Salesforce Sharing and Visibility Designer
The Salesforce Sharing and Visibility Designer Certification is a credential developed for Salesforce professionals who have experience in designing Sharing and Visibility solutions on the Salesforce platform and are looking to verify their expertise. Working experience of the product is important for this certification in particular as it’s designed specifically for professionals who can architect a solution for a particular customer scenario.
The exam is made up of 60 multiple choice questions (plus 5 unscored questions)
120 minutes to complete
The passing score is 67%
There are no prerequisites
Cost is USD $400 and the retake fee is is USD $200 if you are unsuccessful
In the Sharing and Visibility Designer exam, there are 3 topics covered. Declarative Sharing is the area with the highest weighting at 76%. As it is weighted highest, this is an area that you must focus on to do well in the exam.
Performance and Scalability
Sharing and Visibility Designer Topic Weighting Chart
The following are the core topic areas of the Salesforce Sharing and Visibility Designer certification and what you’re expected to know:
The declarative sharing topic has 9 objectives and is the largest section of the exam.
The first objective is requires you to understand a business scenario and describe the appropriate use and limitations of relevant object and field level security settings needed to allow and limit user’s access to different types of information. Object and field-level security settings can be implemented in Salesforce through the use of profiles or permission sets. Profiles can be used to allow or limit users’ access to data. However, permission sets can only be used to grant additional access to specific users.
The next objective is given a particular customer scenario, describe the relevant settings required for all the declarative platform security features that would ensure proper data access to relevant users. Various types of sharing settings can be implemented in Salesforce to grant explicit access to records. These include organization-wide defaults, sharing rules, manual sharing, and administrative permissions in profiles and permission sets. In addition, Salesforce provides implicit sharing to grant access to accounts and child records. Classic Encryption and Shield Platform Encryption can be used to encrypt Salesforce data, but certain permissions can be used to bypass such protections.
The third objective requires you to demonstrate your ability to properly evaluate the use case for and implement Account and Opportunity Teams to ensure the proper visibility and collaboration requirements are met. An account team can be used to give users access to a particular account record and related contacts, cases, and opportunities. The access levels can be used to grant more access and not restrict access beyond the organization-wide default sharing settings. Similarly, an opportunity team can be used to give users access to the opportunity and its related records.
You then need to understand how views and folders can be segmented for different groups using out of box security features, such as groups or roles, in an effective manner while keeping in mind security considerations and how these differ from record level security. A custom list view can be created to give users access to a specific set of records. Different options are available for restricting the visibility of list views and sharing to all users, groups of users such as public groups, roles and roles and subordinates. To allow users to access reports or dashboards, they can be given access to report or dashboard folders in Salesforce. A report or dashboard folder can be shared with users, public groups, roles and territories. System permissions can be used to allow users to share report or dashboard folders with others.
The next objective requires an understanding of the impact of the role hierarchy on record sharing. Users automatically gain access to records of standard objects which are owned by or shared with users below them in the role hierarchy. For custom objects, granting access using the role hierarchy can be enabled or disabled. Salesforce features such as sharing rules, public groups, and manual sharing can be used to support record sharing via the role hierarchy.
The sixth objective is given a scenario that involves external users, describe how the security and sharing setup can be utilized to properly enforce record visibility for different types of community users (e.g. Internal, Customer Community, Customer Community Plus and Partner Community). To meet the various requirements related to record visibility for different types of community users, security and sharing features, such as external organization-wide defaults, sharing sets, share groups, sharing rules, and super user access can be used.
Then, given a particular customer scenario, you need to understand if Enterprise Territory Management can be used to resolve complex security requirements. Enterprise Territory Management can be enabled and configured to set up territories and used to assign accounts and users to territories either manually or automatically. Enterprise Territory Management comes with features such as territory models, territory types and territory assignment rules. Users’ access levels for accounts and related opportunities, contacts, and cases can be defined. It also supports other Salesforce features such as Collaborative Forecasts and Metadata API.
You also need to have an awareness of solution options in the marketplace that properly leverages declarative and programmatic security features of Salesforce to address data storage and data residency requirements. Salesforce offers several options for storing sensitive data in Salesforce, including Classic Encryption, Shield Platform Encryption, and Apex Crypto class. It also offers data residency options (DRO) which include encryption and tokenization. A third-party proxy service may be used by an organization which requires secure access to on-premise data from Salesforce.
The next objective in the Declarative Sharing section is to be able to describe the methods for validating the sharing and visibility of a sharing and security model. There are various features that can be used for this purpose. The ‘Login As’ feature can be used by an administrator to login as another user to validate sharing and visibility changes. The sharing table of an object can be exported to view information about explicit and implicit grants associated with the object’s records. Group maintenance tables can be exported to review information about group memberships and inherited grants. The Field Accessibility Viewer allows determining the accessibility of a field based on the combination of page layouts, record types and user profiles.
The last objective in this section is given a scenario that involves files sharing, describe how files are shared and secured in Salesforce and what are the different options to storing file securely in Salesforce.
There is one objective in the Performance and Scalability section.
The objective is given a particular complex customer org setup, design a security model that is maintainable at large scale. Large scale includes a large numbers of users and records. Parallel recalculation can be used to reduce the processing time of sharing rule recalculation. Deferred sharing maintenance allows turning off group maintenance operations temporarily to make changes to roles and group memberships without performing sharing recalculations. Granular locking can be enabled to perform multiple group operations simultaneously and reduce the risk of locking errors.
You should also understand how apex sharing and calculation can impact system performance in a particular complex customer org setup. Sharing recalculation can have an adverse impact on system performance in Salesforce. When the role hierarchy or group membership is changed through integration, it can result in a long-running sharing recalculation. When importing or updating a large number of records, locking errors can occur due to group-membership and record-level locking.
There are 4 objectives in the Performance section.
The first objective is given a scenario, design a solution that leverages programmatic sharing functionalities to achieve a requirement that cannot be met using declarative functionality. Programmatic sharing capabilities such as share objects and records, Apex Managed Sharing, and Apex sharing reasons can be utilized to meet sharing requirements. Using the ‘with sharing’ keyword in the definition of an Apex class allows enforcing organization-wide defaults and sharing rules.
The second objective is given a scenario, describe how to minimize security risks in programmatic customizations (Apex, Visualforce, Lightning Component) relative to data visibility. Apex and Visualforce pages can expose an org to different types of security risks such as CSS attacks, CSRF, and SOQL injection. In order to prevent such attacks, it is important to understand the considerations related to the use of optional attributes such as escape=”false”, static queries, bind variables, and existing protections offered by Salesforce, like anti-CSRF tokens.
Every topic objective explained thoroughly.
The most efficient way to study the key concepts in the exam.
Test yourself with complete practice exams or focus on a particular topic with the topic exams. Find out if you are ready for the exam.
Copyright 2019 - www.FocusOnForce.com
Copyright 2019 - www.FocusOnForce.com