3. What can youremember?
DAY 1 Review
What is a Standard Object? Give an example.
What is a CustomObject?
What are the differencebetween Standard and Custom objects?
What are the components of an App?
What are the differences between Standard and Custom fields?
Whatdifferent Field types are there?
What happens if you delete a field?
What are the stages in creating a field?
What does the Page Layout editor allow you to do? What
properties can you add to fieldson a page layout?
4. What can youremember?
DAY 1 Review
What are the rules for Dependent Picklists?
Can a checkbox be a dependent field?
How do you link Objectstogether?
What capabilities does a Lookup relationship provide?
How many Lookup relationshipscan an object have?
What capabilities does a Master-Detail relationship provide? How
many Master-Detail relationshipscan an object have?
How do you design a Many-Many relationship?
How do you add a filter on a relationship?
5. User Setup
• Identify the steps to set up and/or maintain a user (eg assign licenses, reset passwords and
resolve locked useraccounts).
• Given a scenario, troubleshoot common user access and visibility issues.
7. Types of Licences
Every user must have a userlicense
Different user licenses allow differentlevels of
access
Salesforce
• Full access to standardCRM
• Force.com AppExchangeapps
• Standard or customapps
Salesforce Platform
• No access to CRMfunctionality
• Force.com AppExchangeapps
• Custom apps
Feature licenses can be purchasedfor
access to additionalfeatures
8. Creating and ManagingUsers
• Users are created with a username, email, role, license and profile
• Salesforce automatically creates a password and notifies newusers
• From the Manage Users | Users screen, administrators can:
• Create one or moreusers.
• Reset passwords for selected users.
• View a user's detail page by clicking the name,alias, or username
• Edit a user’sdetails
• You can Add Multiple Users (up to 10 at once)
9. Deactivating or FreezingUsers
• Users (eg employees who have left) cannot be deleted - instead they are deactivated
• Deactivated users can no longerlogin
• A deactivated user license isrecyclable
• Sometimes you cannot immediately deactivate an account (eg user is selected in a custom
hierarchy field) – instead if you wish to prohibit any actions you can freeze the user.
• Deactivated and frozen users lose access to any records that are manually shared with them,
or records that are shared with them as team members. However, you can still transfer this
data to other users and view the names on the users page.
10. What is aProfile?
Profiles control permissions, access to data and the user interface
NOTE: You can view the details of all the permissions and what they control in the Help & Training
section.
11. Profiles
A collection of settings (what user can see) and Permissions (what user can do)
Typically defined by a user's job function, eg System Admin, Sales Representative Can
beassigned to many users
Auser can be assigned only one profile
Profiles do not override Organization Sharing Model or Role Hierarchy
Control things suchas:
• Which standard and custom apps users can view?
• Which tabs users canview?
• Which record types are available to users?
• Which page layouts userssee?
• Object permissions that allow users to create, read, edit, and delete records
• Which fields within objects users can view and edit
• Admin Permissions that allow users to manage the system and apps within it
• Which Apex classes and Visualforce pages users can access
12. Standard Profiles
Every Org includes some pre-defined standard profiles
You cannot edit these – you must clone them first then customize
Anew profile uses the same license as the profile it was cloned from
Standard profiles include:
• SystemAdministrator
• Standard User
• Solution Manager
• Marketing User
• Contract Manager
• Chatter OnlyUser
• Read Only
13. User Management
Sample Questions
Whatare the ways to create a new user record? (2)
a. Using insert in DataLoader
b. Clone existing user record from the detail page
c. Add multiple users option at the users page
d. User Import Wizard
Answer: a, c
Which profiles are standard profiles? Select all that apply(2)
a. Sales user
b. Marketing user
c. Invoice manager
d. Contract manager
Answer: b, d
14. Viewing a User’s LoginHistory
The Login History related list on a user record displays when, where, and how a user attempts to login
Use the Status column to diagnose any login issues
If there is no entry here for a user’s login attempt, the user is probably using an incorrect
username
15. Dealing with an InvalidPassword
It is good practice to let users reset their passwords themselves by clicking the Forgot your
password? link on the loginpage
If they continue to experience issues, you can reset passwords manually
16. Confirming Security Settings
Password lockout occurs when you have a password policy to lock users out when they exceed
certain number of invalid login attempts
The lockout period can be temporary or require an admin reset. You
can unlock a user by clicking Unlock on the user record.
