Valid Sharing-and-Visibility-Architect Dumps shared by EduDump.com for Helping Passing Sharing-and-Visibility-Architect Exam! EduDump.com now offer the newest Sharing-and-Visibility-Architect exam dumps, the EduDump.com Sharing-and-Visibility-Architect exam questions have been updated and answers have been corrected get the newest EduDump.com Sharing-and-Visibility-Architect dumps with Test Engine here:
Recent Comments (The most recent comments are at the top.)
Kyle - Jun 07, 2026
Passed examSharing-and-Visibility-Architect!
It was the demo of freecram Sharing-and-Visibility-Architect Study Guide that impressed me and I decided to opt for freecram study material.
This fits the requirement because Salesforce account teams are designed to let you define each user’s role on an account and assign access to the account plus related opportunities and cases. Trailhead explicitly describes setting up account teams to give users access to the opportunities and cases related to the accounts they work on, and shows separate fields for Account Access, Opportunity Access, and Case Access.
A remarkable success in Exam Sharing-and-Visibility-Architect !
Exam Sharing-and-Visibility-Architect was just a piece of cake!
Theodore - Dec 29, 2025
I used your updated Sharing-and-Visibility-Architect study materials and passed my exam easily.
Zoe - Dec 28, 2025
Passed Salesforce Sharing-and-Visibility-Architect Today in UK. I used Sharing-and-Visibility-Architect learning materials. Be careful in the exam and good luck to you!
test - Dec 11, 2025
No.# The requirement: **Distributors need to use the community to see *opportunities* assigned to their distributor.**
In Salesforce:
* **Customer Community** → good for high-volume external users, but **does NOT provide access to Opportunities**. * **Customer Community Plus** → adds reports, dashboards, and sharing features, but **still does NOT include Opportunities**. * **Partner Community** → **includes Opportunities, Leads, Campaigns, and advanced selling features**.
Even though there are many users (1 million), the *only* license type that provides **Opportunity access** for external users is:
### ✅ **C. Partner Community**
This is the correct choice because *access to Opportunities automatically requires a Partner Community license*.
test - Dec 02, 2025
No.# **Correct Answer: B. Trigger on Presenter junction object that uses Apex Managed Sharing to add or remove access to the related Presentation record.**
---
### **Explanation**
Requirements:
* **Presenters need edit access** to their Presentation records. * **Multiple presenters per presentation** via a **junction object**. * Presentation object is **private**, so standard sharing won’t automatically give access.
---
### **Why Apex Managed Sharing is needed**
1. **Permission Sets (Option A)**
* ❌ Incorrect. Permission sets grant **object-level permissions**, not record-level access. * Since the Presentation object is private, giving Edit rights at the object level doesn’t let a presenter access a specific record.
2. **Sales Team (Option C)**
* ❌ Incorrect. **Sales Teams only work on Opportunity objects**, not custom objects.
3. **Trigger with Apex Managed Sharing (Option B)**
* ✅ Correct. * When a **Presenter junction record** is created or updated:
* Trigger checks the related Presentation. * Creates a **Presentation__Share** record granting **Edit access** to the User in the junction. * Also handles removal when a presenter is removed. * This gives **fine-grained, record-level edit access** dynamically.
---
### ✔️ Key Takeaway
**Apex Managed Sharing is the standard approach for granting dynamic, record-level access to users based on a many-to-many relationship (junction object) when the object is private.**...
test - Dec 02, 2025
No.# **Correct Answer: B. Trigger on Case to lookup and share to the manager of an Assigned Agent custom field (the subject of the complaint) using Apex Managed Sharing.**
---
### **Explanation**
The requirement is:
* The **agent who is the subject of the complaint** must **not see the case**. * The **agent’s manager** should **see the case**. * Cases are assigned to **HR**, not the agent.
Given this:
1. **Role Hierarchy or Criteria-Based Sharing Rules won’t help**:
* **A. Criteria-based sharing rule** ❌
* Criteria-based sharing rules can only share to **users, roles, or public groups**, but you **cannot dynamically share with the manager of a user referenced in a custom field**. * The "Assigned Agent" is not the owner; the manager of that user cannot automatically get access via standard sharing rules.
