ADM-201 Question #305: Real Exam Question with Answer & Explanation

Question

An analytics user at Cloud Kicks needs Read, Create, and Edit access for objects and should be restricted from deleting any records. What should the administrator do to meet this requirement?

Options

• ACreate and assign a custom profile with Delete access removed for each object.
• BCreate and assign a permission set that includes Read, Create, and Edit access.
• CAssign the standard System Administrator profile to the analytics user.
• DGive the user View All access and assign them to the highest role in the role hierarchy.

Explanation

An analytics user needs Read, Create, and Edit object access but must be restricted from deleting any records.

Common mistakes.

• B. Permission sets are used to extend permissions and grant additional access, but they cannot be used to remove or restrict permissions that are already granted by a user's assigned profile.
• C. Assigning the standard System Administrator profile grants 'Modify All Data' and 'Delete' access for all objects, which directly contradicts the requirement to restrict delete permissions.
• D. Giving 'View All' access impacts record visibility, and assigning a role in the role hierarchy primarily affects data access through sharing rules, neither of which controls object-level 'Delete' permissions.

Concept tested. Salesforce security model - Profiles for object-level permissions

Reference. https://help.salesforce.com/s/articleView?id=sf.profiles_overview.htm&type=5

No community discussion yet for this question.