Your Name | Setup | Security Controls | Password Policies
17. How does LoginWork?
By default, Salesforce does not restrict the hours or the locations of user logins. When users log in for the first time:
▪ A cookie is placed in theirbrowser
▪ Their IP address is added to a trusted list
When users log in again, Salesforce uses this information to authenticate them:
User attemptslogin
through browser
Has user logged in from this
browser or IP address before?
User logsin
User mustactivate
computer
18. Activating an UnrecognizedComputer
The activation process authenticates the user, adds the cookie and adds the new IP address to the
trustedlist
User logs infrom
unrecognized
computer
User prompted to
activate computer
and clicks buttonto
email verification
code
User retrieves
verificationcode
from email
Usersubmits
verification
code
User logsin
19. Restricting Login Access by IP Address/Time
For added security you can restrict location and/or times for login access, eg restrict allowed range of
IP addresses to those inside corporate firewall
Can specify IP range for entire organization (under Network Access) or by profile Can
specify time by profile,eg
• Customer support reps only internally and between 9am-5pm, except at weekends
• Sales Reps could access from anywhere,anytime
20. Creating an Organization-Wide Trusted IP Address List
You can manually add trusted IP address ranges for your organization, which allow users to bypass
the activationprocess.
Users can still log in from addresses outside these ranges through the activation
process.
21. Restricting Login Hours and Login IP Ranges on Profiles
You can lock down access for particular groups of users by adding allowed hours and login ranges to
their profiles. Users outside these hours or ranges will have their login denied.
Your Name | Setup | Manage Users | Profiles | Name of Profile
22. How do Profile Login Hours and IP Ranges Work?
Profile login restrictions override any other form of authentication. If a user does not satisfy any hour
or IP range restrictions on his or her profile, the user will not be able to log in, regardless of any
personal or organization-wide trusted IP address lists.
User attemptslogin Is login duringprofile
login hours?
Is login from within
profile login IP ranges?
User logsin
Yes Yes
N
o
N
o
Login
denied
23. Troubleshoot LoginIssues
• Forgot your password? Retrieveit.
• Locked out? Wait until the lockout period expires and try again, or contact your Salesforce admin.
• Password expired? We prompt you to change your password.
• Accessing Salesforce from outside a trusted IP range, using a new browser or app? We
prompt you to verify youridentity.
• What does Use Custom Domain on the login page mean? If your Salesforce admin created a
custom domain for your org, click Use Custom Domain to provide the domain name and log in.
o A custom domain is in the formhttps://universalcontainers.my.salesforce.com, where
universalcontainers is a name provided by an admin
24. Troubleshoot LoginIssues
Continued
Reset Your Forgotten Password
If you forgot your password, you can easily reset it using the forgot password link on the login page. All you need is your
username.
Reset Your Security Token
When you access Salesforce from an IP address that’s outside your company’s trusted IP range using a desktop client or the
API, you need a security token to log in. A security token is a case-sensitive alphanumeric code that you append to your
password or enter in a separate field in a client application.
Update Your Token in Salesforce Outlook Edition
After you reset your security token in Salesforce, you can update your token in Salesforce Outlook.
Update Your Token in Connect Offline, Connect for Office, and DataLoader
After you received your new Salesforce security token, you can update your token in Connect Offline, Connect for Office,
and DataLoader.
Grant LoginAccess
If you need help resolving a problem, you can grant login access to your account to a Salesforce administrator or a support
representative.
25. Login Considerations
Auser successfully logs in at 3:00 pm. What happens at 3:31 pm, if the login hours for the
user’s profile are set from 7:30 am to 3:30pm?
a. User is automatically loggedout
b. User keeps working continuously without any issues
c. User is asked in a popup window if he would like to extend his session
d. User is logged out once he tries to do any DML operation (Save, Edit, etc.)
Answer: d
Administrators Can Log in as Any User feature
• With this feature enabled, System Administrators canlog in as any user in their organization without asking
internal end-users to grant loginaccess.