* **C. Case owned by the subject** ❌
* You **cannot make the agent the owner** (they must not see it). * Even if you remove their CRUD permissions, this is **not a standard, safe way** to manage this scenario.
2. **Apex Managed Sharing works**:
* With **Apex Managed Sharing**, you can programmatically grant access to a **specific user** (the manager of the Assigned Agent) while ensuring the agent does not get access. * Trigger logic: On Case creation → look up the manager of the Assigned Agent → create a **CaseShare** record granting access to the manager.
This approach ensures **fine-grained, dynamic access control** that standard sharing cannot accomplish.
---
### ✔️ Key Takeaway
**Dynamic record sharing based on a related user field often requires Apex Managed Sharing, especially when the subject should not see the record but their manager should.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Use Account teams and sharing rules to share cases with sales associates. No change required to the Opportunity object.**
---
### **Explanation**
Let’s break down the requirements:
1. **Sales associates need:**
* **Read access to accounts** → They don’t own the accounts. * **Read access to related cases** → Cases are private and linked to accounts. * **No access to opportunities (deals) unless explicitly granted** → Opportunities remain private by default. 2. **Sales managers want accountability & collaboration via roles on accounts** → Account Teams are perfect for this. Account Teams allow you to define a user’s role on an account and specify their level of access to the account and related records (like Opportunities and Cases).
---
### **How to implement:**
1. **Account Teams:**
* Use account teams to define roles on accounts for each user. * Assign **Read access** to the account for sales associates.
2. **Case Sharing:**
* Since the org’s sharing model is **Private**, related Cases inherit the default access (Private). * Create a **criteria-based or manual sharing rule** to grant the sales associates **Read access to cases** related to the accounts they are on.
3. **Opportunities:**
* Default Private sharing means sales associates **won’t see opportunities unless specifically shared**. * No extra configuration is needed; access can be granted on a case-by-case basis.
---
### **Why not the other options?**
* **A. Use Account teams to define access to accounts as well as opportunities and cases** ❌ Incorrect. Account Teams **cannot grant access to Cases**. Cases require separate sharing configuration (sharing rules or Case Teams).
* **B. Use Account teams and Case teams. No configuration required for the Opportunity object** ❌ Partially correct, but Case Teams are **optional** and mainly for collaboration, not for fulfilling sharing requirements automatically. Sharing rules are simple...
test - Dec 02, 2025
No.# **Correct Answer: A. Searching for other external users.**
---
### **Explanation**
The **Site User Visibility** setting in **Sharing Settings** controls whether **external users (community users)** can see other **external users** in the community.
* **When turned off:**
* Community users **cannot search for or view other external users**. * This is useful for privacy when distributors, partners, or customers should not see each other.
* **Internal users** are **unaffected** by this setting.
* **User profile updates** are also unaffected; users can still update their own profile.
---
### Why not the others?
* **B. Updating their user profile** ❌ Users can still edit their own profile regardless of Site User Visibility.
* **C. Searching for internal users** ❌ Internal users are visible according to normal org sharing rules; Site User Visibility only affects **external-to-external visibility**.
---
### ✔️ Key Takeaway
**Site User Visibility = controls whether external users can see/search for each other in a community.**...
test - Dec 02, 2025
No.# **Correct Answer: B. The user who posted the file and users with access to the record**
---
### **Explanation**
When a user posts a file to a **Chatter feed on a record**:
* The **file inherits the sharing settings of the record** it’s posted to. * Since the object’s **OWD is Private**, only users who have **access to that record** can see the file. * The user who posted it obviously always has access.
This ensures that sensitive files are **not visible to users who cannot see the record**, maintaining proper data security.
---
### Why not the others?
* **A. Only the user who posted the file** ❌ Incorrect. Files posted to a record are shared with anyone who can access the record, not just the poster.
* **C. Users with a shared Chatter post link** ❌ Incorrect. A shared Chatter link does **not bypass record-level security**. Users still need access to the record to see the file.
---
### ✔️ Key Takeaway
**File visibility on a record always respects the record’s sharing settings.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**
---
### **Explanation**
UC is using a **Partner Community** with **multiple users per distributor**, and the Delivery object is **OWD = Private**.
