top of page
Writer's pictureTeam Avenoir

ACCESS GOVERNANCE SUBERBADGE UNIT SOLUTION

Updated: Aug 5


Hey Trailblazer, we are here to guide you in earning the Security Specialist Superbadge. The first step to move ahead is clearing the User Authentication Specialist Superbadge. The Second step to move ahead is clearing the Access Governance Superbadge Unit. It consists of mini super-badges, the second being the Access Governance Superbadge Unit. First, you must pass the Data Security and Privileged User Responsibilities to achieve this badge. I will help you figure out each challenge and how to clear it.


This blog consists of all three challenges of Approval Process Management include

●      Audit Privileged Users

●      Monitor Data Changes

●      Monitor Connected App Access


This challenge involves reviewing and adjusting user permissions to align with company policies on privileged access. The tools provided, such as Salesforce Ticket records and the User Access and Permissions Assistant, are instrumental in identifying users and making necessary adjustments. The admin's goal is to maintain a secure and compliant Salesforce org by ensuring users only have the required access for their roles.


Every challenge has an outcome and hints at how to achieve it. It also consists of solving these errors, ”Challenge Not yet complete... here's what's wrong: We can't find the required permission sets, groups, or users preinstalled in your org.”, “Challenge Not yet complete... here's what's wrong: We can't find field history tracking enabled for the expected fields on the Opportunity object. Make sure you've only enabled it for the specified fields.”. 



Challenge 1: Audit Privileged Users

Strato-Form Generators emphasizes the principle of least privilege to maintain a secure Salesforce org. The admin team is responsible for conducting quarterly audits to ensure that users with privileged access have the appropriate permissions based on company policies.



To complete our very first Challenge we are going through these steps 


Enable Permission Set & Permission Set Group Assignments with Expiration Dates: Create permission set and permission set group assignments that expire on a specific date using an enhanced user interface. If this setting is disabled, you can’t set an expiration date for permission set and permission set group assignments.

From the user management setting


After enabling it -

  1. Open your Salesforce org.

  2. Click on "Setup."

  3. In the quick search type "User."

  4. In the Select Rahul Patel

  5. Now Click on Permission Sets

  6. Click On PLATFORM: Customize Application


Now According to our Challenge, We have assigned PLATFORM: Customize Application permission to Rahul Patel only for 30 days Click on Manage Assignment


Check the check box and click on edit assignments

Click on pencils which are at the  top  of the right corner 


Now Assign it to Rahul Patel.

Now Check your Challenge. You are Still getting the Same Error


Follow these Steps:

  1. In your Salesforce org go on Setup

  2. Search for permission Set group

  3. Change it from recent view to All View

  4. Click On PERSONA: Sales Representative  permission Set group



Click On Permission sets in the group

Remove the group of permission set in OPPORTUNITY: Sales - D

Now Check your Challenge Clear our first challenge



Let’s move forward to our Second Challenge :


Challenge 2: Monitor Data Changes

Enable field history tracking for the required fields and configure your org so changes can be monitored on each opportunity record and in a report.

Then, delete the account history records that mistakenly contain sensitive account data. Important: Only delete the records


We have to first set the History tracking of opportunity objects for some field

  1. Now open your salesforce org and Click on set up

  2. Object manager in Quick find search box search for Opportunity object.

  3. Click on the field and relationship. Now click on the Set History Tracking button

  4. Enable Opportunity Field History



Now this field you have to select for history tracking


After that, from the Opportunity page layout, you have to add opportunity field history on related history and click on save


Now we have to create the report

1.  In your salesforce org from the app launcher search for reports

2. Click on the new report. The record type should be Opportunity field history

3. Click on start.


Click On Filters

 Apply these filters in the report

After Applying the filter we Click on Save & Run

The report name should be Opp Field History - Last 7 Days

Folder Should be Compliance Reports

now check your challenge


In our scenario, A Strato-Form Generators user accidentally entered a client credit card number in the Preferred Payment Method field on the Grand Hotels & Resorts Ltd account. This field is not encrypted or protected appropriately to store sensitive accounts. Data is saved in Field history Now we have to create a permission set to delete field history and assign it admin.

Follow these steps:

  1. Open your salesforce org and go to set up in quick search search for user interface

  2. On the user interface from the Setup setting Enable the ‘Enable “Delete from Field History” and “Delete from Field History Archive” User Permissions’

  3. In quick find search search for permission set Click and create a new permission set



After clicking on save go to the system permission


Click on edit and search for History


Enable the checkbox "Delete From Field History" and click on save


Now click On manage assignment on the Delete field History permission set and assign it to your user.



Click on the next button Select Specify expiration date for 1 day


Click on Done.


Now We have to delete records that store credit card information


For that we are using the dataloader.io tool click on the link and log in with your Salesforce


We have to delete the data in dataloader.io click on task select export object Select Account history click on next



Filter: Account history + Account id = Account id of

Now click on the plus button for the filter to be applied


Also, select the field for data that you want in your CSV file. Click on next


In the summary page Advance section Check the checkbox of Export All record and click on the save & run button



Click on 3 “success” hyperlink

Now you see


3rd record doesn't have information on the credit card Number So there is no need to delete this remove this row and save the CSV


After that go on the dataloader.io website click on new task select delete and Account history as an object


Upload .CSV file that you save recently

Now click on Next, Save & run And run.

Now check the Grand Hotels & Resorts Ltd Account-related list Account History should have only 1 record

Now check your challenge


Challenge 3: Monitor Connected App Access

Let's take the quiz on monitoring connected apps in different scenarios


If you'd like to see the code and resources used in this project, you can access the repository on GitHub.To access the Access Governance Superbadge Unit click here. Feel free to explore the code and use it as required.

 

Thank You! Please leave a comment to help me understand how the blog helped you. If you need further assistance, please contact us. You can click "Reach Us" on the website and share the issue with me.


Blog Credit:

Team Avenoirr

   Avenoir Technologies Pvt. Ltd.

  Reach us: team@avenoir.ai



 

Are you in need of Salesforce Developers?

Reach Us Now!




 

コメント


bottom of page