I'm doing https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist (https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist)
I'm stuck at the 2nd step with the following user : Shinje Tashi who is described as :
Title : Sales Data Quality Specialist
This sales data quality specialist supports the entire company and needs to be assigned a role that can see and access all account, contact, and opportunity records for the entire company.
Use the Standard User profile
I have created the user as described.
I have the following error :
Shinje Tashi does not have the user settings he needs.
It says :
"...provide Shinje Tashi access to the Language Preference field without modifying his profile. Name the solution you create for extending access Bilingual Pilot."
I have created a permission set called Bilingual Pilot that gives access to the custom field Language Preference and assign it to this user.
But the error persists.
How can I solve it ?
Hi, Trailblazers! Hoping I've missed something obvious here, but banging my head against this one: I've got a set of users who are able to edit WAY more than they should be on opportunity records. Here are the details.
1. OWD for opps is set to private
2. User is on a custom "No Access User" profile, with no permissions for anything (this is in order to grant permissions via permission sets instead.)
3. Roles exist in the org, but this set of users are not assigned to a role.
4. Permission set grants user CRUD permissions, but only ~6 of ~230 opportunity fields get Edit access (on a field-level basis in the permission set).
5. Records are shared via Opportunity Sharing rule based on record criteria - criteria is: when a picklist has a certain value, members of a public group get read/edit access (in order to faciliate the edits they should be able to perform on those ~6 fields.)
6. When I switch to Classic to take a look at the Share table for an affected record, everything seems correct; the users who in reality are being granted overbroad access only have access to the record via that sharing rule in #5.
7. Only one record type exists, and two opp page layouts (but only one is relevant.). Fields are not marked read-only on the page level, since users with other permission sets granting greater access use the same page layout. (But this should not matter, we can't grant edit access to fields a user would not otherwise have access to via a page layout.)
8. User does not have modify-all access to opps (or any object) at the profile or permission set level.
9. User does not have "Edit Read Only Fields" permission granted via the profile or permission set (why does this even exist?!)
10. The user who can inappropriately edit the fields does not own the record in question.
One potential clue: when I look at the field accessibility matrix, is says "field is editable due to page layout." Whaaaaa? Maybe I need to watch Who Sees What for the 5 millionth time, but, like I mentioned in #7, does not seem right to me that a page layout alone could grant edit access to fields that are read-only at the profile level. I don't see page layouts anywhere in the pyramid =)
(Wonder if this is related to this unresolved but similar sounding case from three years ago: https://success.salesforce.com/answers?id=9063A000000iXu8QAE )
What ever connection you may use it for needs to be updated with your new certificate, simple :)
see below more on answer
If you do use SSO or integration you need to create a new self-signed cert and install that on the remote system.
Worst case scenario is that whatever connection is using that certificate will just flat stop working. (authentication or data transfer)
Do have a check to your installed packages as may use the certificate.
Can you get in contact with the people/company that gererated that cert? and ask them what they were using it for?
Here how to generate a selfcert: https://help.salesforce.com/articleView?id=security_keys_creating.htm&language=en_US&type=0
So you have to update it where you use it, most common applications of these certificates are SSO and custom HTTPS domains.
For SSO have a check under Security Controls > Single Sign on Settings > SAML Single Sign-On Settings.
For other uses check the:
- HTTPS requests
- SOAP services
I think that I have captured everything about the object security access in this diagram, I have additional notes on the sides that are not going to be included due to image size limitation. Please let me know if I can improve the graphic for other newbs as myself
I am working on trailhead where exactly these fields available?
Field-Level Security—Customer SSN and Bank Account fields on contact records must be encrypted. Any change in the Amount field on opportunity records must be recorded. I cant find Customer SSN and Bank Account fields on Contact Object.
Please be aware, with the Spring release, there has been an update with how Salesforce verifies user identity. The primary change is that Salesforce now utilizes the local browser to cache logins. This process updates the browser itself upon successful verification. Thus, if your browser blocks or removes its browser data, you will be repeatedly prompted to verify at the next login. You may review the change further via this Article:
https://help.salesforce.com/apex/HTViewSolution?urlname=After-Spring-16-why-am-I-asked-for-Identity-Confirmation-Verification-code-on-every-login&language=en_US There are 3 different ways to prevent these prompts: (you only need to implement one of these options)
1. Update the Network Access of your org with all approved IP ranges. This will resolve the issue entirely for anyone signing in from those approved addresses. https://help.salesforce.com/apex/HTViewHelpDoc?id=security_overview_network.htm&language=en_US
2. Login IP Restrictions can be added for each individual profile to limit the access of those users to a known set of approved ranges.
3. Lastly, you could simply ensure that your users are not clearing their browsing data, or that the browsers are not clearing the data upon browser close.
I am trying to provide a modify all permission without the 'Delete' access for the Account object while keeping the OWD to 'Private'.
Is this possible to achieve this by having a sharing rule with 'Read\Edit' access for all Accounts ?
Let me know your suggestions.
When trying to send an email from a Case you are not the Case Owner off, it doesn't allow to send an email unless you have access to the Contact you select.
Now if you want to send an email and don't select any Contact (but use the additional to), it doesn't allow you to send the email due to insufficient privileges.
Any permissions that would get around this?