Salesforce Sharing & Visibility Designer Interview Questions

  1. Home
  2. Salesforce Sharing & Visibility Designer Interview Questions
Salesforce Sharing and Visibility Designer Interview Questions

Preparing for an interview is as important as preparing for an exam. Therefore, preparing for an interview takes a lot more practice and confidence to ace any exam. You have to make the best first impression. So to help our candidates to prepare well for the interview, we have tried our best to present you with the best and expert-revised interview questions. Moreover, we have covered all questions from basic to intermediate and to advance level. Therefore, we highly recommend the aspirants to prepare with the best and achieve the best. But first, let’s take an overview of the Salesforce Sharing and Visibility Designer exam.

Overview

The Salesforce Sharing and Visibility designer exam is designed for architects, analysts, and administrators who want to demonstrate their knowledge, skills, and capabilities to design secure, scalable security models. Some of the typical job roles may include:

  • Firstly, Advanced Administrator
  • Secondly, Technical/ Solution Architect
  • Lastly, Advanced Business Analyst

Now let’s begin with some of the best Salesforce Sharing and Visibility Designer Interview Questions.

Advanced Interview Questions

Can you explain the different types of sharing models in Salesforce?

In Salesforce, there are three types of sharing models:

  1. Public: This is the default sharing model in Salesforce. It allows all users to see all records, regardless of their role or location in the role hierarchy.
  2. Private: With this model, only the owner of a record and their superiors in the role hierarchy can see the record. This model is often used for sensitive data.
  3. Controlled by Parent: This model is used when records are related to a parent record. The access to the child’s record is determined by the access to the parent’s record. For example, if a user has access to a parent account record, they will also have access to all related contact records.

Each organization in Salesforce can choose the sharing model that best meets their needs, and can also create custom sharing rules to control access to specific records further.

How do you set up role hierarchies to control data access in Salesforce?

In Salesforce, you can set up role hierarchies to control data access by creating roles and assigning them to users. The roles are organized in a hierarchy, with higher roles inheriting the permissions of lower roles. To set up a role hierarchy:

  1. Go to Setup > Users > Roles.
  2. Click “New” to create a new role.
  3. Enter a name for the role and select a parent role, if applicable.
  4. Assign the role to users by going to Setup > Users > Users and editing the user’s profile.
  5. Control data access by creating sharing rules and granting permissions to the roles in the hierarchy.

It’s also possible to use permission sets and the organization-wide default settings to control data access. The org-wide default settings allow you to set the level of access that all users have to an object by default and then selectively adjust access levels for specific groups of users through permission sets.

Can you explain the difference between manual and automatic sharing in Salesforce?

In Salesforce, manual sharing refers to the process of granting access to a specific record or set of records to a specific user or group of users manually. This is typically done through the sharing button on a record’s detail page or by creating a sharing rule.

Automatic sharing, on the other hand, refers to the automatic granting of access to records based on pre-defined rules and criteria. This is typically done through the use of sharing rules, role hierarchies, or organization-wide defaults. Automatic sharing allows for the efficient sharing of records without the need for manual intervention, which can save time and reduce the risk of errors.

How do you use sharing rules to grant access to specific records in Salesforce?

Sharing rules in Salesforce allow you to grant access to specific records to certain users or groups. To use sharing rules:

  1. Navigate to the object you want to create a sharing rule for, such as Accounts or Opportunities.
  2. Click on the “Sharing” button or navigate to “Security Controls” > “Sharing Settings” in the menu.
  3. Select the “New” button to create a new sharing rule.
  4. Select the type of sharing rule you want to create, such as “Grant Access Using Rules” or “Grant Access Using Apex”.
  5. Specify the criteria for the sharing rule, such as the record owner or a specific field value.
  6. Select the users or groups that you want to grant access to the records that meet the criteria.
  7. Save the sharing rule
  8. Once the sharing rule is in place, users who match the criteria will automatically have access to the specified records.

Can you explain how the organization-wide default settings affect data access in Salesforce?

Organization-wide defaults (OWD) settings in Salesforce determine the level of access that users have to records they do not own. These settings are applied to all objects in an organization and can be set to one of three levels:

  1. Private: This is the most restrictive setting, where only the record owner and users above them in the role hierarchy can access the record.
  2. Public Read Only: This setting allows all users in the organization to view the records, but only the record owner and users above them in the role hierarchy can edit the records.
  3. Public Read/Write: This setting allows all users in the organization to view and edit the records.

