Salesforce Sharing and Security Fundamentals

Security and record sharing is at the core of any successful organization and many Salesforce certification exams. This course will teach you about the essential skills permissions, profiles, secure code, and sharing on the Salesforce platform.
Course info
Level
Intermediate
Updated
Sep 26, 2018
Duration
2h 23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 26, 2018
Duration
2h 23m
Description

Salesforce sharing and security is at the core of any successful enterprise or organization, and to many Salesforce certification exams. In this course, Salesforce Sharing and Security Fundamentals, you will learn foundational knowledge of security on the Salesforce platform. First, you will learn about users and user controls like password policies and IP login range restrictions. Next, you will discover the declarative security functionality like profiles, permission sets, and row level record sharing. Finally, you will explore how to write more secure code on the platform considering common vulnerabilities. When you’re finished with this course, you will have the skills and knowledge of security needed to perform a meaningful audit and make improvements to any Salesforce Org.

About the author
About the author

Scott is the director of Elega Corporation, which produces business applications and develops games. His development career was launched in the litigation support industry and has expanded to solar energy using Salesforce and its Apex programming language, Python, C#, and numerous kinds of integrated databases.

More from the author
Salesforce Workflow: Getting Started
Beginner
1h 53m
16 Jan 2018
Section Introduction Transcripts
Section Introduction Transcripts

Introduction
Hello and welcome to Salesforce Sharing and Security Fundamentals. I'm Scott Lee, director of Elega Corporation. I'm pleased to have worked in software development, and Salesforce in particular, for many years. At the time of making this course, I hold a number of Salesforce certifications, including sharing and visibility designer. Enough about me, let's talk about you and what you'll learn in this course. In this introductory module, I'll go over the prerequisites, along with some good courses to take alongside this one, just so you can make sure you're in the right place. I'll go over the course objectives, including what's in scope for this course, or what's included, and what isn't. Indeed, we are here to learn all about Salesforce security and sharing. Why do we care about security? And who is responsible for it? I'll go into a lot more detail later, but to start with, I should point out that this isn't a cyber security course in the traditional sense, we won't be talking about hacking, cracking passwords, or encryption per se. Instead, this course will dig in to what you need to know as Salesforce specialist to make sure you can utilize the absolute essential security mechanisms that come out of the box with Salesforce.

Managing Users for Security Control
Welcome to our first highly detailed module on Managing Users and Security Controls. Users and the mechanisms around them are the backbone of the Salesforce platform. In this module, you'll gain an understanding of users, along with most of the high level ideas you can think of, like their activities, setup, and controls. Some examples include things like password policies and password resets; two factor authentication, an essential part of modern IT security; IP ranges, so that you can properly restrict who can access your Salesforce org based on where they are in the world; CRUD permissions, where CRUD stands for create, read, update, and delete. These pertain to object level security. We'll also explore using the setup audit trail to discover who is making changes to your Salesforce org's configuration. Finally, I'll be explaining public groups and their place in the Salesforce platform. Let's get started.

Producing Profiles and Permissions
Profiles and permissions define almost everything about what a user can do inside Salesforce, and I think it's important that you be able to understand these concepts from multiple angles. It's easy to shrug off the word permissions without knowing what that really means in the context of Salesforce. So in this module, I'll explain permissions. You'll learn the details behind user profiles, beyond just knowing the bare basics about how they're connected to the user, as we explored in the previous module if you've been following along from the beginning. I'll also dig into a deeper explanation of permission sets, as you really cannot understand permissions without understanding permission sets as well. Finally, I'll configure a new profile so that you can see firsthand some of the thought processes and real point and click steps behind configuring a brand new profile, thinking through the different angles and scenarios that are needed before the profile is ever assigned to any user.

Sharing Records (With Your Friends)
Your fundamental skills in sharing and security are almost complete. But sharing is a big issue. It's time we explored its details. In this module, we'll have to uncover all the essentials behind row-level access, via record sharing. I'll explore the user hierarchy in Salesforce and the role of roles within that hierarchy. I'll be explaining sharing and sharing rules, which will include both criteria and owner-based sharing. In a demo, we'll explore the fundamentals of the sharing settings within the Salesforce setup menu. I'll also provide an alternate perspective on visibility itself, where I'll be able to recap everything we have covered in the course so far, if you've followed along from the beginning. Finally, I'll explore sharing's impact on performance, which, as it turns out, can be a major point of contention for many use cases, and I'll provide some tips on how you can better manage performance when necessary. I'll see you in the next clip to discuss hierarchies.

Avoiding Fake Security Traps on Page Layouts
Fake security traps, what I mean is fake security. The traps are very real and the traps can happen when you rely on page layouts. In this module, I'll take you through an overview of the Salesforce user interface as it typically exists and its role in security. To give you a brief hint before going into detail, I can say the interface really does not provide the security you're looking for the way I've described in previous modules. But I'll explain exactly why. Then how to use record types. Record types are a way of splitting up an object across different type values, and they play a role in what the user sees, so that's definitely falling in the realm of security. Finally. I'll show you how to know for sure what fields are accessible on a given object by showing you how the Salesforce Field Accessibility view works in the Setup menu.

Taking Next Steps
This has been quite the journey for both of us. It's been my pleasure producing this course for you. In addition to all of the concepts covered so far, this module seeks to prepare you for the future where you can begin to apply all the skills covered here. To start, I'll move you through some of the key takeaways from the course, then we'll examine some other areas you can explore and learn from, finally, I'll show you a simple demo on how you can use the Salesforce DX technology, and its command line interface, to install the course example materials into your own developer org so that you can continue learning from the example code, and perhaps, even continue building as your own improvement exercise.