Universal Containers (UC) has a custom object to track the internal net promoter score (NPS) for all of its employees. The manager is in the role above the owner and there are no sharing rules on the object.
How should UC ensure that NPS records cannot be accessed by the owner's manager?
Correct Answer:C
For custom objects, Salesforce allows disabling the Access Using Hierarchies option. By setting the Organization-Wide Default (OWD) to Private and unchecking Access Using Hierarchies, you ensure that records are only accessible to the owner and explicitly granted users. This prevents the owner??s manager or anyone higher in the role hierarchy from automatically gaining access.
✑ Option A: Removing CRUD permissions from profiles would block all access to the
object for managers, which may not align with business requirements.
✑ Option B: Apex sharing is unnecessary when the problem can be solved declaratively by adjusting the OWD and hierarchy settings.
✑ Option C (Correct): Setting OWD to Private and disabling Access Using Hierarchies is the most straightforward solution for restricting access to managers.
References:
✑ Control Access to Records
Universal Containers (UC) operates worldwide, with offices in more than 100 regions in 10 different countries, and has established a very complex Role Hierarchy to control data visibility. In the new fiscal year, UC is planning to reorganize the roles and reassign account owners.
Which feature should an architect recommend to avoid problems with this operation?
Correct Answer:C
When performing large-scale changes, such as reorganizing roles or reassigning ownership, recalculating sharing rules can be resource-intensive and may affect performance. Deferred Sharing Recalculation allows Salesforce admins to temporarily pause sharing rule calculations during bulk operations. This ensures that the reorganization completes efficiently, and the sharing recalculations are processed after the changes are made.
✑ Option A: Partitioning data using Divisions helps segment data logically but does
not address the specific need to optimize sharing recalculations.
✑ Option B: Skinny tables improve query performance for specific data structures but do not mitigate recalculation delays.
✑ Option C (Correct): Deferred Sharing Recalculation ensures minimal performance impact during bulk ownership changes or Role Hierarchy updates.
References:
✑ Deferred Sharing Recalculation
Universal Containers (UC) has a team that analyzes customer orders looking for fraud. This team needs access to Invoice records (custom object, Private organization-wide default). UC has complex rules to control users?? access. The architect recommended using Apex managed sharing to meet these requirements.
Which recommendation should a developer consider when implementing the changes?
Correct Answer:C
When implementing Apex managed sharing, it is crucial to test the sharing logic to ensure users are granted appropriate access to records. The runAs method allows developers to simulate record access for different users during testing, ensuring the implemented sharing logic functions correctly.
✑ Option A: Using "Without Sharing" disables sharing enforcement, which is not
appropriate for Apex-managed sharing scenarios.
✑ Option B: The "With Sharing" keyword enforces sharing rules in the code but is not relevant for testing user access.
✑ Option C (Correct): The runAs method is a best practice for simulating user- specific access during tests, ensuring the logic aligns with the organization??s sharing rules.
References:
✑ Apex Managed Sharing
✑ runAs Method in Test Classes
Universal Containers has selected a small and diverse group of users to review inactive accounts. Given the Private sharing model, a public group was created and made available to this group of users. A sharing rule was created to make inactive accounts visible to the public group. However, some of these users are reporting they do not see any of the accounts that were shared with the public group.
What is the underlying issue for these users?
Correct Answer:A
In Salesforce, users must have object-level access (Read permission) to see records shared through sharing rules or any other mechanism. If some users in the public group lack the Read permission for the Account object, they will not be able to see the accounts, even though they are part of the public group with a sharing rule granting access.
✑ Option A (Correct): Lack of object-level permissions for the Account object
explains why some users cannot view the shared accounts.
✑ Option B: Page layouts only affect how records are displayed, not record visibility.
✑ Option C: Role Hierarchy does not impact this issue, as it is related to public group sharing.
References:
✑ Object Permissions Overview
Sales executives at Universal Containers (UC) want to create list views to filter opportunities for large at-risk opportunities, These list views should only be available to certain executives who specialize in closing problematic deals.
What should UC do to solve this requirement?
Correct Answer:C
✑ Sharing List Views with Public Groups:
✑ Why Option C is Correct:
✑ Why Others Are Incorrect:
For more information, refer to Salesforce documentation on Public Groups and List Views: https://help.salesforce.com/