Because **each distributor is assigned to specific customer accounts**, and UC wants **all users at that distributor** to access the Delivery records for the customers they own, the correct tool is:
### ✅ **Sharing Sets**
Sharing Sets allow Customer Community and Partner Community users to automatically gain access to records **based on their Account or Contact**, without having to create roles or complex rules.
If the Delivery object has a lookup to **Account** (the customer), then a Sharing Set can grant access to all Delivery records where:
* **Delivery.Account = User.Account**
This automatically gives all users under a distributor’s partner account access to those Delivery records.
---
### Why the other choices are incorrect:
#### **A. Public Groups & Sharing Rules**
Sharing rules for *external users* (community users) **do not work with Public Groups**. Public Groups are for internal users only.
#### **B. Role Hierarchy Sharing**
Partner Community users **do not get full hierarchical inheritance**, and using roles for 200 distributors would create complexity and performance issues.
---
### ✔️ Best Recommendation:
**C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Use `runAs` system method in test classes to test using different users and profiles.**
---
### **Explanation**
When using **Apex Managed Sharing**, Salesforce does **not** automatically enforce CRUD/FLS or record-level access in Apex. Because of this, architects must ensure that sharing logic is implemented correctly and that improper access cannot occur.
The **best way to mitigate risk** is to **thoroughly test sharing behaviors using different users, roles, and profiles**, which is exactly what `System.runAs()` enables.
`runAs` allows your test methods to simulate operations as different types of users, so you can validate:
* Whether sharing is applied as expected * Whether users (in this case, sales managers) receive only the intended access * That unauthorized users **cannot** see or modify shipment records
This ensures the Apex managed sharing logic behaves correctly in all scenarios.
---
### **Why not the others?**
#### **A. `with sharing` (not “isSharesble”)**
There *is* a `with sharing` keyword, but there is **no keyword called `isSharesble`** in Apex. Also, **class sharing keywords do not apply to the Apex Managed Sharing logic you write**—they only govern SOQL row visibility, not programmatic sharing.
#### **B. `isAccessible`**
`Schema.sObjectField.isAccessible()` checks **field-level security**, not **record-level sharing**. It does not prevent improper access to the records themselves.
---
### ✔️ Recommended choice:
**C. Use `runAs` system method in test classes to test using different users and profiles.**...
test - Dec 02, 2025
No.# **Correct Answer: A. Share the list views with the appropriate public group.**
### **Explanation**
When you create a list view in Salesforce, you can control its visibility by choosing who to share it with. The best practice—especially when there will be many list views and they need to be shown only to certain groups of users—is to:
➡️ **Create Public Groups** based on geography (or role, team, etc.) ➡️ **Share the list views with those public groups**
This keeps administration scalable and avoids having to manage visibility user-by-user. Queues are not meant for this purpose, and sharing with individual users does not scale well when many users need the same view.
### Why not the others?
* **B. Share with a queue** Queues are used for record ownership and routing—*not* for list-view visibility. Not appropriate here.
* **C. Share with individual users** This works but becomes unmanageable as the number of users grows. Not scalable.
### ✔️ Therefore, the best and most scalable option is:
**A. Share the list views with the appropriate public group.**...
Large-scale Role Hierarchy realignments can cause **record locking and performance issues**, especially when many users and records are involved. **Granular Locking** is an advanced Salesforce platform feature that reduces lock contention by allowing more specific, fine-grained locks instead of broad object- or table-level locks.
Salesforce Support can enable this feature to improve performance during operations like:
* Role hierarchy changes * Territory realignments * Sharing recalculations * Large data loads
### Why not the others?
* **A. Skinny Table Indexing** Used to improve query performance on large objects; unrelated to role hierarchy realignment.
* **B. Partitioning by Divisions** Helps logically segment data for reporting and searching, but does not address locking.
### Final Answer: **C. Granular Locking**
test - Nov 25, 2025
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
test - Nov 25, 2025
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
test - Nov 25, 2025
No.# **Correct Answer: C. Create a sharing set to share cases with the students.**
### Explanation
Because the students are using a **Customer Community license** (not Customer Community Plus), they cannot be granted record access using sharing rules or role hierarchy.
**Sharing Sets** are specifically designed for Customer Community users and allow access to records associated with the user’s **Account** or **Contact**.
