly complex. Thunderground has decided it’s in the company’s best interest to hire an internal auditor to ensure GDPR compliance.
As an admin at Thunderground, your task is to make sure that members of the sales team, the new GDPR auditor, and key stakeholders have the right access to the right records.
Note: Descriptions must be set for all new fields, permission sets, and so on in order to pass the challenges.
Business Requirements
This section represents the requirements you’ve outlined in order to extend and restrict access in the right places. You should implement all of the solutions described below using Lightning Experience.
Note: Susan Reynolds is a test user provided in your special org for this superbadge unit. While your solutions don’t require a user to be assigned, you may want to test your configurations with this user.
Organizational Overview
The org chart below shows the reporting structure for the new EMEA Sales and GDPR Auditor roles.
General Record-Level Security Requirements
The sales teams at Thunderground can be competitive. While this is great for drumming up sales, there’s no business need for sales personnel to have access to records owned by other representatives. Configure the default access to records in your org so that accounts, contracts, and opportunities are restricted to the record owners and their managers.
Note: These record-level security requirements may be adjusted by the more specific requirements outlined later in this superbadge unit.
Create the new roles for the Thunderground Salesforce org with the following requirements.
Role Name | Reports to: | Opportunity Access |
---|---|---|
GDPR_Auditor |
General Counsel | Users in this role cannot access opportunities they do not own that are associated with accounts they do own. |
Technical_Sales_Manager |
EMEA Sales | Users in this role can edit all opportunities associated with accounts they own, regardless of who owns the opportunities. |
Technical_Sales_Representative |
Technical Sales Manager | Users in this role cannot access opportunities they do not own that are associated with accounts they do own. |
Cross-Functional Record Access
Now that you’ve locked down record access and created the required roles, you need to make sure the teams that support sales have access to the records they need to do their jobs.
Operations Team
The operations team is responsible for provisioning services for closed won opportunities. They need to be able to view all closed won opportunities where the custom field named Provisioned? is not checked. The operations team consists of users in both the Customer Support, North America and Customer Support, International roles.
Configure a single sharing solution that shares opportunity records with both of these roles and users above them in the hierarchy. Use the following names to accomplish this.
- Group:
Operations
- Sharing Rule:
Operations_Visibility
GDPR Auditor
The GDPR auditor needs to be able to audit account, contract, and opportunity records for GDPR compliance purposes. GDPR only applies to a regional subset of records, so the auditor only needs access to records related to customers in the EU.
Sharing Solution Name | Description |
---|---|
GDPR_Auditor_Opportunity_Visibility |
Grants Read access to all opportunities owned by users in the EMEA Sales role and their subordinates |
GDPR_Auditor_Account_Visibility |
Grants Read access to all accounts and contracts located in the EU; Use the provided European Union checkbox on the account record to set the criteria. |
Control Access to Tasks
Now that you’ve configured record access for the sales and GDPR auditor roles, it’s time to shift gears and focus on access to tasks. With the growing business and increased cross-collaboration among departments at Thunderground, the amount of tasks associated with a single record has become overwhelming and confusing. Thunderground sales users are frustrated that they have to scroll through tasks unrelated to their roles and departments to find the ones they need to act on.
After conducting multiple rounds of user interviews, your team has outlined two actions to address this issue.
- Technical Sales Managers only need to see tasks from their department.
- Technical Sales Representatives only need to see tasks they own.
Create and activate two record access solutions that restrict access to tasks based on these requirements.
Sharing Solution Full Name | Description |
---|---|
Sales_Manager_Task_Restriction |
Allows Technical Sales Managers* to see only tasks from their department |
Sales_Rep_Task_Restriction |
Allows Technical Sales Representatives* to see only the tasks they own. |
*Note: You need the role ID for each role in this solution. This 15- or 18-character ID is unique to your org and starts with 00e in the role page URL.