Grant Login Access (from PersonalSettings)
• By default, your company’s administrators can access your account without any action from you. If your
organization requires users to grant login access to administrators, you can grant access for a specified duration.
26. Hands-on Exercises – 20 MINUTES
User Management
https://trailhead.salesforce.com/modules/lex_implementation_user_setup_mgmt
• Add New Users
27. Security andAccess
• Explain the various organization security options (eg passwords, IP restrictions, identity
confirmation, network settings).
• Describe the features and capabilities of the Salesforce sharing model (eg record
ownership, organization-wide defaults, roles and the role hierarchy, manual sharing, sharing
rules and publicgroups).
• Given a scenario, apply the appropriate security controls (eg organization-wide defaults, roles
and the role hierarchy, manual sharing, sharing rules and public groups).
• Describe the various settings and permissions a profile controls (eg IP access, login hours,
record types, access to tabs, permissions, object permissions, field-level security).
• Given a scenario, determine the appropriate use of a custom profile.
28. Security and AccessOverview
• Organizational – who can access the org, where and when?
• Objects – what kinds of records can they see?
• Fields – which parts of those kinds of records can they see?
• Records – which actual data is visible to them?
o Organization Wide Defaults(OWD)
o Role Hierarchies
o Sharing Rules
o Manual Sharing
29. Organization Security
• Secure access to your organization data by:
o Managing authorized users
o Setting password policies
o Limiting when and from where users can log in
• Ensure that only employees who meet certain criteria can log in to the organization, reducing
the risk of users from outside your company gaining access to data.
30. Setting Password Policies
• User password expiration
• Password length
• Password complexity
• Maximum invalid loginattempts
31. Restricting Login Access by IP Address/Time
• For added security you can restrict location and/or times for login access
• Eg restrict allowed range of IP addresses to those inside corporate firewall
• Can specify IP range for entire organization (under Network Access) or by profile
• Can specify time by profile,eg
o Customer support reps only internally and between 9am-5pm, except at weekends
o Sales Reps could access from anywhere, anytime
32. Organizational Security
Sample Question
Which feature does Salesforce provide for restricting login access to the application?(3)
a. Profile-based IP restrictions
b. Organization-wide IP restrictions
c. Profile-based login hourrestrictions
d. Organization-wide login hourrestrictions
Answer: a, b,c
33. Object Permissions
• Specify base-level users have to Create Read Edit or Delete (CRED) object records
• Managed via Profiles andPermission sets
• Object permissions either respect or override sharing rules
34. What are PermissionSets?
Additional Profile Permissions assigned to specific users
Collection of settings and permissions
Represent a concept, like a user’s job title
Handle the system requirementsthat
previously existed on profiles
35. What are PermissionSets?
Additional Profile Permissions assigned to specific users
Users have only one profile but can have multiple permission sets Use
profiles to assign most restrictive permissions and access settings Use
Permission Sets to grant additional permissions individually
36. What are PermissionSets?
UsePermission Sets to grant permissions for:
• Applications
• Objects
• Tabs
• Fields
• Record Types
• Apex Classes
• Service Provider
• Visualforce Pages
40. What is Field LevelSecurity?
Determines access to edit or read individual fields by profile
Restricts access to fields within a profile
Overrides less-restrictive page layoutsettings
Can make a field read-only or totally hidden
41. Record Ownership
By default an owner of a record can Read, Edit, Delete or change Ownership of the record Child
Records inherit ownership from the parent
Users or Queues can be the owner of records
If the read permission for the object is revoked from the users profile, the user will not be able to
see their own record
Queue ownership allows multiple users to own a record The
Profile determines the objects level access
Sharing controls recordaccess
OWDs control visibility/rights to records the user does not own
42. What areQueues?
Queuesare virtual storage bins used to
group records based oncriteria
Every queue memberhas visibility into all
leads within thatqueue
Queues can be found in the List Views for the
object
All Custom Objects can haveQueues
Only Leads and Cases (StandardObjects)
have queues
43. What are Organizational WideDefaults?
Determine the baseline visibility of each record in an object
44. Organization Wide Defaults
• Administrator defines default sharing model usingOWD
• Specify the default access level of access to records (records you don’t own)
o Private
o This setting for a given object allows users to access only the data they own. No one will be able to view
records owned byothers.
o Public Read only
o This setting allows users to see, but not change, records in their organization, regardless of who
owns those items. Items can also be added by anyone onto related lists with this permission level.
