+ Start a Discussion
Mandodari RawatMandodari Rawat 

Data Security -> Controlling Access to Fields -> Create a Profile and Permission Set to properly handle field access

Hi Experts,
I am trying to solve this challenge but not able to solve because of salesfore license issue. Salesforce only allows 2 'Salesfoce' license for DE. Is there a way to solve this challenge? Please help.

Create a Profile and Permission Set to properly handle field access
The Marketing Coordinator and Account Manager both require access to view and update Account Records, but only the Account Manager should be able to see and edit certain fields. Specifically, only the Account Manager should be able to see and edit the Rating field. The Marketing Coordinator should not be able to see or edit the Rating field. Create one profile and one permission set with the appropriate field-level security to solve for this use case.The profile must be named 'Basic Account User' and result in an API name of 'Basic_Account_User'. It should use the 'Salesforce' user license type.
The permission set must be named ‘Account Rating’ and result in an API name of 'Account_Rating'.
Best Answer chosen by Mandodari Rawat
Himanshu ParasharHimanshu Parashar
Hi Mandodari,

Here is the Answer as per my understanding.

1. Create Organization wide default as Private.
2. As it said already create a profile names Basic_Account_User.
    (a) assign this profile to both users.
    (b) Remove profile permission from Rating_c field
     
3. Create Permission set Account Rating
     (a) Add permisson to Rating__c field
    (b) Assign permisson set to Account User.



Thanks,
Himanshu
Salesforce Certified Developer | Administrator | Service Cloud Implementation Expert

P.S.  If my answer helps you to solve your problem please mark it as best answer. It will help other to find best answer.


 

All Answers

Himanshu ParasharHimanshu Parashar
Hi Mandodari,

Here is the Answer as per my understanding.

1. Create Organization wide default as Private.
2. As it said already create a profile names Basic_Account_User.
    (a) assign this profile to both users.
    (b) Remove profile permission from Rating_c field
     
3. Create Permission set Account Rating
     (a) Add permisson to Rating__c field
    (b) Assign permisson set to Account User.



Thanks,
Himanshu
Salesforce Certified Developer | Administrator | Service Cloud Implementation Expert

P.S.  If my answer helps you to solve your problem please mark it as best answer. It will help other to find best answer.


 
This was selected as the best answer
KaranrajKaranraj
Create profile and permission set as mentioned in the challenge. Then create a new user and assign the Marketing coordinator profiles/permission set and check whether permission are working properly. Then for the same user include/remove persssion set as per the challenge and test the challenge scenario. The challenge is to check the profiles and permission set permission.
Francis Alberto Vargas CruzFrancis Alberto Vargas Cruz
Hi, I'm also stuck in this challange but I have a different issue:
The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object.

I have create and recreate the profile like dozen of times, but the same warning keeps showing up. Can somebody tell me what I'm doing wrong? Thanks in advance.
Ankur GargAnkur Garg
Same issue for me too.. :(
Tyler ZikaTyler Zika
This is a challenge for me too. It's not as straight forward as the last challenges.
Sam Steed 6Sam Steed 6
Me too, I am constantly getting this message now and stuck :-(
Rich ColoyanRich Coloyan
This is driving me absolutely insane.  
I created a custom profile named Basic Account User, it is Read on the Account Object and the Rating field is unchecked for both Read and Edit.  
I created a permission set named Account Rating, it is Read & Edit on the Account Object and the Rating field is checked for both Read & Edit.  
I have both the profile and permission set assigned to the other user in my Dev Org.  I logged in as this user and the permission set is functioning as expected.

Yet I keep receiving the "The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object" error message.

What am I missing? I have tried every conceivable combination.
Patrick CantelmiPatrick Cantelmi
I am also stuck here. I have tried almost everything I can think of. Looked at every answer available but still cannot find what I am doing wrong. I also receive this message "The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object".  If someone could post a video of them walking through the process step by step it would be greatly appreciated. This is a problem that many people are encountering. Thanks!
Rich ColoyanRich Coloyan
One thing I have been wondering is that the instructions say that both users need to view and update acount records which would imply Read & Edit access.  All the instructions I have seen have said to make the profile just Read however and make the permission set Read, Edit.  I have tried both and still receive the same error.
Michelle Ng 8Michelle Ng 8
This worked after I went into Customize-->Accounts-->Fields-->Rating-->Set Field-Level Security and uncheck Visible for Basic Account User.

For the Basic Account User profile, I removed all Standard Object and Customer Object Permissions except for Accounts (Read, Edit). For the Account Rating Permission Set, I went to Object Account Settings, enabled Tab Settings to Visible, and then enabled Read and Edit for the rating field.
Alcides Del Valle Rojas BarrosoAlcides Del Valle Rojas Barroso
Thank yoy very much Michelle Ng 8!!!! Your answer help me a lot to solve this challenge!!!

