+ Start a Discussion
Yogesh NakhateYogesh Nakhate 

Data security fields challenge

Please help me in getting this - I tried, but not working -
https://developer.salesforce.com/trailhead/data_security/data_security_fields
Mandodari RawatMandodari Rawat
First Step is to creat Profile Basic Account User
Setup->Manage Users->Profiles->New Profile->Basic Account User(select any pre-existing profile with user license type"salesforce")
Once you click on Save-> Object Setting-> Account-> Object Permissions-> select Read and Edit
In the Field Permissions deselect  Read and Edit Permissions of Rating Field....
Assign this profile to a user and check 
Next Step to create permission set 
Setup->Manage Users->Permission Sets->New->Account Rating(select user license type"salesforce")
Once you click on Save-> Object Setting-> Account-> Object Permissions-> In the Field Permissions select  Read and Edit Permissions of Rating Field....
Assign this permission set to the same user and see the difference....

Hope this will help you 
Yogesh NakhateYogesh Nakhate
Created a profile with no Read/Edit access to the 'Account Rating' field. and used permission set named 'Account rating' to grant access to the 'Account rating' field. the 'Check challenge' shows error - The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object . Dont know whats wrong...
Nishant BeenuNishant Beenu
I am getting same error Yogesh
Lizzie KingLizzie King
For those still having this problem Mandodari answers it ^^ 
Thank you! 

Once you have made your profile, scroll down to Field-Level Security 
Click Account (View) unselect view/edit for Rating. 
 
Nerd sfdcNerd sfdc
Inspite following what Mandodari Rawat said, I am still getting the same error
Krishna BARKrishna BAR
Try the steps below and you should not get the error

In your previous exercise you would have created a profile Account ‘Account Reviewer’ using salesforce licence; you were given only two licences for Trialhead. One you are using and the other one for testing. You would have created a test user as guestadmin, assign the Account Reviewer for guestadmin and login to test that you are able to view Account details, only account details (Administer à Manager Userà Profilesà select profile ‘Account Reviewer’, view in ‘Tab Settings’ à Standard Tab Settings, update as Tab Hidden for all other objects except for Home and Accounts).
 
Start the following steps now for ‘Basic Account User’
Tip: Uncheck Enable Enhanced Profile User Interface (Build à Customizeà User Interface) à
 
Step1. Clone Account Reviewer Profile as ‘Basic Account User’,  or Create Profile Basic Account User
Setup->Manage Users->Profiles->New Profile->Basic Account User(select any pre-existing profile with user license type salesforce licence;
Once you click on Save-> Object Setting-> Account-> Object Permissions-> select Read and Edit
In the Field Permissions deselect  Read and Edit Permissions of Rating Field....


Step 2. Assign ‘Basic Account User’ guestadmin user and verify, you will not be able to view Rating Field.
Step 3. Create permission set go to Setup->Manage Users->Permission Sets->New->Account Rating (select user license type salesforce licence)
Step 4. Once you click on Save-> Object Setting-> Account-> Object Permissions-> In the Field Permissions, Select  Read and Edit Permissions of Rating Field....
Step 5. Assign this permission set to the user and guestadmin see the difference....
Now login as guestadmin and you can see the difference, you can view the Field
Please test and reply if this is working for you.
 
hai.huanghai.huang
Step1 Setup->Manage Users->Profiles->New Profile->Named:"Basic Account User"->save
Step2 In Basic Account User page-> Field-Level Security->Account[ View ]->Uncheck Rating Visible->save
Step3 Setup->Customize->Accounts->Fields->Rating->Set Field-Level Security->Uncheck Basic Account User Visible->save

Step4 Setup->Manage Users->Permission Sets->New->Named : Account Rating->save
Step5 Click Account Rating-> Apps Object Settings->Accounts->Check both permissions of Rating

It is worked for me.
Prakash  RaiPrakash Rai
Understand the scenerio as: Two users need to view and edit Account Object. Only one should be able to edit Rating field.

Solution:
1- Create a profile name "Basic Account User"  and give Read and Edit Permissions on Account object in "Standard Object Permission" section. Go to Field Level Security and click View new to Account,  click Edit then uncheck Edit Access for Rating field.
Note - Step 1 effort is to setup a profile to read/write Account object except the Rating field.

2- Create a permission set "Account Rating", select Account then check edit access for Rating field.
Note - Step 2 effort is to create a permission set that allows to read/write Rating field.
Swapnil Borkar 9Swapnil Borkar 9
Hi Krishna BAR 

I resolved the challenge using the your responses, but I don't understand why we need to assign both permission set and Profile to both users.
I think following should be done. 

user 1 - should not have access to Rating field -> assign only Basic Account User Profile.
user 2- should have access to Account and Rating field -> assign  Basic Account User Profile  and  Account Rating permission set .


Regards
Swapnil 



 
Bobilio PerezBobilio Perez
Thanks hai.huang, your method was perfect.