(Providing objects have a Lookuprelationship)
o Public Read/Write
o This setting allows all users the ability to view and edit records owned by others. But ownership itself
cannot be changed except by the owner.
o Public Read/Write/Transfer
o This setting on an object allows all users the ability to view, edit, and even change ownership of records
owned byother
• Can't change the organization-wide sharing default setting for some objects
o Solutions are always PublicRead/Write
o Service Contracts are alwaysPrivate
46. What are Roles and Role Hierarchy?
First step in relaxing the security constraints as defined by the OWD
What isa Role?
• Controls the level of visibility that users have to an
organization’s data
• Auser may be associated to one role
What isa RoleHierarchy?
• Controls data visibility
• Controls record roll up, forecasting andreporting
• Users inherit the record ownership ability of data
owned by or shared with users below them in the
hierarchy
• Not necessarily the company’s organizationchart
47. Custom Objects and the Role Hierarchy
Need to check “Grant Access Using Hierarchies” box
48. What is a PublicGroup?
Away to group users together who may not have any connection
Acombination of any of the following:
• Users
• Other Public Groups(nesting)
• Roles
• Roles and Subordinates
Used in Sharing Rules —for simplification (when more than a few roles need to be shared to) Also
used when defining access to Folders and List Views
Public group membership is automatically updated if the membership of a nested role and/or
other public groupchanges
• Eg if a new user is assigned a role that belongs to an existing public group, that user will be automatically added to the public
group
49. Role Hierarchy still NOT givingaccess
Role Hierarchy works fine
for downward visibility –
what about across the
organization?
50. Role Hierarchies
Sample Question
Choose the correct statements about Roles and Role Hierarchies(2)
a. Every user must be assigned to a role or their data will not display in opportunity reports, forecast roll-ups, and other
displays based onroles
b. It is always necessary to create individual roles for each title at your company, rather than define a hierarchy
of roles to control access of information entered by users in lower level roles.
c. When an account owner is not assigned a role, the sharing access for related contacts is read/write, provided
the organization-wide default for contacts is not controlled by parent.
d. To simplify user management in organizations with large numbers of users, you can enable delegated administrators.
Delegated administrators are automatically assigned a cloned system administrator profile giving them virtually all
privileges of a system administrator over the entire organization.
Answer: a, c
52. Sharing Rules
The 4 Rules
1. WHICH object to beshared
2. WHO owns the object or WHAT selection criteria
3. WHOwants to share the object
4. WHAT access mode
Choose from:
• Role
• Role &Subordinate
• Group
• Global Public Group – All Internal Users
53. Criteria Based SharingRules
Used when records are not owned by roles, roles and subordinates or public groups
Determine which records to share based on field values in records
Are ideal for companies with complex sharing requirement
54. What is ManualSharing?
Is used to grant access on a one-off
basis
Can be grantedby:
• The owner of arecord
• Users in roles above a user with full
access in the RoleHierarchy
• System Administrators or userswith
the “Modify All Data”permission
• Users with the “Modify AllData”
permission for theobject
55. Sharing Review
This is the order the system will follow to see if a user can view a record
56. The BigPicture
Profiles and Security Modelcombined
Record access is controlledby:
• Organization-Wide Defaults(OWD)
• Roles
• Role Hierarchy
• Public Groups
• Sharing Rules
• Manual Sharing
• Apex Sharing
57. Verify that the user has permissions to access to the object. à PROFILE
Identify the user's role who can't see the record and note it. Identify the owner's role of the record and note it. Review the role hierarchy and
verify these two roles are in two different branches (they should be). à ROLE/ROLE HIERARCHY
Now you need to review the sharing rules for the object and make sure there is no rule that will grant the user access. This can also cause you to
look in public groups as well. Maybe the user just got left out of a group where there is a sharing rule, or does it make sense to create a new
sharing rule to grant the user access? à SHARING RULE, PUBLIC GROUP
If you are using teams, should this user be on the team for that record? How are teams maintained and how did the miss occur? à
TEAMS*
If manual sharing is used, the user may have lost access because the record owner changed. Manual shares are dropped when ownership
changes. The manual share could also have been removed using the Share button. à MANUAL SHARING
If you are using territory management, is the user missing from one of the territories? Where is the membership of territories maintained and how
did the miss occur? Or, maybe the record did not get stamped with the territory where the user is a member. à TERRITORY MANAGEMENT*
If you are creating programmatic shares and there are criteria for creating the share in code, review the code to understand why this user was
omitted. à PROGRAMMATIC (APEX) SHARING
Troubleshooting Flow
Sharing Architecture
58. Security
Sample Questions
If the Organizational Wide Default default ispublic read/write for an object, what feature in Salesforce is needed
to restrict access to thatobject?
