Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
Ken TallmanKen Tallman 
I have a user who cannot delete contacts even though she has Modify All permissions on Contacts and Accounts. When she tries to delete a contact, she gets this Visualforce error:

npsp__util_pagemessages: system.security.NoAccessException: You do not have sufficient privileges to access the controller: UTIL_HtmlOutput_CTRL 

Note that she gets this error in both Lightning and Classic, so it's not a problem with the button (as suggested in another post).

Any advice would be much appreciated.
Best Answer chosen by Ken Tallman
Ankush DurejaAnkush Dureja
Check if user profile has permission to access apex class 'UTIL_HtmlOutput_CTRL'
Rob GrangerRob Granger 
Hello, Are there any trainings, Trailhead or otherwise, for Salesforce Setup Audit Trail?
Best Answer chosen by Jayson (salesforce.com) 
Vanisha GuptaVanisha Gupta
Hello,

Setup audit trail is just used to track changes made or any actions performed in your org. With it you can see actions of last 6 months. You can also download it to look in more detail.
 
You can read the documentation of it here : https://help.salesforce.com/articleView?id=admin_monitorsetup.htm&type=5 to know more :)

Thanks!
Alice LeAlice Le 
Hi guys,

Quick clarification question. I keep thinking I can/should use Permission Sets to open up access to a specific group of people - eg, allow my Contracting team read/write permission on Opportunities so they can update some document status fields. However, this doesn't work - I need to open up permission to edit opps via Sharing Rules.

So... when would I use a permission set if it doesn't actually enable access to a field or object? 
Best Answer chosen by Alice Le
Chris EdwardsChris Edwards
Permission sets add the same kind of permissions as profiles give - access to apps, objects, fields, system functions etc - but the only settings that control access to other people's records are OWDs, roles and sharing rules. 

Am I right in thinking the Contracting team do not own the opportunities? If so, this will be why permission sets aren't working for you and why sharing rules are.
Yura IYura I 
User-added image
I think that I have captured everything about the object security access in this diagram, I have additional notes on the sides that are not going to be included due to image size limitation. Please let me know if I can improve the graphic for other newbs as myself

 
Best Answer chosen by Yura I
Jonathan FoxJonathan Fox

This is a great graphic. You should post it in one of the chatter groups in the community.

 

Is there something you want help on with rehards to the above?

Casey LoockCasey Loock 
I want to do an audit of our roles, profiles, and permission sets, specifically what each has access to in our Salesforce environment, but I'm not sure what the best approach would be. I could look at each one, one at a time, but I wanted to see if there was a better way.
Best Answer chosen by Casey Loock
Dave RiesDave Ries
This isn't a total solution for you, but it's a great tool that might help.
Some genius created a free tool called the "PermComparator" which allows you to compare Profiles & Permission Sets side by side.  I've found that it doesn't show ALL settings, but it's a great help regardless!

https://perm-comparator.herokuapp.com/
John SchneiderJohn Schneider 
What option does this fall under?  Is this not available to add to change sets?
Best Answer chosen by John Schneider
Jan van OsJan van Os
Sadly that is not possible (yet) with Change Sets. I've looked into the metadata API and can't find it there either.
Bekir YanmazBekir Yanmaz 
Hi,

I'm doing https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist (https://trailhead.salesforce.com/en/super_badges/superbadge_business_specialist)

I'm stuck at the 2nd step with the following user : Shinje Tashi who is described as :

Shinje Tashi
Title : Sales Data Quality Specialist
This sales data quality specialist supports the entire company and needs to be assigned a role that can see and access all account, contact, and opportunity records for the entire company.
Use the Standard User profile

I have created the user as described.

I have the following error :
 Shinje Tashi does not have the user settings he needs.

It says :

"...provide Shinje Tashi access to the Language Preference field without modifying his profile. Name the solution you create for extending access Bilingual Pilot."

I have created a permission set called Bilingual Pilot that gives access to the custom field Language Preference and assign it to this user.

But the error persists.

How can I solve it ?

Thanks
Best Answer chosen by Ed (salesforce.com) 
Bekir YanmazBekir Yanmaz
Hi,

Changing this user's role to CEO solved the issue for me.

