+2,000 ポイント
Superbadge

Extended User Access and Restriction Superbadge Unit

Build effective sharing solutions to provide the right access to the right records.

~ 1 時間

Extended User Access and Restriction Superbadge Unit

この Superbadge を獲得するための実習内容

  1. Adjust organization-wide sharing settings.
  2. Create roles and sharing using hierarchies.
  3. Build owner and criteria-based sharing rules.
  4. Use restriction rules to filter record access.

この Superbadge でテストされる概念

  • Sharing Settings

Note

To ensure we meet the needs of our Trailblazer Community, we’re always reviewing and evolving our program based on your feedback. As a result, we’ve created superbadge units! Superbadge units present assessment content in smaller segments. Groups of superbadge units are arranged by topic and can be followed by a capstone-style superbadge that completes the specialist-level credential.

For more information, check out the Superbadge Unit FAQ Help article.


Sign Up for a Developer Edition Org with Special Configuration

To complete this superbadge unit, you need a special Developer Edition org that contains special configuration and sample data. Note that this Developer Edition org is designed to work with the challenges in this superbadge unit.

  1. Sign up for a free Developer Edition org with special configuration.

  2. Fill out the form. For Email, enter an active email address.

  3. After you fill out the form, click Sign me up.

  4. When you receive the activation email (this might take a few minutes), open it and click Verify Account.

  5. Complete your registration by setting your password and challenge question. Tip: Write down your username, password, and login URL for easy access later.

  6. You are logged in to your superbadge Developer Edition org.

Now, connect your new Developer Edition org to Trailhead.

  1. Make sure you’re logged in to your Trailhead account.

  2. In the Challenge section at the bottom of this page, select Connect Org from the picklist.

  3. On the login screen, enter the username and password for the Developer Edition org you just set up.

  4. On the Allow Access? page, click Allow.

  5. On the Want to connect this org for hands-on challenges? page, click Yes! Save it. You are redirected back to the Challenge page and ready to use your new Developer Edition org to earn this superbadge unit.

  6. Now that you have a Salesforce org with special configuration for this superbadge unit, you’re good to go.


Note

Note

Before you begin the challenges, review User Access Specialist Superbadge: Trailhead Challenge Help.

Make sure you’re using a new Developer Edition org from this sign up link to complete the challenges in this superbadge unit. If you use an org that’s been used for other work, you won’t pass the challenges in this superbadge unit.

This superbadge unit is part of the User Access Specialist Superbadge. Complete the capstone assessment and related superbadge units to receive the User Access Specialist Superbadge.

Review Superbadge Challenge Help for information about the Salesforce Certification Program and Superbadge Code of Conduct.

Use Case

Thunderground, the lightning-fast ecommerce start-up, has experienced booming sales overseas throughout the last fiscal year. As a result, the company is bringing on a new sales team to focus on the business-to-customer (B2C) markets in Europe, the Middle East, and Africa (EMEA).

The fastest-growing region is centered in the European Union (EU) and adherence to the General Data Protection Regulation (GDPR) has become increasingly complex. Thunderground has decided it’s in the company’s best interest to hire an internal auditor to ensure GDPR compliance.

As an admin at Thunderground, your task is to make sure that members of the sales team, the new GDPR auditor, and key stakeholders have the right access to the right records.

Note: Descriptions must be set for all new fields, permission sets, and so on in order to pass the challenges.

Business Requirements

This section represents the requirements you’ve outlined in order to extend and restrict access in the right places. You should implement all of the solutions described below using Lightning Experience.

Note: Susan Reynolds is a test user provided in your special org for this superbadge unit. While your solutions don’t require a user to be assigned, you may want to test your configurations with this user.

Organizational Overview

The org chart below shows the reporting structure for the new EMEA Sales and GDPR Auditor roles.

Org chart showing reporting structure. There are two role hierarchies that start with the CEO. 1. CEO > SVP, Sales & Marketing > VP, International Sales > EMEA Sales > Technical Sales Manager > Technical Sales Representative. 2. CEO > General Counsel > GDPR Auditor

General Record-Level Security Requirements

The sales teams at Thunderground can be competitive. While this is great for drumming up sales, there’s no business need for sales personnel to have access to records owned by other representatives. Configure the default access to records in your org so that accounts, contracts, and opportunities are restricted to the record owners and their managers.

Note: These record-level security requirements may be adjusted by the more specific requirements outlined later in this superbadge unit.

Create the new roles for the Thunderground Salesforce org with the following requirements.

Role Name Reports to: Opportunity Access
GDPR_Auditor General Counsel Users in this role cannot access opportunities they do not own that are associated with accounts they do own.
Technical_Sales_Manager EMEA Sales Users in this role can edit all opportunities associated with accounts they own, regardless of who owns the opportunities.
Technical_Sales_Representative Technical Sales Manager Users in this role cannot access opportunities they do not own that are associated with accounts they do own.

Cross-Functional Record Access

Now that you’ve locked down record access and created the required roles, you need to make sure the teams that support sales have access to the records they need to do their jobs.

Operations Team

The operations team is responsible for provisioning services for closed won opportunities. They need to be able to view all closed won opportunities where the custom field named Provisioned? is not checked. The operations team consists of users in both the Customer Support, North America and Customer Support, International roles.

Configure a single sharing solution that shares opportunity records with both of these roles and users above them in the hierarchy. Use the following names to accomplish this.

  1. Group: Operations
  2. Sharing Rule: Operations_Visibility

GDPR Auditor

The GDPR auditor needs to be able to audit account, contract, and opportunity records for GDPR compliance purposes. GDPR only applies to a regional subset of records, so the auditor only needs access to records related to customers in the EU.

Sharing Solution Name Description
GDPR_Auditor_Opportunity_Visibility Grants Read access to all opportunities owned by users in the EMEA Sales role and their subordinates
GDPR_Auditor_Account_Visibility Grants Read access to all accounts and contracts located in the EU; Use the provided European Union checkbox on the account record to set the criteria.

Control Access to Tasks

Now that you’ve configured record access for the sales and GDPR auditor roles, it’s time to shift gears and focus on access to tasks. With the growing business and increased cross-collaboration among departments at Thunderground, the amount of tasks associated with a single record has become overwhelming and confusing. Thunderground users are frustrated that they have to scroll through tasks unrelated to their roles to find the ones they need to act on.

After conducting multiple rounds of user interviews, your team has confirmed that Thunderground users only need to view tasks owned by members of the same role. There is one exception; users with the Custom: Sales Profile should only be able to see the tasks they own.

Create and activate two record access solutions that restrict access to tasks based on these requirements.

Sharing Solution Full Name Description
Same_Role_Task_Restriction Allows active users to see only the tasks owned by users that have the same role
Sales_Profile_Task_Restriction Allows users with the Custom: Sales Profile* to see only the tasks they own

*Note: You need the profile ID for the Custom: Sales Profile in this solution. This 15- or 18-character ID is unique to your org and starts with 00e in the profile page URL.

この Superbadge 獲得に挑戦しますか?

まず前提条件をクリアしてください。クリアすると、Extended User Access and Restriction Superbadge Unit の Challenge を選択できるようになります。

~ 1 時間