a. Profiles
b. Role Hierarchies
c. Record Types
d. Page Layouts
Answer: a
What are considerations when using SharingRules?
a. You can use sharing rules to grant wider access to data. You cannot restrict access below your organization- wide
default levels.
b. Sharing rules apply to all new records that meet the definition of the source data set They will also apply to existing
records upon modification
c. Sharing rules apply to both active and inactive users
d. Whenchanging access levels for a sharing rule, all existing records are automatically updated to reflect the new
access levels if the new access level is stricter than the old
Answer: a, c
59. Hands-on Exercises – 1 HOUR 50 MINUTES
Data Security
https://trailhead.salesforce.com/modules/data_security
• Overview of Data Security
• Control Access to theOrganization
• Control Access to Objects
• Control Access to Fields
• Control Access to Records
• Create a RoleHierarchy
• Define Sharing Rules
60. Workflow Automation
• Describe when workflow areevaluated.
• Describe the capabilities of workflow rules and actions.
• Given a scenario, identify the appropriate workflow solution.
• Describe capabilities and use cases for the approval process.
62. What isWorkflow?
Workflow is a feature that allows the automation of business processes A
Workflow Rule:
• Triggersan action when a record meets the criteria for a rule
• Can trigger actions that either occur immediately or can be time-dependent
• Needs good namingconvention
• Is evaluated only for records created or edited after the rule has been created. It does not retro act
on existingrecords
65. Outbound Messages
Messages sent to another system or service
Designate an endpoint at the receiving end
Is a secure configurableAPI message in XML format
Some use cases for OutboundMessages:
• After an expense report has been approved, send a message to a
payment system for initiatingreimbursement
• When a request for Paid Time Off has been approved, send a
message to a payroll system to track the hours taken
• After a job application has been approved, send a message to an HR
system to keep the HR system in sync with activities in Salesforce
66. Time-Dependent Workflow
Workflow Actions canbe:
• Immediate
• Time-Dependent
Time-Dependent Actions
Have a timetrigger
The action is queued to fire as soon as the
workflow criteria is met; however, the action will
not occur until it meets the time trigger
67. Time Dependent WorkflowConsiderations
• You cannot use time-dependentworkflow
when a rule is set for the Every time a
record is created or updated
evaluation
• When a new workflow rule is created, it
does not affect existing records
• You can monitor and remove pending
actions by viewing thetime-dependent
workflow queue
• If a record that has an action pending
against it in the time-based workflow queue
is modified so that the record no longer
meets the criteria, the action will be
removed from thequeue.
• If the record still meets the criteria, but the
timing changes, the action will be
updated in thequeue.
68. Task(s)
Field Update(s)
Email Alert(s)
Trigger
(Criteria)
Time Trigger
eg 1 Day
Time Trigger
eg 2 Days
Task(s)
Field Update(s)
Email Alert(s)
Task(s)
Field Update(s)
Email Alert(s)
Workflow
Actions
Outbound Message(s)
Immediate
Outbound Message(s) Outbound Message(s)
Time-Dependent
40 Time-Dependent Actions per TimeTrigger
10 Time Triggers per Workflow Rule
50 Active Workflow
Rules per Object
(incl all types)
Maximum 10 of eachtype
40 Immediate Actions
per Workflow Rule
Workflow Limits
Workflow Limits
69. Workflow
Sample Question
The VP of Sales wants to automatically add the account name to the opportunity name once a record is saved.