Give it a try. 
Matthew PoeMatthew Poe 

Hi, Trailblazers!  Hoping I've missed something obvious here, but banging my head against this one: I've got a set of users who are able to edit WAY more than they should be on opportunity records.  Here are the details.
1. OWD for opps is set to private
2. User is on a custom "No Access User" profile, with no permissions for anything (this is in order to grant permissions via permission sets instead.)
3. Roles exist in the org, but this set of users are not assigned to a role.
4. Permission set grants user CRUD permissions, but only ~6 of ~230 opportunity fields get Edit access (on a field-level basis in the permission set).
5.  Records are shared via Opportunity Sharing rule based on record criteria - criteria is: when a picklist has a certain value, members of a public group get read/edit access (in order to faciliate the edits they should be able to perform on those ~6 fields.)
6.  When I switch to Classic to take a look at the Share table for an affected record, everything seems correct; the users who in reality are being granted overbroad access only have access to the record via that sharing rule in #5.
7.  Only one record type exists, and two opp page layouts (but only one is relevant.). Fields are not marked read-only on the page level, since users with other permission sets granting greater access use the same page layout.  (But this should not matter, we can't grant edit access to fields a user would not otherwise have access to via a page layout.)
8. User does not have modify-all access to opps (or any object) at the profile or permission set level.
9. User does not have "Edit Read Only Fields" permission granted via the profile or permission set (why does this even exist?!)
10. The user who can inappropriately edit the fields does not own the record in question.

One potential clue: when I look at the field accessibility matrix, is says "field is editable due to page layout."  Whaaaaa?  Maybe I need to watch Who Sees What for the 5 millionth time, but, like I mentioned in #7, does not seem right to me that a page layout alone could grant edit access to fields that are read-only at the profile level.  I don't see page layouts anywhere in the pyramid =)

(Wonder if this is related to this unresolved but similar sounding case from three years ago:  https://success.salesforce.com/answers?id=9063A000000iXu8QAE )

Best Answer chosen by Matthew Poe
Amnon KruviAmnon Kruvi
The field accessibility message indicates that the profile may have access to the field. I know it's supposed to be a dumbed down, no-access profile, but can you just double check that if you go inside the profile to the field level security section, and open opportunities, that none of the fields are marked in there? 
Ines GarciaInes Garcia 
I have seen many posts and unresolved questions on this matter. I shall then attempt to explain this simple for any users on what and how is to deal with this.

What ever connection you may use it for needs to be updated with your new certificate, simple :)
see below more on answer
 
Best Answer chosen by Ines Garcia
Ines GarciaInes Garcia
For example if your org uses Single Sign On or another connection (perhaps integration?) to another system that required the use of the certificate. When was the certificate created?
If you do use SSO or integration you need to create a new self-signed cert and install that on the remote system.  
Worst case scenario is that whatever connection is using that certificate will just flat stop working. (authentication or data transfer)
Do have a check to your installed packages as may use the certificate.
Can you get in contact with the people/company that gererated that cert? and ask them what they were using it for?

Here how to generate a selfcert: https://help.salesforce.com/articleView?id=security_keys_creating.htm&language=en_US&type=0


So you have to update it where you use it, most common applications of these certificates are SSO and custom HTTPS domains.


For SSO have a check under Security Controls > Single Sign on Settings > SAML Single Sign-On Settings.

For other uses check the:
- HTTPS requests
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_client_certs_http.htm
- SOAP services
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_client_certs_soap.htm


Tada!
Bareera NoorBareera Noor 
Hello,
 I am working on trailhead where exactly these fields available?
Field-Level Security—Customer SSN and Bank Account fields on contact records must be encrypted. Any change in the Amount field on opportunity records must be recorded. I cant find Customer SSN and Bank Account fields on Contact Object.
Best Answer chosen by Ed (salesforce.com) 
Suhas SardeshmukhSuhas Sardeshmukh
Customer SSN and Bank Account fields does not exist on Contact object. And hence, can't be encrypted. Challenge can be completed by skipping this instruction.