Dev 401 certification questions: Security model
1. In a recruiting application, a Position custom object is related to a Salary custom object. Sensitive information, such as current salary, is stored on the Salary object. All users should be able to at least view position information. However, only select individuals should be able to read salary records.
How should a developer accomplish this?
- A. create a lookup relationship between Position and Salary; set organization-wide defaults to Public Read-Only for Position and Private for Salary.
- B. create a lookup relationship betweeb Position and Salary; set organization-wide defaults to Private for Position and Salary
- C. create a master-detail relationship between Position and Salary; set organization-wide defaults to Public Read-Only for Position and Private for Salary
- D. create a master-detail relationship between Position and Salary; set organization-wide defaults to Private for Position and Salary
This question refers to Relationship types and Record Level Security. The first part of provided answers is about relationship type which should be selected for the given model. In our case we have one-to-one relationship, where Salary object should be a detail record for Position record, and on the one hand seems that it should support the key feature of master-detail relationship:
- When a record of the master object is deleted, its related detail records are also deleted.
It’s very significant point in this question because the Salary record shouldn’t exist without Position record, and when we remove a Position the Salary record should be deleted too, but on the other hand within the master-detail relationship we can’t set a different organization-wide defaults for detail record, because it is inherited from the master record. In our case we need Public Read-Only access for Position, because these records should be visible for all users, and Salary records should be restricted thus we need to set it to Private (“you use organization-wide sharing settings to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.”). The second point is more significant for us because it refers to security model, therefore the correct answer is A.
2. In a recruiting application, all users should be able to see and edit all candidate records, but interviewers should NOT be able to modify the address of a candidate and should NOT be able to see the birth date of a candidate.
How would a developer meet this requirement?
- A. set the organization wide default for candidates to Edit Some Fields
- B. set the organization wide default for candidates to Read-only
- C. remove the Edit permission on candidates from the inteviewers’ profile
- D. use field-level security to control access to the Address and Birth Date fields
This question hasn’t any pitfalls. The correct answer is D, because for a restricting or a granting access for a specified fields on objects, we should use the field-level security.
3. Which element is included in the security model for Force.com Sites?
Choose 2 answers
- A. Full CRUD permissions on all custom objects
- B. Read/write permissions on all standard objects
- C. Named Visualforce pages
- D. restricted IP ranges
The correct answers are A,B. C isn’t about security, and D isn’t about Sites, because we talk about public access setting.
The post will be updated soon with new questions…