Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
Matthew McIntoshMatthew McIntosh 
This is the module I'm working on. (

I get the following error message when I try assigning the Trailhead permission to a user (John Smith) I created.

"Can't assign permission set Trailhead to user John Smith. The user license doesn't allow the permission: Manage Two-Factor Authentication in User Interface"

User license is the deafult one "Salesforce Platform" and the profile is the "Standard Platform User". 

I've also tried assigning the permission set to the Sia Thripio user that I created when originally going through the module but encountered the same issue. 

How can I get this issue resolved?
Best Answer chosen by Matthew McIntosh
Jonathan FoxJonathan Fox
You need to give them Two-Factor Authentication for User Interface Logins rather than Manage Two-Factor Authentication in User Interface
Michael KolodnerMichael Kolodner 
I just created a new custom object in sandbox and created the tab for this object. It was set to default Tab Hidden for all profiles. Then I created a permission set to show the tab, checked Visible and Available, and assigned it to myself. I can see the tab in the Lightning App picker for all tabs, but when I click on it, I get a message that "You can't view this item in Lightning Experience. Open in Salesforce Classic." Clicking to open in Classic works fine and I can see and edit the objects. 

But why is the tab not available in Lightning? How can I make it available?
Best Answer chosen by Bhavin ( 
Chris CazzollaChris Cazzolla
I experienced the same thing as above. After reading the comments here, I simply refreshed the page in the browser and it worked! Thanks all!
Mark OlsenMark Olsen 
I'm working with a connected app which is using the JWT Bearer Token flow for API access. Generating access tokens and using them for API calls is working fine. When I use the Token Introspection to check the status of an access token I'm getting an "invalid client credentials" error.

According to the documentation I need to pass in a client_id and client_secret value for authorization. The documentation does not clearly state where these values are defined on the connected app.
  • For the client_id I'm using the "Consumer Key" listed on the connected App's "Manage" page. The example appears to be in the same format.
  • For the client_secret I'm using the "Consumer Secret" listed on the connected App's "Manage" page. The example does not appear to be in the same format however there is no value on the App's "Manage" page that matches the format in the example.
  • For the endpoint I'm using the "my" domain for the instance:
The connected app has the setting "Introspect All Tokens" enabled.
Anyone have any experience with this and can point me in the right direction?
Best Answer chosen by Mark Olsen
Mark OlsenMark Olsen
Was able to solve this with the help of Salesforce support. I was using the correct parameters however the endpoint was not recognizing the POST payload encoding type I was using.
Best Answer chosen by vivek jadhav
Piyush SinghalPiyush Singhal
Hey Vivek,
Try this
Hope this helps,
Sankaran NepoleanSankaran Nepolean 
Sales representatives at Universal Containers need assistance from product managers when selling certain products. Product managers do not have access to opportunities, but need to gain access when they are assisting with a specific deal. How can a system administrator accomplish this?
A. Notify the product manager using opportunity update reminders.
B. Enable opportunity teams and allow users to add the product manager.
C. Use similar opportunities to show opportunities related to the product manager. D. Enable account teams and allow users to add the product manager.

This is the question from the sample paper. I'm a newbie, i couldn't understand how the answer is B.

what does 'Enable opportunity teams' mean ? && how to 'allow users to add the product manager'
Best Answer chosen by Sankaran Nepolean
Jeff MayJeff May
Congrats on starting down the certifcation path!  

Here is a link that will introduce you to Opportunity Teams: (
Rupesh JhaRupesh Jha 
As part of role hierarch i know we can open the visibility if OWD setting is more restrictive. 
What I am confused is while providing access to one of the roles I am not sure why i only happen to see for Opportunity Cases and Contact Object . 

What Happens to other objects ? 

Role Hierarchy Setting
Best Answer chosen by Rupesh Jha
Dharmendra ShekhawatDharmendra Shekhawat
Hi Rupesh,

Salesforce offers a user role hierarchy that you can use with sharing settings to determine the levels of access that users have to your Salesforce org’s data. Roles within the hierarchy affect access on key components such as records and reports.

Users at any role level can view, edit, and report on all data that’s owned by or shared with users below them in the role hierarchy, unless your Salesforce org’s sharing model for an object specifies otherwise. Specifically, in the Organization-Wide Defaults related list, you can disable the Grant Access Using Hierarchies option for a custom object. When disabled, only the record owner and users who are granted access by the organization-wide defaults receive access to the object’s records.

Roles determine user access to cases, contacts, and opportunities, regardless of who owns those records. The access level is specified on the Role Edit page. For example, you can set the contact access so that users in a role can edit all contacts associated with accounts that they own, regardless of who owns the contacts. And you can set the opportunity access so that users in a role can edit all opportunities associated with accounts that they own, regardless of who owns the opportunities.
After you share a folder with a role, it’s visible only to users in that role, not to superior roles in the hierarchy.

For more information on security model, you can refer -

Please mark this as best ans if this helps !!!


Joe MarsonJoe Marson 
Hi, one of my Users is unable to log into Salesforce. When I, an administrator, reset their password, they don't receive the verification code. Their email address is correct on their User record. This is in ProductionPost to Community. This user has checked their Inbox AND Junk Mail for a Verification Code. No Verification Code email from Salesforce in sight.

Has anyone else expereinced this issue?

A solution or some guidance would be greatly appreciated.
Best Answer chosen by Joe Marson
Daniel ProbertDaniel Probert
Hi Joe,

I had a similar issue recently and this article helped me resolve it.

Henriëtte WijneHenriëtte Wijne 
I want to make Salesforce files private (on record) with a mass update and then share them with a private chattergroup. When you upload a file to a record, the default sharing an privacy option is that the file is visible to all who has access to the object.  In our situation not everyone who has access to the object, may also see and share the uploaded file.
I find out that with dataloader I can update the records in the object contentdocument.  I can make the files private by set the sharingprivacy on P (private). But the file should not just be visible for de the owner of the file, but also for a private group. The only way to do this (as far as I can discover) is to share the file with a private chatter group. Does anyone has a solution for this? 
Best Answer chosen by Henriëtte Wijne
Manoj NambirajanManoj Nambirajan
Hi Henriette,

Can you check if below help article serves your cause. This option is via dataloader against

Its a dataloader against Content Document Link Object. Hope it helps.
Roxanne AngellRoxanne Angell 
The entire MFA issue seems over my head. I understand what MFA is - I just do not understand why we have to implement it or when.
Our users log into to our SF using lightning login. Do we still need to implement it? What will the implications be for API's built to talk to our org, such as custom API's and managed apps? 
If/When we do implement it, does that mean our users have to authenticate every time they log into SF via a different platform, including mobile?
Best Answer chosen by Roxanne Angell
Dmitry ZhagrovDmitry Zhagrov
I'm sorry for missunderstanding.
When I read that your question is " I just do not understand why we have to implement it or when."
I have tryed to explain that you need to implement it ONLY if you are interesting in extra level of security to protect your SF entity from entries by unauthorized persons.
Then one more question from your side was: if our users log into to our SF using lightning login and we implement MFA,  What will the implications be for API's built to talk to our org, such as custom API's and managed apps? 
I have tryed to answer that I never read about any negative impact of MFA to those SF features, so possible the risk to broke something after MFA is implemented is low.
I'm sorry again about your confusion from my initil answer.

Best Answer chosen by ASIF ALI
This is because of storage, Limit exceeded.
Nobady answered, I figured myself.