For this requirement:
* Students should only see **Cases related to their Account**. * A **Sharing Set** can be configured to grant Case access based on the user’s AccountId matching the Case’s AccountId.
### Why not the other options?
| Option | Reason | | ------------------- | ------------------------------------------------------------------------------------------------------------------------ | | **A. Apex sharing** | ❌ Not necessary and not allowed for Customer Community users unless they are Customer Community Plus or Partner users. | | **B. Sharing rule** | ❌ Sharing rules *do not apply* to Customer Community license users. They have no roles, and sharing rules require roles. |
Thus, the optimal, Salesforce-recommended method is:
👉 **C. Create a sharing set to share cases with the students.**...
When you need to give access to a **specific, unrelated group of users** (users who are not connected by role hierarchy, territory, or other structural relationships), the correct approach in Salesforce is to:
✔ **Create a Public Group** ✔ **Use a Sharing Rule** (criteria-based or manual sharing) ✔ **Grant that group access to the records**
### Why not the other options?
| Option | Why It’s Incorrect | | --------------------- | ------------------------------------------------------------------------------------------------------------------------- | | **A. Role Hierarchy** | Only works for users related through the hierarchy (e.g., managers above subordinates). Doesn't help for unrelated users. | | **B. Sharing Sets** | Used exclusively for **Communities/Experience Cloud** users, not internal users. |
Recent Comments (The most recent comments are at the top.)
Passed examSharing-and-Visibility-Architect!
It was the demo of freecram Sharing-and-Visibility-Architect Study Guide that impressed me and I decided to opt for freecram study material.
No.# A is Correct
This fits the requirement because Salesforce account teams are designed to let you define each user’s role on an account and assign access to the account plus related opportunities and cases. Trailhead explicitly describes setting up account teams to give users access to the opportunities and cases related to the accounts they work on, and shows separate fields for Account Access, Opportunity Access, and Case Access.
https://trailhead.salesforce.com/content/learn/projects/protect-your-data-in-salesforce/set-up-account-teams
No.# Answer is B :
https://help.salesforce.com/s/articleView?id=xcloud.security_pe_apply_fle_in_lightning.htm&type=5&utm_source=chatgpt.com
A remarkable success in Exam Sharing-and-Visibility-Architect !
Exam Sharing-and-Visibility-Architect was just a piece of cake!
I used your updated Sharing-and-Visibility-Architect study materials and passed my exam easily.
Passed Salesforce Sharing-and-Visibility-Architect Today in UK. I used Sharing-and-Visibility-Architect learning materials. Be careful in the exam and good luck to you!
No.# The requirement:
**Distributors need to use the community to see *opportunities* assigned to their distributor.**
In Salesforce:
* **Customer Community** → good for high-volume external users, but **does NOT provide access to Opportunities**.
* **Customer Community Plus** → adds reports, dashboards, and sharing features, but **still does NOT include Opportunities**.
* **Partner Community** → **includes Opportunities, Leads, Campaigns, and advanced selling features**.
Even though there are many users (1 million), the *only* license type that provides **Opportunity access** for external users is:
### ✅ **C. Partner Community**
This is the correct choice because *access to Opportunities automatically requires a Partner Community license*.
No.# **Correct Answer: B. Trigger on Presenter junction object that uses Apex Managed Sharing to add or remove access to the related Presentation record.**
---
### **Explanation**
Requirements:
* **Presenters need edit access** to their Presentation records.
* **Multiple presenters per presentation** via a **junction object**.
* Presentation object is **private**, so standard sharing won’t automatically give access.
---
### **Why Apex Managed Sharing is needed**
1. **Permission Sets (Option A)**
* ❌ Incorrect. Permission sets grant **object-level permissions**, not record-level access.
* Since the Presentation object is private, giving Edit rights at the object level doesn’t let a presenter access a specific record.
2. **Sales Team (Option C)**
* ❌ Incorrect. **Sales Teams only work on Opportunity objects**, not custom objects.
3. **Trigger with Apex Managed Sharing (Option B)**
* ✅ Correct.
* When a **Presenter junction record** is created or updated:
* Trigger checks the related Presentation.
* Creates a **Presentation__Share** record granting **Edit access** to the User in the junction.
