Salesforce Interview Questions-Data Security

 Data Security

1. What is OWD?
Answer: Organization-Wide Defaults(OWD) are used to control access for any object. While setting OWD for a particular object, we also define whether access is provided within the role hierarchy or not.

We have majorly three levels of access controls. Private Public read-only Public Read/Write

2. Can we disable access via role hierarchy?
Answer: Yes, we can for custom objects but not for standard objects. 

3. What is a public group?

Answer: Public group consists of users, roles, or “roles and subordinates.” Sharing rule is defined using public groups. Records that match certain conditions allocated to users in public groups through Sharing Rules.

4. What is the difference between a public group and a Queue?
Answer: Major difference between Queue and the public group is queues are used as owners of records to share workload while groups are used for security, i.e., to open up access for a set of users.

5. Who can manually share the record? 

Answer: Record Owner, Any user above the role hierarchy or Administrator, can manually share the record.

6. When is the button to share the record manually available?
Answer: Button is available only when OWD is not a public read-write, plus you should have access to share the record.

7. Can we create a user without a role and profile?
Answer: Profile is mandatory while creating the user, while the role can be left blank.

8. How is the access of detail objects in the case of master relationship controlled?
Answer: OWD of the child is controlled by the parent, and the parent object’s access to the detail object is controlled only; while defining the relationship, you select either option to define the access.

If a user has minimum read access on the parent record, they can edit the child record.

They can edit the child record, If the user has edit access on the parent record only.

Remember, users also need to have access at the profile level to edit the object.

9. What is public read-write transfer available on specific objects in OWD?
Answer: This option is available only for the case and lead objects, along with users being able to read and write the record. They can also transfer ownership of the record depending on whether they have appropriate access to the profile.

10. What will happen to child records if we delete a parent record in Lookup Relationship?
Answer: When we define a lookup relationship between two objects, we choose an outcome for if the parent record is deleted what should happen with lookup value will be cleared, or we will restrict the user from deleting the parent record itself.

Note: We can’t select the first option, i.e., clear the value of a field if the field is marked as required.

11. What will happen to child records if we delete a parent record in case of a Master-Detail Relationship?
Answer: All the child object records will be deleted if we delete the parent object record.

12. If we restore the master record, does it also restore the detail records?
Answer: Yes 

13. What is “View all” and “Modify All” permission?
Answer: View all and modify all fields trump everything in the system, i.e., irrespective of OWD, what sharing rules are set up in system user with this permission will be able to see or edit all the records present in the system for a particular object. It gives a user the ability to mass update, mass transfer, and mass delete records.

14. What will happen if a field is hidden through Field level security and the user searches for values in that field?
Answer: Field-level security doesn’t prevent users from searching on the values in a field. When search terms match field values protected by field-level security, the associated records are returned without the protected fields and their values in the search results.

15. Can we restrict permissions using a permission set?
Answer: No permission sets are used to extend the access, not restrict it.

16. If a user doesn’t have access to a record type, can they still see the records of that record type?
Answer: Yes, they will be able to see it; they just won’t be able to create records of that particular record type.

17. Can we restrict users logging in from unauthorized IP addresses?
Answer: Yes, we can define what IP addresses are valid, and if users of that particular profile try to login IP addresses outside of those defined, they will be denied access.

18. What is the difference between defining IP ranges in network access and on profile?
Answer: IP ranges that we define in-network access. Just tell us a list of secure IPs that don’t require any login challenges, like receiving an OTP, while IP ranges are defined on the profile. It will restrict the user from logging in other IPs other than described on the profile. 

19. Can we restrict the login of users based on time?
Answer: Yes, it can be done, but only at the profile level is there a related list under each profile called login hours, where we can define the start and end time for each day. 

20. Can we force users to set up a complex password while setting users in Salesforce?
Answer: Yes, we can define our password policies where we can choose complexity requirements for each password, length and force the user to change the password every 30 days