Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
John SchneiderJohn Schneider 
What option does this fall under?  Is this not available to add to change sets?
Best Answer chosen by John Schneider
Jan van OsJan van Os
Sadly that is not possible (yet) with Change Sets. I've looked into the metadata API and can't find it there either.
Bekir YanmazBekir Yanmaz 
Hi,

I'm doing https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist (https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist)

I'm stuck at the 2nd step with the following user : Shinje Tashi who is described as :

Shinje Tashi
Title : Sales Data Quality Specialist
This sales data quality specialist supports the entire company and needs to be assigned a role that can see and access all account, contact, and opportunity records for the entire company.
Use the Standard User profile

I have created the user as described.

I have the following error :
 Shinje Tashi does not have the user settings he needs.

It says :

"...provide Shinje Tashi access to the Language Preference field without modifying his profile. Name the solution you create for extending access Bilingual Pilot."

I have created a permission set called Bilingual Pilot that gives access to the custom field Language Preference and assign it to this user.

But the error persists.

How can I solve it ?

Thanks
Best Answer chosen by Ed (salesforce.com) 
Bekir YanmazBekir Yanmaz
Hi,

Changing this user's role to CEO solved the issue for me.

Give it a try. 
Matthew PoeMatthew Poe 

Hi, Trailblazers!  Hoping I've missed something obvious here, but banging my head against this one: I've got a set of users who are able to edit WAY more than they should be on opportunity records.  Here are the details.
1. OWD for opps is set to private
2. User is on a custom "No Access User" profile, with no permissions for anything (this is in order to grant permissions via permission sets instead.)
3. Roles exist in the org, but this set of users are not assigned to a role.
4. Permission set grants user CRUD permissions, but only ~6 of ~230 opportunity fields get Edit access (on a field-level basis in the permission set).
5.  Records are shared via Opportunity Sharing rule based on record criteria - criteria is: when a picklist has a certain value, members of a public group get read/edit access (in order to faciliate the edits they should be able to perform on those ~6 fields.)
6.  When I switch to Classic to take a look at the Share table for an affected record, everything seems correct; the users who in reality are being granted overbroad access only have access to the record via that sharing rule in #5.
7.  Only one record type exists, and two opp page layouts (but only one is relevant.). Fields are not marked read-only on the page level, since users with other permission sets granting greater access use the same page layout.  (But this should not matter, we can't grant edit access to fields a user would not otherwise have access to via a page layout.)
8. User does not have modify-all access to opps (or any object) at the profile or permission set level.
9. User does not have "Edit Read Only Fields" permission granted via the profile or permission set (why does this even exist?!)
10. The user who can inappropriately edit the fields does not own the record in question.

One potential clue: when I look at the field accessibility matrix, is says "field is editable due to page layout."  Whaaaaa?  Maybe I need to watch Who Sees What for the 5 millionth time, but, like I mentioned in #7, does not seem right to me that a page layout alone could grant edit access to fields that are read-only at the profile level.  I don't see page layouts anywhere in the pyramid =)

(Wonder if this is related to this unresolved but similar sounding case from three years ago:  https://success.salesforce.com/answers?id=9063A000000iXu8QAE )

Best Answer chosen by Matthew Poe
Amnon KruviAmnon Kruvi
The field accessibility message indicates that the profile may have access to the field. I know it's supposed to be a dumbed down, no-access profile, but can you just double check that if you go inside the profile to the field level security section, and open opportunities, that none of the fields are marked in there? 
Ines GarciaInes Garcia 
I have seen many posts and unresolved questions on this matter. I shall then attempt to explain this simple for any users on what and how is to deal with this.

What ever connection you may use it for needs to be updated with your new certificate, simple :)
see below more on answer
 
Best Answer chosen by Ines Garcia
Ines GarciaInes Garcia
For example if your org uses Single Sign On or another connection (perhaps integration?) to another system that required the use of the certificate. When was the certificate created?
If you do use SSO or integration you need to create a new self-signed cert and install that on the remote system.  
Worst case scenario is that whatever connection is using that certificate will just flat stop working. (authentication or data transfer)
Do have a check to your installed packages as may use the certificate.
Can you get in contact with the people/company that gererated that cert? and ask them what they were using it for?