How can this be done?
a. Use an ApexTrigger
b. Enforce an opportunity naming guideline for Sales Reps
c. Create a Workflow Rule with an immediate workflow trigger to update the opportunity name field using
concatenate
d. Use validation to update thefield
Answer: c
Alead needs to be assigned automatically to a rep after 10 days and there isno action, the deal status should be set
to Stalled after it has been approved by a Manager. Which automation processes can a system administrator use?
a. Assignment rule
b. Assignment rule, Approval Process, WorkflowRule
c. Assignment Rule, WorkflowRule
d. Assignment Rule, Auto-Response Rule, WorkflowRule
Answer: b
71. What is an ApprovalProcess?
An Approval Process automatically routes records for approval (or not)
Contains one or more steps and is logically split into 6 steps
Can have either a single step process (Jump Start) or use a wizard for multi step through various
individuals
Arecord needs to be submitted for approval
73. Skipping Steps in ApprovalProcesses
Skipping steps allows developers to skip steps withinan
Approval Process based onspecific criteria
Skip step is a step that has criteria defined to determine
whether or not approvalis required
Considerations:
• The “go to next step” option is only available when editing a step that
already has an ensuingstep
• If the “go to next step” option is selected in a step and then
subsequently all ensuing steps are deleted, Salesforce changes the step
to automatically reject the record, if the step criteria are not met
• If the “go to next step” option is selected in the first step and the record
does not meet the criteria for any of the steps in the approval process, the
record isrejected
75. Used to route approval requests to users listed in lookup fields on the record requiring approval
Whatis a Dynamic Approval Process?
Route records based on complex approval matrices
77. Summary of ApprovalProcesses
An Approval Process…
Is a single or multi-step process, which requires user approval to move to the next step Can be
split into six(6)steps:
• Process definition
• Initial submissionactions
• Decision criteria and approvalassignment
• Final rejectionactions
• Final approvalactions
• Recall actions
Is used to skip steps, create parallel approval process and create dynamic approval processes
78. Email Templates
Email templates ensure that company branding is consistent and saves users time. Several sample
email templates are included in the app. Email templates can be set up for:
• Web-to-Lead
• Web-to-Case
• Email-to-Case
• Assignment Rules
• Escalation Rules
• Auto-Response Rules
• Workflow Rules
• Approval Processes
Your name | Setup | Communication Templates | Email Templates
79. Hands-on Exercise - 20MINUTES
Approval Process
https://trailhead.salesforce.com/modules/business_process_automation/units/approvals
• What is an ApprovalProcess?
• Create an Approval Process
• Things to Consider
80. Lightning Process Builder
Workflow tool with a visual interface
Lightning Process Builder allows youto:
• Create processes that execute actionswhen
certain conditions aremet
• Add multiple groups of criteria and associate
actions with eachcriterion
• Create immediate and scheduledactions
• Use versioning to easily track and maintain
processes
82. Considerations forProcesses
General
• Processes do not support Outbound
Messages, but the CallApex action can be
used to provide similarfunctionality
• Actions are executed in the order in
which they appear in the process
• Criteria nodes and actions canbe
reordered in aprocess
Scheduled Actions
• Multiple scheduled action groupsare
supported for each criterianode
• Scheduled actions cannot be used in
processes that evaluate Every time a
record is created or edited
• The Paused and Waiting Interviews list
display all pending scheduledactions
• If Salesforce executes the scheduled
actions of an inactive user who started the
process, then those actions fail to
execute
83. Visual Workflow Overview
A flow is an application that can
execute logic, interact with the
Salesforce database, call Apex
classes, and collect data from users.
You can build flows by using the
Cloud FlowDesigner.
91. Hands-on Exercise - 10MINUTES
Which Tool ToUse?
https://trailhead.salesforce.com/modules/business_process_automation/units/process_whichtool
Salesforce Process Automation Suite Comparison
of Automation Tools and Features
• Workflow
• Approval
• Process Builder
• Visual Workflow