When creating a sharing rule, the OWD setting is used as the baseline level of access for all records. You can then use sharing rules to grant additional access to specific records or groups of users. For example, if the OWD setting for Accounts is set to Public Read Only, you can create a sharing rule that grants a specific team of users edit access to a subset of accounts that they are responsible for.

It’s important to note that OWD settings can be overridden by sharing rules and other access controls, such as record-level security and field-level security. The OWD settings should be set carefully, depending on the organization’s needs and security requirements.

How do you use public groups to grant access to records in Salesforce?

In Salesforce, a public group is a group of users that can be used to grant access to records. To use a public group to grant access to records, you would first need to create the public group and add the users who should have access to the group. Once the group is created and the users are added, you can then use the group to grant access to records by adjusting the sharing settings for the records.

Here are the general steps to use public groups to grant access to records in Salesforce:

  1. Go to the “Groups” tab in Salesforce and click on the “New” button to create a new public group.
  2. Give the group a name, and then add the users who should have access to the group by clicking on the “Add Users” button.
  3. Go to the record or object you want to share and click on the “Sharing” button.
  4. In the sharing settings, you can add the public group and set the level of access that the group should have to the record.
  5. Save the settings and the group will have access to the records you shared with them.

Note: The access level can be set as Read, Edit, or Full access based on the requirement, and also the group can be removed from the sharing settings if necessary.

Can you explain how the sharing rules and role hierarchies interact in Salesforce?

Sharing rules and role hierarchies in Salesforce are two separate mechanisms used to control access to records.

Role hierarchies are used to control access to records based on a user’s role in the organization. Users higher up in the role hierarchy have access to records owned by users lower in order. For example, if a manager is higher in the role hierarchy than a sales representative, the manager would have access to all the records owned by the sales representative.

On the other hand, sharing rules allow you to grant access to specific records to certain users or groups regardless of their role in the hierarchy. These rules can be used to override the role hierarchy, allowing you to share records with users who are lower in the hierarchy or to restrict access to records for users higher in the hierarchy.

When both sharing rules and role hierarchies are in place, the sharing rules take precedence. If a user has access to a record through a sharing rule, they will have access to the record regardless of their position in the role hierarchy. However, if a user does not have access to a record through a sharing rule, their access will be determined by their position in the role hierarchy.

It is important to note that Sharing rules also have ‘criteria-based sharing’ which lets you share records based on certain criteria (e.g. if an account is of a certain type or if a custom field has a certain value).

Overall, sharing rules and role hierarchies in Salesforce are two different ways to control access to records, and they can be used together to provide a more fine-grained level of access control.

How do you use the sharing reason feature to track access to sensitive data in Salesforce?

The sharing reason feature in Salesforce allows you to track and document the reasons why records are being shared with specific users or groups.

To use the sharing reason feature:

  1. Go to the object’s sharing settings, and click on the “Sharing” button or navigate to “Security Controls” > “Sharing Settings” in the menu.
  2. Under “Sharing Reasons” click on “Enable”
  3. Select the “New” button to create a new sharing rule.
  4. Fill in the sharing rule details, including the criteria and the users or groups that you want to share the records with.
  5. In the “Reason” field, enter a brief description of why the records are being shared with the selected users or groups.
  6. Save the sharing rule.

Once the sharing reason feature is enabled, whenever a sharing rule is created or edited, the user will be prompted to enter the reason for sharing the records, this will be captured and stored in the system for future auditing purposes. This can be useful for organizations that handle sensitive data, as it allows them to track and document access to the data, and ensure that records are only shared with authorized users for legitimate business reasons.

Also, it’s worth noting that, the sharing reason feature is also available for Apex Sharing and Manually sharing records.

Can you explain the different levels of access that can be granted through sharing rules in Salesforce?

In Salesforce, there are several levels of access that can be granted through sharing rules:

  1. Read-only: Allows users to view the records but not edit or delete them.
  2. Read/Write: Allows users to view, edit, and delete the records.
  3. Full Access: Allows users to view, edit, delete, and transfer the records.
  4. Custom: Allows to grant access to specific fields or actions on the record, this can be done via “Customizable Sharing” which is a type of sharing rule. It allows you to grant access to specific fields or actions on the record based on the criteria.
  5. View All: Allows users to view all records, regardless of the ownership or criteria specified in the sharing rule.
  6. Modify All: Allows users to view, edit, and delete all records, regardless of the ownership or criteria specified in the sharing rule.