Here how to generate a selfcert: https://help.salesforce.com/articleView?id=security_keys_creating.htm&language=en_US&type=0


So you have to update it where you use it, most common applications of these certificates are SSO and custom HTTPS domains.


For SSO have a check under Security Controls > Single Sign on Settings > SAML Single Sign-On Settings.

For other uses check the:
- HTTPS requests
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_client_certs_http.htm
- SOAP services
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_client_certs_soap.htm


Tada!
Yura IYura I 
User-added image
I think that I have captured everything about the object security access in this diagram, I have additional notes on the sides that are not going to be included due to image size limitation. Please let me know if I can improve the graphic for other newbs as myself

 
Best Answer chosen by Yura I
Jonathan FoxJonathan Fox

This is a great graphic. You should post it in one of the chatter groups in the community.

 

Is there something you want help on with rehards to the above?

Bareera NoorBareera Noor 
Hello,
 I am working on trailhead where exactly these fields available?
Field-Level Security—Customer SSN and Bank Account fields on contact records must be encrypted. Any change in the Amount field on opportunity records must be recorded. I cant find Customer SSN and Bank Account fields on Contact Object.
Best Answer chosen by Ed (salesforce.com) 
Suhas SardeshmukhSuhas Sardeshmukh
Customer SSN and Bank Account fields does not exist on Contact object. And hence, can't be encrypted. Challenge can be completed by skipping this instruction.
Kevin TsuiKevin Tsui 
Hi.  I have a user that is constantly being asked to activate their computer on the same source IP.  Here's the recent log below.  I've whitelisted that IP under "Network Access".  But any ideas?  Thanks.

User-added image
Best Answer chosen by Kevin Tsui
Kevin TsuiKevin Tsui
Update!  I ended up submitting a case because the user was still experiencing the issue.  Here is the response from the agent.

Please be aware, with the Spring release, there has been an update with how Salesforce verifies user identity. The primary change is that Salesforce now utilizes the local browser to cache logins. This process updates the browser itself upon successful verification. Thus, if your browser blocks or removes its browser data, you will be repeatedly prompted to verify at the next login. You may review the change further via this Article:

https://help.salesforce.com/apex/HTViewSolution?urlname=After-Spring-16-why-am-I-asked-for-Identity-Confirmation-Verification-code-on-every-login&language=en_US There are 3 different ways to prevent these prompts: (you only need to implement one of these options)

1. Update the Network Access of your org with all approved IP ranges. This will resolve the issue entirely for anyone signing in from those approved addresses. https://help.salesforce.com/apex/HTViewHelpDoc?id=security_overview_network.htm&language=en_US

2. Login IP Restrictions can be added for each individual profile to limit the access of those users to a known set of approved ranges.

3. Lastly, you could simply ensure that your users are not clearing their browsing data, or that the browsers are not clearing the data upon browser close.
Kimberly DaleKimberly Dale 
 I need to review each profile and determine if they have the correct access or too much access
Best Answer chosen by Kimberly Dale
Ahilesh RagavanAhilesh Ragavan
Hello Kimberly,

Here is a useful external app : Perm Comparator
https://perm-comparator.herokuapp.com

It lets you view and compare access, permissions between profiles, permission sets.

Sample compare page:
User-added image


We do not have any reports to run to view profile permissions.
Dee SriDee Sri 
Hello Trailblazers,

I am trying to provide a modify all permission without the 'Delete' access for the Account object while keeping the OWD to 'Private'.
Is this possible to achieve this by having a sharing rule with 'Read\Edit' access for all Accounts ?

Let me know your suggestions.

Thank you.
Best Answer chosen by Dee Sri
Andrew RussoAndrew Russo
easiest way if you want to share all accounts with all users is to create a sharing rule that wuld apply to the highest role in your org and all subordinates.
Tobias HaggeTobias Hagge 
Hey.

When trying to send an email from a Case you are not the Case Owner off, it doesn't allow to send an email unless you have access to the Contact you select.

Now if you want to send an email and don't select any Contact (but use the additional to), it doesn't allow you to send the email due to insufficient privileges.

Any permissions that would get around this?
Best Answer chosen by Jayson (salesforce.com) 
Ben MervenBen Merven
Just ran into this problem. Get the user to login to salesforce in a private/incognito window and see if that fixes it. If so, then clear their browser cache and cookies and it should work.