Hey Trailblazer, we are here to guide you in earning the Security Specialist Superbadge. The first step to move ahead is clearing the User Authentication Specialist Superbadge. The Second step to move ahead is clearing the Access Governance Superbadge Unit. It consists of mini super-badges, the second being the Access Governance Superbadge Unit. First, you must pass the Data Security and Privileged User Responsibilities to achieve this badge. I will help you figure out each challenge and how to clear it.
This blog consists of all three challenges of Approval Process Management include
● Audit Privileged Users
● Monitor Data Changes
● Monitor Connected App Access
This challenge involves reviewing and adjusting user permissions to align with company policies on privileged access. The tools provided, such as Salesforce Ticket records and the User Access and Permissions Assistant, are instrumental in identifying users and making necessary adjustments. The admin's goal is to maintain a secure and compliant Salesforce org by ensuring users only have the required access for their roles.
Every challenge has an outcome and hints at how to achieve it. It also consists of solving these errors, ”Challenge Not yet complete... here's what's wrong: We can't find the required permission sets, groups, or users preinstalled in your org.”, “Challenge Not yet complete... here's what's wrong: We can't find field history tracking enabled for the expected fields on the Opportunity object. Make sure you've only enabled it for the specified fields.”.
Challenge 1: Audit Privileged Users
Strato-Form Generators emphasizes the principle of least privilege to maintain a secure Salesforce org. The admin team is responsible for conducting quarterly audits to ensure that users with privileged access have the appropriate permissions based on company policies.
To complete our very first Challenge we are going through these steps
Enable Permission Set & Permission Set Group Assignments with Expiration Dates: Create permission set and permission set group assignments that expire on a specific date using an enhanced user interface. If this setting is disabled, you can’t set an expiration date for permission set and permission set group assignments.
From the user management setting
After enabling it -
Open your Salesforce org.
Click on "Setup."
In the quick search type "User."
In the Select Rahul Patel
Now Click on Permission Sets
Click On PLATFORM: Customize Application
Now According to our Challenge, We have assigned PLATFORM: Customize Application permission to Rahul Patel only for 30 days Click on Manage Assignment
Check the check box and click on edit assignments
Click on pencils which are at the top of the right corner
Now Assign it to Rahul Patel.
Now Check your Challenge. You are Still getting the Same Error
Follow these Steps:
In your Salesforce org go on Setup
Search for permission Set group
Change it from recent view to All View
Click On PERSONA: Sales Representative permission Set group
Click On Permission sets in the group
Remove the group of permission set in OPPORTUNITY: Sales - D
Now Check your Challenge Clear our first challenge
Let’s move forward to our Second Challenge :
Challenge 2: Monitor Data Changes
Enable field history tracking for the required fields and configure your org so changes can be monitored on each opportunity record and in a report.
Then, delete the account history records that mistakenly contain sensitive account data. Important: Only delete the records
We have to first set the History tracking of opportunity objects for some field
Now open your salesforce org and Click on set up
Object manager in Quick find search box search for Opportunity object.
Click on the field and relationship. Now click on the Set History Tracking button
Enable Opportunity Field History
Now this field you have to select for history tracking
After that, from the Opportunity page layout, you have to add opportunity field history on related history and click on save
Now we have to create the report
1. In your salesforce org from the app launcher search for reports
2. Click on the new report. The record type should be Opportunity field history
3. Click on start.
Click On Filters
Apply these filters in the report
After Applying the filter we Click on Save & Run
The report name should be Opp Field History - Last 7 Days
Folder Should be Compliance Reports
now check your challenge
In our scenario, A Strato-Form Generators user accidentally entered a client credit card number in the Preferred Payment Method field on the Grand Hotels & Resorts Ltd account. This field is not encrypted or protected appropriately to store sensitive accounts. Data is saved in Field history Now we have to create a permission set to delete field history and assign it admin.
Follow these steps:
Open your salesforce org and go to set up in quick search search for user interface
On the user interface from the Setup setting Enable the ‘Enable “Delete from Field History” and “Delete from Field History Archive” User Permissions’
In quick find search search for permission set Click and create a new permission set
After clicking on save go to the system permission
Click on edit and search for History
Enable the checkbox "Delete From Field History" and click on save
Now click On manage assignment on the Delete field History permission set and assign it to your user.
Click on the next button Select Specify expiration date for 1 day
Click on Done.
Now We have to delete records that store credit card information
For that we are using the dataloader.io tool click on the link and log in with your Salesforce
We have to delete the data in dataloader.io click on task select export object Select Account history click on next
Filter: Account history + Account id = Account id of
Now click on the plus button for the filter to be applied
Also, select the field for data that you want in your CSV file. Click on next
In the summary page Advance section Check the checkbox of Export All record and click on the save & run button
Click on 3 “success” hyperlink
Now you see
3rd record doesn't have information on the credit card Number So there is no need to delete this remove this row and save the CSV
After that go on the dataloader.io website click on new task select delete and Account history as an object
Upload .CSV file that you save recently
Now click on Next, Save & run And run.
Now check the Grand Hotels & Resorts Ltd Account-related list Account History should have only 1 record
Now check your challenge
Challenge 3: Monitor Connected App Access
Let's take the quiz on monitoring connected apps in different scenarios
If you'd like to see the code and resources used in this project, you can access the repository on GitHub.To access the Access Governance Superbadge Unit click here. Feel free to explore the code and use it as required.
Thank You! Please leave a comment to help me understand how the blog helped you. If you need further assistance, please contact us. You can click "Reach Us" on the website and share the issue with me.
Blog Credit:
Team Avenoirr
Avenoir Technologies Pvt. Ltd.
Reach us: team@avenoir.ai
Are you in need of Salesforce Developers?
Reach Us Now!
Comments