Best Regards!!!!
Brennan ButlerBrennan Butler
@Michelle Ng 8 THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Nicholas HaleNicholas Hale
Thank you!!!!! Michelle Ng 8
Joe SchmittJoe Schmitt
Thank you Michelle! :)
ShamalShamal
This Challenge is confusing and lacks details. But it is simple. Challenge is not clearly eloborated.
Victoria GospariniVictoria Gosparini
Got it after following Michelle's answer, thanks a lot!!
Imtiyaz Ali 16Imtiyaz Ali 16
Michelle Ng 8!!! i follow your given instruction bt i got the same issues 
Challenge Not yet complete... here's what's wrong: 
The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object
Help Me Please....
Mike RodgersMike Rodgers
And another thanks to Michelle.
Andres ShulmanAndres Shulman
Thanks Michelle! Didn't worked the first time, so i did the following:

- Recreated the Basic Account User profile with the settings you explained.
- In the permission set, I already had all set, but I edited again the tab and field settings.

I think there are some validations that require to create/edit the profile and permission set, even if they are already defined. Happened a while ago in other topics.
Alejandro Valdes OliveraAlejandro Valdes Olivera


Michelle Ng 8!!!! Thanks!! I was stuck in this too!!! 
 
Swaraj Behera 7Swaraj Behera 7
Thank you Michelle Ng.
Jerry NiemeyerJerry Niemeyer
This seems simple, but I can't finish.  I go to the permission set, hit edit, but all the field permissions are greyed out, so I can't select or change them for "Rating".  How do I get the "filed permissions" editable?
Jerry NiemeyerJerry Niemeyer
never mind, I needed to check the "edit" box next to "Rating".  
Shayne HudsonShayne Hudson
Michelle Ng! You basically just saved me hours of banging my head against the wall! You are a saint!
Jose de Jesus Munoz TorresJose de Jesus Munoz Torres
Yes, I recreated the profile and permission set. It woked! Thanks!
jocelyn seznecjocelyn seznec
Thanks Michelle Ng 8 !!
Handsen SibueaHandsen Sibuea
@Michelle Ng 8 thanks lohhhh.. <3
Vikas GoelVikas Goel
thanks Michelle Ng 8
Christophe_         LereverendChristophe_ Lereverend
Thanks Michelle Ng 8, Works like a Charms!
Ramesh VaratharajRamesh Varatharaj

Hi Team, Could you please guide me with this logic. I have a field called "Solution Detail" - this should be editable by any solutions team member not by opportunity owner. Also other fields should be editable only to opportunity owner. 

If the opportunity is owned by solutions member - all fields should be editable by the opportunity owner. 

Thanks, 
Ramesh

Gabriel DidierGabriel Didier
Michelle Ng 8 covered this really well(THANK YOU!!!), but I still couldnt figure it out until today. It says the exact same thing she says, but for some reason this clicked for me better:

1) Just Go to Build > Account > Fields > Rating > [Set Field-Level Security] > Click the checkbox next to "Visible" and "Read-Only".
2) Now check "Visible" and "Read-Only" for {Basic Account User} Profile
3) Save
Ainee GuevaraAinee Guevara

After long hours of struggling, I finally identify the issue.
There was an update the label was "Basic account user" and now is just "Account"
And for "Account Rating" just "Rating"

Here it's the solution with screenshots 😉

Profile
Manage users -> Profiles -> New profile -> Existing profile: clone from Standard User / User License:  Salesforce / Profile name: Account
Edit and go to -> Standard Object Permissions -> Accounts uncheck boxes: create and delete. Save the profile.
User-added image
Permission Set
Manage users -> Permission sets / New / Label: Rating / ApI Name: Rating / License: Salesforce
Then go to Apps -> Object Settings -> Accounts -> Tab Settings: Available & visible check boxes -> Object Permissions: Read & edit Enabled boxes. Field Permissions -> Rating check boxes Read Access & Edit Access

User-added image

User-added image

Matt McLeanMatt McLean
Thank you so much for that Ainee!  Huge help!
hiroshi_yamatohiroshi_yamato
Thank you very much!!! Michelle Ng 8 !!!
And thank you to Ainee Guevara!!! too!!! 
Felipe PoncetFelipe Poncet
Thanks Ainee!
Jeff FeroceJeff Feroce
To make the following clear.....
"Give the Rating permission set access to account Rating field: Read Access, Edit Access"

.....change '...account..' to '....Account....', so that the student knows which object to adjust the Rating permission set in.