Newly Released Salesforce Sharing-and-Visibility-Architect Exam PDF

A Sharing Set is a feature that allows you to grant access to records that are associated with the same account or contact as the community user1. This is the best option to implement the requirement of allowing customers to see service requests for their account through the community. Manual sharing, Sharing Rules, and Apex Managed Sharing are not suitable for this scenario because they are either too labor-intensive, not applicable to external users, or too complex

To support the requirement of allowing only the owner and users in the Delivery profile to view and edit Job records, you need to use three platform sharing tools:

Organization-Wide Default sharing setting of Private on the Job Object: This will restrict access to Job records to only the owner by default.

Grant access Using Hierarchy sharing setting on the Job Object set to false: This will prevent users above the owner in the role hierarchy from accessing Job records.

“Modify All” permission for Job Object on the Delivery Profile: This will grant users in the Delivery profile full access to all Job records regardless of ownership.

Criteria-Based sharing rule and “View All Data” profile permission are not required for this scenario. Criteria-Based sharing rule would grant additional access to users who meet certain criteria, which is not necessary. “View All Data” profile permission would grant access to all data in the organization, which is too broad and may violate data security.

Creating a protected custom metadata type that stores the encryption key and packaging it with its associated records in a managed package is the best way to securely store the confidential key, as protected custom metadata types are only accessible within the package namespace and cannot be viewed or modified by subscribers2. Creating a protected custom metadata type and packaging it in an unlocked package will not work, as unlocked packages do not support protected custom metadata types3. Creating a custom metadata type and restricting access to the admin profile will not work, as users with View Setup permission can still view the custom metadata type and its records.

Two platform features that can be used to support the requirements for granting access to Job records are “View All” profile settings and manual sharing. The “View All” profile setting can be enabled for the Delivery profile to grant them View access to all Job records regardless of ownership or role hierarchy. The manual sharing feature can be used by the Delivery user who owns a job to grant access to a Product Development user on a case-by-case basis