AI-201 · Question #301
A company wants an Agentforce agent to update Case records and execute Flows on behalf of support agents. Which security model ensures the agent does NOT exceed the user's data access?
The correct answer is C. Running the agent in the user context. Running the agent in user context means all Salesforce record access, DML operations, and Flow executions are governed by the permissions of the user on whose behalf the agent is acting. This ensures the agent cannot access or modify records the user themselves could not. System
Question
A company wants an Agentforce agent to update Case records and execute Flows on behalf of support agents. Which security model ensures the agent does NOT exceed the user’s data access?
Options
- ASystem Mode execution
- BEinstein Trust Layer only
- CRunning the agent in the user context
- DPublic API access
How the community answered
(30 responses)- A13% (4)
- B7% (2)
- C77% (23)
- D3% (1)
Explanation
Running the agent in user context means all Salesforce record access, DML operations, and Flow executions are governed by the permissions of the user on whose behalf the agent is acting. This ensures the agent cannot access or modify records the user themselves could not. System Mode execution (A) runs with elevated, admin-level permissions that bypass user-level restrictions and could expose or modify data beyond the user's entitlement. Einstein Trust Layer (B) governs AI data security and masking, but does not enforce Salesforce record-level access control. Public API access (D) is not a valid Agentforce security model.
Topics
Community Discussion
No community discussion yet for this question.