EXTENDED USER ACCESS & RESTRICTION SUPERBADGE UNIT SOLUTION

Team Avenoir
Dec 27, 2023
3 min read

Updated: Aug 5, 2024

Hey Trailblazer, we are here to guide you in earning the Security Specialist Superbadge. The first step to move ahead is clearing the User Authentication Specialist Superbadge. The Second step to move ahead is clearing the Access Governance Superbadge Unit. The third step to move ahead is clearing the User Access Specialist Superbadge. It consists of mini super-badges, the second being the Extended User Access and Restriction Superbadge Unit. First, you must pass the Data Security and Protect Your Data in the Salesforce module to achieve this badge. I will help you figure out each challenge and how to clear it.

This blog consists of three challenges of Extended User Access and Restriction Superbadge Unit include

General Record-Level Security Settings
Cross-Functional Record Access
Control Task Access

Every challenge has an outcome and hints at how to achieve it. It also consists of solving this error, ”Challenge Not yet complete... here's what's wrong: We can't find the sharing rule "GDPR_Auditor_Opportunity_Visibility’ for the expected object. Make sure the rule has a description and is based on the factors outlined in the scenario” and “Challenge Not yet complete... here's what's wrong: We can’t find the expected user criteria for the ‘Sales_Manager_Task_Restriction’ restriction rule”

Challenge 1: General Record-Level Security Settings

Step 1: Go to Setup > Sharing Settings. Change the OWD setting of Account and Contract, Opportunity as Private.

Step 2: In Setup > Role. Click on Set up Role. Click on Expand All

Create the new roles for the Thunderground Salesforce org with the following requirements.

Role Name	Reports to:	Opportunity Access
GDPR_Auditor	General Counsel	Users in this role cannot access opportunities they do not own that are associated with accounts they do own.
Technical_Sales_Manager	EMEA Sales	Users in this role can edit all opportunities associated with accounts they own, regardless of who owns the opportunities.
Technical_Sales_Representative	Technical Sales Manager	Users in this role cannot access opportunities they do not own that are associated with accounts they do own.

Challenge 2: Cross-Functional Record Access

Step 1: From Setup > Public Group and create one public group Name - Operations

by selecting Roles

Customer Support, North America
Customer Support, International

Step 2: Go to Sharing Setting from Setup. Create a sharing rule on Opportunity with the label Operations_Visibility.

Step 3: Create sharing rule on Opportunity, Account, and Contracts

Sharing Solution Name	Description
GDPR_Auditor_Opportunity_Visibility	Grants Read access to all opportunities owned by users in the EMEA Sales role and their subordinates
GDPR_Auditor_Account_Visibility	Grants Read access to all accounts and contracts located in the EU; Use the provided European Union checkbox on the account record to set the criteria.

Challenge 3: Control Task Access

Step 1: From Setup > Object Manager and Open Task object.

Step 2: Click on Restriction Rules and create Restriction Rules

Sharing Solution Full Name	Description
Sales_Manager_Task_Restriction	Allows Technical Sales Managers* to see only tasks from their department
Sales_Rep_Task_Restriction	Allows Technical Sales Representatives* to see only the tasks they own.

Thank You! Please leave a comment to help me understand how the blog helped you. If you need further assistance, please contact us. You can click "Reach Us" on the website and share the issue with me.

Blog Credit:

Team Avenoir

Avenoir Technologies Pvt. Ltd.

Reach us: team@avenoir.ai