It’s important to note that, when creating sharing rules, you can specify the level of access you want to grant. You can also use different sharing rules to grant different levels of access to different users or groups of users.

How do you use the delegated administration feature to manage data access in Salesforce?

  1. Create a delegated administrator profile: Go to Setup > Administration > Manage Users > Profiles and create a new profile for the delegated administrator. Assign the appropriate permissions and access levels for the profile.
  2. Create a delegated administrator user: Go to Setup > Administration > Manage Users > Users and create a new user for the delegated administrator. Assign the profile created in step 1 to the user.
  3. Assign data access: Go to Setup > Administration > Data Management > Sharing Settings and select the object you want to manage access for. Under the “Delegated Administration” section, select the user or group of users to whom the delegated administrator will manage access.
  4. Set access levels: Go to Setup > Administration > Security Controls > Sharing Settings and set the access levels for the delegated administrator. This includes setting read, write, and delete access levels for the data.
  5. Monitor access: Go to Setup > Administration > Security Controls > View All > Audit Trail and monitor the access and changes made by the delegated administrator.
  6. Revoke access: Go to Setup > Administration > Manage Users > Users and deactivate or delete the delegated administrator user if necessary, revoking their access to the data.

Basic Interview Questions

1. Who is a Salesforce Certified Sharing and Visibility Designer?

A Salesforce Certified Sharing and Visibility Designer is a person who can assess the security and sharing requirements necessary to design secure, scalable solutions on the Salesforce Platform. Also, the designer has experience designing and implementing complex security and sharing models as well as communicating the solution and design trade-offs to business and technical stakeholders alike.

2. What is the major purpose of using the Field-Level Security?

The Field-level security is widely used since it’s settings let you restrict user’s access to view and edit specific fields.

3. What are the benefits of using Field-Level Security?

After setting field-level security, one can:

  • Organize the fields on detail and edit pages by creating page layouts.
  • Verify users’ access to fields by checking field accessibility.
  • Customize search layouts to set the fields that appear in search results, in lookup dialog search results, and in the key lists on tab home pages.

4. How to set Field Permissions in Permission Sets and Profiles?

  • From Setup, enter Permission set in the Quick find box, then select Permission Sets, or enter Profiles in the Quick find  box, then select Profiles.
  • Select a permission set or profile.
  • Depending on which interface you’re using, do one of the following:
    • Permission sets or enhanced profile user interface
    • Original profile user interface
  • Specify the field’s access level.
  • Lastly, Click Save.

5. How to set Field-Level Security for a Field on All Profiles?

  • From Setup, open Object Manager, and then in the Quick Find box, enter the name of the object containing the field.
  • Select the object, and then click Fields and Relationships.
  • Select the field you want to modify.
  • Click Set Field-Level Security.
  • Specify the field’s access level.
  • Lastly, Save your changes.

6. Where can one use Shield Platform Encryption?

  • Firstly, to update Records element
  • Secondly, to delete Records element
  • Thirdly, to get Records element
  • Lastly, to record Choice Set resource

7. How to create a User Role?

  • From Setup, in the Quick Find box, enter Roles, then select Roles.
  • If the “Understanding Roles” page is displayed, click Set Up Roles.
  • Find the role under which you want to add the new role. Click Add Role.
  • Add a Label for the role. The Role Name field autopopulates.
  • Specify who the role reports to.
  • Specify the role’s access to contacts, opportunities, and cases.
  • Lastly, Click save.

8. Give steps to Assign Users to Roles?

  • From Setup, in the Quick Find box, enter Roles, then select Roles.
  • Click Assign next to the name of the desired role.
  • Make a selection from the dropdown list to show the available users.
  • Select a user on the left, and click Add to assign the user to this role.
  • Lastly, Click Save.

9. What are Role fields?

The Role fields are defined as fields that comprise a role entry have specific purposes.

10. What do you understand by Imperative programming?

Imperative programming, also known as traditional or code-oriented programming, denotes the means of programming by using certain coding languages such as C#, C++, and Java etc. 

11. What do you understand by declarative programming?

Declarative programming denotes the kind of click or drag-and-drop solutions that allow someone without coding knowledge to build an application.

