Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
Yura IYura I 
User-added image
I think that I have captured everything about the object security access in this diagram, I have additional notes on the sides that are not going to be included due to image size limitation. Please let me know if I can improve the graphic for other newbs as myself

Best Answer chosen by Yura I
Jonathan FoxJonathan Fox

This is a great graphic. You should post it in one of the chatter groups in the community.


Is there something you want help on with rehards to the above?

Bekir YanmazBekir Yanmaz 

I'm doing (

I'm stuck at the 2nd step with the following user : Shinje Tashi who is described as :

Shinje Tashi
Title : Sales Data Quality Specialist
This sales data quality specialist supports the entire company and needs to be assigned a role that can see and access all account, contact, and opportunity records for the entire company.
Use the Standard User profile

I have created the user as described.

I have the following error :
 Shinje Tashi does not have the user settings he needs.

It says :

"...provide Shinje Tashi access to the Language Preference field without modifying his profile. Name the solution you create for extending access Bilingual Pilot."

I have created a permission set called Bilingual Pilot that gives access to the custom field Language Preference and assign it to this user.

But the error persists.

How can I solve it ?

Best Answer chosen by Ed ( 
Bekir YanmazBekir Yanmaz

Changing this user's role to CEO solved the issue for me.

Give it a try. 
Bareera NoorBareera Noor 
 I am working on trailhead where exactly these fields available?
Field-Level Security—Customer SSN and Bank Account fields on contact records must be encrypted. Any change in the Amount field on opportunity records must be recorded. I cant find Customer SSN and Bank Account fields on Contact Object.
Best Answer chosen by Ed ( 
Suhas SardeshmukhSuhas Sardeshmukh
Customer SSN and Bank Account fields does not exist on Contact object. And hence, can't be encrypted. Challenge can be completed by skipping this instruction.
Kevin TsuiKevin Tsui 
Hi.  I have a user that is constantly being asked to activate their computer on the same source IP.  Here's the recent log below.  I've whitelisted that IP under "Network Access".  But any ideas?  Thanks.

User-added image
Best Answer chosen by Kevin Tsui
Kevin TsuiKevin Tsui
Update!  I ended up submitting a case because the user was still experiencing the issue.  Here is the response from the agent.

Please be aware, with the Spring release, there has been an update with how Salesforce verifies user identity. The primary change is that Salesforce now utilizes the local browser to cache logins. This process updates the browser itself upon successful verification. Thus, if your browser blocks or removes its browser data, you will be repeatedly prompted to verify at the next login. You may review the change further via this Article: There are 3 different ways to prevent these prompts: (you only need to implement one of these options)

1. Update the Network Access of your org with all approved IP ranges. This will resolve the issue entirely for anyone signing in from those approved addresses.

2. Login IP Restrictions can be added for each individual profile to limit the access of those users to a known set of approved ranges.

3. Lastly, you could simply ensure that your users are not clearing their browsing data, or that the browsers are not clearing the data upon browser close.
Ines GarciaInes Garcia 
I have seen many posts and unresolved questions on this matter. I shall then attempt to explain this simple for any users on what and how is to deal with this.

What ever connection you may use it for needs to be updated with your new certificate, simple :)
see below more on answer
Best Answer chosen by Ines Garcia
Ines GarciaInes Garcia
For example if your org uses Single Sign On or another connection (perhaps integration?) to another system that required the use of the certificate. When was the certificate created?
If you do use SSO or integration you need to create a new self-signed cert and install that on the remote system.  
Worst case scenario is that whatever connection is using that certificate will just flat stop working. (authentication or data transfer)
Do have a check to your installed packages as may use the certificate.
Can you get in contact with the people/company that gererated that cert? and ask them what they were using it for?

Here how to generate a selfcert:

So you have to update it where you use it, most common applications of these certificates are SSO and custom HTTPS domains.

For SSO have a check under Security Controls > Single Sign on Settings > SAML Single Sign-On Settings.

For other uses check the:
- HTTPS requests
- SOAP services

Kimberly DaleKimberly Dale 
 I need to review each profile and determine if they have the correct access or too much access
Best Answer chosen by Kimberly Dale
Ahilesh RagavanAhilesh Ragavan
Hello Kimberly,

Here is a useful external app : Perm Comparator

It lets you view and compare access, permissions between profiles, permission sets.

Sample compare page:
User-added image

We do not have any reports to run to view profile permissions.
Dee SriDee Sri 
Hello Trailblazers,

I am trying to provide a modify all permission without the 'Delete' access for the Account object while keeping the OWD to 'Private'.
Is this possible to achieve this by having a sharing rule with 'Read\Edit' access for all Accounts ?

Let me know your suggestions.

Thank you.
Best Answer chosen by Dee Sri
Andrew RussoAndrew Russo
easiest way if you want to share all accounts with all users is to create a sharing rule that wuld apply to the highest role in your org and all subordinates.
Tobias HaggeTobias Hagge 

When trying to send an email from a Case you are not the Case Owner off, it doesn't allow to send an email unless you have access to the Contact you select.

Now if you want to send an email and don't select any Contact (but use the additional to), it doesn't allow you to send the email due to insufficient privileges.

Any permissions that would get around this?
Best Answer chosen by Jayson ( 
Ben MervenBen Merven
Just ran into this problem. Get the user to login to salesforce in a private/incognito window and see if that fixes it. If so, then clear their browser cache and cookies and it should work.
Sankaran NepoleanSankaran Nepolean 
Sales representatives at Universal Containers need assistance from product managers when selling certain products. Product managers do not have access to opportunities, but need to gain access when they are assisting with a specific deal. How can a system administrator accomplish this?
A. Notify the product manager using opportunity update reminders.
B. Enable opportunity teams and allow users to add the product manager.
C. Use similar opportunities to show opportunities related to the product manager. D. Enable account teams and allow users to add the product manager.

This is the question from the sample paper. I'm a newbie, i couldn't understand how the answer is B.

what does 'Enable opportunity teams' mean ? && how to 'allow users to add the product manager'
Best Answer chosen by Sankaran Nepolean
Jeff MayJeff May
Congrats on starting down the certifcation path!  

Here is a link that will introduce you to Opportunity Teams: (
likhitha yelamarthylikhitha yelamarthy 
Challenge Not yet complete... here's what's wrong: 
The Inside Sales User profile does not have the correct permissions for managing List Views, Report and Dashboards.

Im getting the above error...Can anyone help me?
Best Answer chosen by likhitha yelamarthy
Mayank SrivastavaMayank Srivastava
You haven't configured the correct permissions for reports. Check thr differences below and make sure you onfigure the permissions as shown in screenshot below:

User-added image

Right click on image and open in new tab/window for a better view.

Make sure all permissions match exactly as I showed above.