* Also handles removal when a presenter is removed.
* This gives **fine-grained, record-level edit access** dynamically.
---
### ✔️ Key Takeaway
**Apex Managed Sharing is the standard approach for granting dynamic, record-level access to users based on a many-to-many relationship (junction object) when the object is private.**...
No.# **Correct Answer: B. Trigger on Case to lookup and share to the manager of an Assigned Agent custom field (the subject of the complaint) using Apex Managed Sharing.**
---
### **Explanation**
The requirement is:
* The **agent who is the subject of the complaint** must **not see the case**.
* The **agent’s manager** should **see the case**.
* Cases are assigned to **HR**, not the agent.
Given this:
1. **Role Hierarchy or Criteria-Based Sharing Rules won’t help**:
* **A. Criteria-based sharing rule** ❌
* Criteria-based sharing rules can only share to **users, roles, or public groups**, but you **cannot dynamically share with the manager of a user referenced in a custom field**.
* The "Assigned Agent" is not the owner; the manager of that user cannot automatically get access via standard sharing rules.
* **C. Case owned by the subject** ❌
* You **cannot make the agent the owner** (they must not see it).
* Even if you remove their CRUD permissions, this is **not a standard, safe way** to manage this scenario.
2. **Apex Managed Sharing works**:
* With **Apex Managed Sharing**, you can programmatically grant access to a **specific user** (the manager of the Assigned Agent) while ensuring the agent does not get access.
* Trigger logic: On Case creation → look up the manager of the Assigned Agent → create a **CaseShare** record granting access to the manager.
This approach ensures **fine-grained, dynamic access control** that standard sharing cannot accomplish.
---
### ✔️ Key Takeaway
**Dynamic record sharing based on a related user field often requires Apex Managed Sharing, especially when the subject should not see the record but their manager should.**...
No.# **Correct Answer: C. Use Account teams and sharing rules to share cases with sales associates. No change required to the Opportunity object.**
---
### **Explanation**
Let’s break down the requirements:
1. **Sales associates need:**
* **Read access to accounts** → They don’t own the accounts.
* **Read access to related cases** → Cases are private and linked to accounts.
* **No access to opportunities (deals) unless explicitly granted** → Opportunities remain private by default.
2. **Sales managers want accountability & collaboration via roles on accounts** → Account Teams are perfect for this. Account Teams allow you to define a user’s role on an account and specify their level of access to the account and related records (like Opportunities and Cases).
---
### **How to implement:**
1. **Account Teams:**
* Use account teams to define roles on accounts for each user.
* Assign **Read access** to the account for sales associates.
2. **Case Sharing:**
* Since the org’s sharing model is **Private**, related Cases inherit the default access (Private).
* Create a **criteria-based or manual sharing rule** to grant the sales associates **Read access to cases** related to the accounts they are on.
3. **Opportunities:**
* Default Private sharing means sales associates **won’t see opportunities unless specifically shared**.
* No extra configuration is needed; access can be granted on a case-by-case basis.
---
### **Why not the other options?**
* **A. Use Account teams to define access to accounts as well as opportunities and cases**
❌ Incorrect. Account Teams **cannot grant access to Cases**. Cases require separate sharing configuration (sharing rules or Case Teams).
* **B. Use Account teams and Case teams. No configuration required for the Opportunity object**
❌ Partially correct, but Case Teams are **optional** and mainly for collaboration, not for fulfilling sharing requirements automatically. Sharing rules are simple...
No.# **Correct Answer: A. Searching for other external users.**
---
### **Explanation**
The **Site User Visibility** setting in **Sharing Settings** controls whether **external users (community users)** can see other **external users** in the community.
* **When turned off:**
* Community users **cannot search for or view other external users**.
* This is useful for privacy when distributors, partners, or customers should not see each other.
* **Internal users** are **unaffected** by this setting.
* **User profile updates** are also unaffected; users can still update their own profile.
---
### Why not the others?
* **B. Updating their user profile** ❌
Users can still edit their own profile regardless of Site User Visibility.
* **C. Searching for internal users** ❌
Internal users are visible according to normal org sharing rules; Site User Visibility only affects **external-to-external visibility**.