12. What are the benefits of using Declarative programming?

  • There is no need to hire a specialist coder or software developer.
  • Declarative programming provides a much quicker turnaround.
  • It is simple and easy to customize your project.
  • Personalize and build apps with a multitude of configurable components, allowing you to create pages and responsive, custom apps with simple drag-and-drop functions
  • Drive the productivity of your business and transform complex processes into apps with Process Builder and Lightning Flow, including point-and-click workflow and process tools
  • Build apps faster and quickly scale development with Lightning Components

13. List different ways in which data is stored in Salesforce?

  • Firstly, Objects
  • Secondly, fields
  • Lastly, records.

14. What are Permission sets?

Permission sets are used to provide additional permissions to users who are already in a profile. Moreover,

  • With permission sets, you can add and remove permissions to a small subset of users at any time.
  • You can add multiple permission sets to a given user.
  • Use permission sets only when a subset of users need additional permissions.
  • If a lot of people in a profile need that permission, then create a custom profile and add permission directly to that profile.

15. Who are the owners of the records?

Owners of records are usually people who created the record and have full CRUD access to it.

16. List some practices for securing files?

  • Firstly, Encrypt files when possible.
  • Store the files with very restricted access.
  • Securely share the password for the encrypted files, if you must share the password at all.
  • Securely delete files once they are no longer deemed necessary.
  • Network traffic is encrypted by default. Salesforce recommends that this setting remain in place.
  • Store the files with very restricted access and with full disk encryption if possible.
  • Lastly, do not store files with sensitive data on a public sharing service. Use professional sharing service or a Windows or Unix file.

17. Define S-Controls?

S-controls are an obsolete method of customizing the Salesforce user interface. They are superseded by Visualforce and Lightning Components. If your org depends on s-controls, you must replace them before you can move to Lightning Experience.

18. What is Canvas?

Canvas allows you to easily integrate third-party applications in Salesforce. Canvas functionality in Lightning Experience is the same as in Salesforce Classic. 

19. What is the use of Metadata API?

Metadata API is used to deploy changes programmatically. You can retrieve, deploy, create, update, and delete customization information for your org, such as Experience Cloud sites, custom object definitions, and page layouts. Moreover, using Metadata API is ideal when the changes are complex or when you need a more rigorous change management process and an audit process to manage multiple workstreams.

20. When should one use SOAP API?

SOAP API is used to create, retrieve, update or delete records, such as accounts, leads, and custom objects. Moreover, SOAP API also allows you to maintain passwords, perform searches, and much more.

21. When should one use Apex?

It can used to:

  • Create Web services.
  • Create email services.
  • Perform complex validation over multiple objects.
  • Create complex business processes that are not supported by workflow.
  • Create custom transactional logic.
  • Attach custom logic to another operation, such as saving a record.

22. What is Bulk API?

Bulk API main use is to query, queryAll, insert, update, upsert, or delete a large number of records asynchronously. Bulk API is designed on the Salesforce REST framework.

23. What is REST API?

REST API provides a powerful, convenient, and simple REST-based web services interface for interacting with Salesforce. Its advantages include ease of integration and development, and it’s an excellent choice of technology for use with mobile applications and web projects.

24. How can you edit apex classes in a production environment?

You cannot edit apex classes directly in a production environment. Firstly, done in the sandbox, then deployed in production where a user can make the changes with the permission of an Author.

25. What is Streaming API?

Streaming API is used for streaming of events using push technology and provides a subscription mechanism for receiving events in near real time. The Streaming API subscription mechanism supports multiple types of events, including PushTopic events, generic events, platform events, and Change Data Capture events.

26. What are the different types of visibility?

There are three types of visibility:

  • All Categories: All categories are visible
  • None: No categories are visible
  • Custom: Selected categories are visible

27. Define CRM?

The CRM is a technology for managing all your company’s relationships and interactions with customers and potential customers. It is basically intended to improve business relationships to grow your business. Moreover, CRM system also helps companies stay connected to customers, streamline processes, and improve profitability.

28. What are data categories?

Data categories are used in Salesforce Knowledge, Ideas, Answers, and Chatter Answers to help classify and find articles, questions, or ideas. Data categories is used to control access to a particular set of articles, questions or ideas.

29. What do you understand by a List?

A list is a collection of subscribers that receive your communications whereas a Data extension is a table within the database that contains your data. You could use a data extension to store subscriber data like lists or just any other relational data.

30. When should one use Apex?

It can used to:

  • Create Web services.
  • Create email services.
  • Perform complex validation over multiple objects.
  • Create complex business processes that are not supported by workflow.
  • Create custom transactional logic.
  • Attach custom logic to another operation, such as saving a record.
Salesforce Sharing and Visibility Designer Practice test
Menu