+5,500 ポイント
Superbadge

Security Specialist

Flex your security muscles by locking down permissions and tracking changes.

~ 5 時間

Security Specialist

この Superbadge を獲得するための実習内容

  1. Set object-level security settings to control which users can access which objects
  2. Set record-level security settings to control which users can create and edit specific records
  3. Track field-level changes to meet data retention requirements
  4. Set report, dashboard, and public list view security settings to grant appropriate privileges to users
  5. Describe capabilities to track changes to Salesforce settings

この Superbadge でテストされる概念

  • Data Security
  • User Access
  • Monitoring/Governance

Note

We're hard at work bringing you updated Salesforce security content that reflects product enhancements and industry best practices. As a result, the Security Specialist Superbadge was updated and a new prerequisite, User Authentication Specialist Superbadge was published on July 14, 2022. Stay tuned for more new security superbadge content coming in August 2022!

Don’t worry! If you’ve already unlocked this superbadge, it will remain unlocked and you will not be required to complete the new prerequisite superbadge (although we highly recommend it). Any configurations you made for the previous version of the Security Specialist Superbadge will pass the challenges in this version.


Pre-work and Notes

  • Grab a pen and paper. You may want to jot down notes as you read the requirements.

  • Create a new Trailhead Playground for this superbadge. Using this org for any other reason might create problems when validating the challenge.

  • Install the Trailhead Security superbadge managed package (package ID: 04t36000000jWht). If you have trouble installing a managed or unmanaged package or app from AppExchange, follow the steps in this article

  • Although you can only create a single user in your Developer Edition org, you can create as many permissions (profiles, roles, public groups, and so on) as you need to complete this challenge. We recommend creating a user to test your various security configurations. Create a user named Samantha Cordero for this purpose.

Note

Note

Before you begin the challenges, please review Security Specialist: Trailhead Challenge Help.

Review Superbadge Challenge Help for information about the Salesforce Certification Program and the Superbadge Code of Conduct.


Use Case

GenZ Capital is a startup that provides financial services for its Generation Z customers. They offer all services via social media. While their IT team is fantastic (their emoji-based support system is bleeding edge), they were less than ready to be acquired by the finserve behemoth OldGuard Finance. OldGuard has put GenZ’s systems through a thorough security audit and now changes need to be made.

As a premier Salesforce security consultant, you’ve met with the key stakeholders via social media direct message, and you have compiled a comprehensive set of security change requirements.

Standard Objects

GenZ uses the following standard objects to store all deal-related data:

  • Account—Businesses that purchase financial service packages from GenZ Capital

  • Contact—Prospective and existing customer contacts of GenZ Capital

  • Opportunity—Deals related to GenZ Capital’s financial packages

Custom Objects

For the purpose of this superbadge, GenZ doesn’t use custom objects.

Business Requirements

This section represents the culmination of many meetings and will be the basis of your work to transform GenZ’s Salesforce org into a cloud-based version of Fort Knox.

Data Security Requirements

To comply with government financial regulations, GenZ must implement both data retention and encryption policies. You’ve explored these needs in detail with your stakeholders through a series of conversations, and all stakeholders have agreed that value changes in the Opportunity Amount field must be tracked.

Organizational Security Requirements

You’ve investigated each role at GenZ and have come up with the following role-specific requirements:

Organizational Overview

There are three core teams in GenZ’s main sales organizational structure: Field Sales, Inside Sales, and Sales Executive. Gen Z also has individuals who have act as project managers to help implement the most complex deals.

a diagram showing GenZ's sales organisational structure and individuals who also act as project managers

General Record-Level Security Requirements

Configure default access to records in your org to:

  • Restrict access to opportunities to the people who own them (and their managers).
  • Allow access to accounts to anyone in the org, regardless of who owns them, as long as their profile allows access to Accounts in general. Note: keep default options for contacts.

Note: These general record-level security requirements can be overridden by the more specific requirements set below.

Field Sales User Requirements

Field Sales users should be able to create their own list views, but not create or manage list views for others. They should also be able to create reports and dashboards, but not create or manage report and dashboard folders. They should also be able to read, create, and edit (but not delete) their own opportunities; and read and edit all accounts. Note: When providing access to see and edit all accounts for Field Sales, do not use the profile View All and Modify All settings.

Inside Sales User Requirements

Inside Sales users should be able to create reports, dashboards, and create and manage reports and dashboard folders. They should be able to create and manage list views for themselves and other people. They can view, create, and edit all accounts and opportunities (but not delete them). Note: Opportunities have restricted access. Find a way to share these with Inside Sales without selecting View All and Modify All on the profile.

Sales Executive User Requirements

Sales Executive users should be able to view all opportunities and accounts (regardless of other sharing settings), but not be able to create, edit, or delete any opportunities or accounts. They should be able to create reports and dashboards, but not create or manage report and dashboard folders. Sales Executive users should be able to create their own list views, but not create or manage list views for others.

Special Requirements for Users Who Are Also Project Managers

Project Manager (PM) permissions are set up differently than other user permissions because PMs all have other responsibilities within the company. For example, Carla Rodriguez’s primary job is as a Sr. Field Sales Associate, but she also works as a project manager. For this reason, you can’t use a profile to set record level permissions. You also should not use role for sharing records with project managers. PMs should be able to view all opportunities where Type = “Existing Customer - Upgrade” and Stage = “Closed Won”, but should not view any other opportunities owned by other users. Use the name Project Managers when naming any security property related to PMs.

Note

Note

Before you begin the challenges, please review Security Specialist: Trailhead Challenge Help.

この Superbadge 獲得に挑戦しますか?

まず前提条件をクリアしてください。クリアすると、Security Specialist の Challenge を選択できるようになります。

~ 5 時間