---
### ✔️ Key Takeaway
**Site User Visibility = controls whether external users can see/search for each other in a community.**...
No.# **Correct Answer: B. The user who posted the file and users with access to the record**
---
### **Explanation**
When a user posts a file to a **Chatter feed on a record**:
* The **file inherits the sharing settings of the record** it’s posted to.
* Since the object’s **OWD is Private**, only users who have **access to that record** can see the file.
* The user who posted it obviously always has access.
This ensures that sensitive files are **not visible to users who cannot see the record**, maintaining proper data security.
---
### Why not the others?
* **A. Only the user who posted the file**
❌ Incorrect. Files posted to a record are shared with anyone who can access the record, not just the poster.
* **C. Users with a shared Chatter post link**
❌ Incorrect. A shared Chatter link does **not bypass record-level security**. Users still need access to the record to see the file.
---
### ✔️ Key Takeaway
**File visibility on a record always respects the record’s sharing settings.**...
No.# **Correct Answer: C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**
---
### **Explanation**
UC is using a **Partner Community** with **multiple users per distributor**, and the Delivery object is **OWD = Private**.
Because **each distributor is assigned to specific customer accounts**, and UC wants **all users at that distributor** to access the Delivery records for the customers they own, the correct tool is:
### ✅ **Sharing Sets**
Sharing Sets allow Customer Community and Partner Community users to automatically gain access to records **based on their Account or Contact**, without having to create roles or complex rules.
If the Delivery object has a lookup to **Account** (the customer), then a Sharing Set can grant access to all Delivery records where:
* **Delivery.Account = User.Account**
This automatically gives all users under a distributor’s partner account access to those Delivery records.
---
### Why the other choices are incorrect:
#### **A. Public Groups & Sharing Rules**
Sharing rules for *external users* (community users) **do not work with Public Groups**.
Public Groups are for internal users only.
#### **B. Role Hierarchy Sharing**
Partner Community users **do not get full hierarchical inheritance**, and using roles for 200 distributors would create complexity and performance issues.
---
### ✔️ Best Recommendation:
**C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**...
No.# **Correct Answer: C. Use `runAs` system method in test classes to test using different users and profiles.**
---
### **Explanation**
When using **Apex Managed Sharing**, Salesforce does **not** automatically enforce CRUD/FLS or record-level access in Apex. Because of this, architects must ensure that sharing logic is implemented correctly and that improper access cannot occur.
The **best way to mitigate risk** is to **thoroughly test sharing behaviors using different users, roles, and profiles**, which is exactly what `System.runAs()` enables.
`runAs` allows your test methods to simulate operations as different types of users, so you can validate:
* Whether sharing is applied as expected
* Whether users (in this case, sales managers) receive only the intended access
* That unauthorized users **cannot** see or modify shipment records
This ensures the Apex managed sharing logic behaves correctly in all scenarios.
---
### **Why not the others?**
#### **A. `with sharing` (not “isSharesble”)**
There *is* a `with sharing` keyword, but there is **no keyword called `isSharesble`** in Apex.
Also, **class sharing keywords do not apply to the Apex Managed Sharing logic you write**—they only govern SOQL row visibility, not programmatic sharing.
#### **B. `isAccessible`**
`Schema.sObjectField.isAccessible()` checks **field-level security**, not **record-level sharing**.
It does not prevent improper access to the records themselves.
---
### ✔️ Recommended choice:
**C. Use `runAs` system method in test classes to test using different users and profiles.**...
No.# **Correct Answer: A. Share the list views with the appropriate public group.**
### **Explanation**
When you create a list view in Salesforce, you can control its visibility by choosing who to share it with. The best practice—especially when there will be many list views and they need to be shown only to certain groups of users—is to:
➡️ **Create Public Groups** based on geography (or role, team, etc.)
➡️ **Share the list views with those public groups**
This keeps administration scalable and avoids having to manage visibility user-by-user. Queues are not meant for this purpose, and sharing with individual users does not scale well when many users need the same view.
### Why not the others?
* **B. Share with a queue**
Queues are used for record ownership and routing—*not* for list-view visibility. Not appropriate here.
* **C. Share with individual users**
This works but becomes unmanageable as the number of users grows. Not scalable.
### ✔️ Therefore, the best and most scalable option is:
**A. Share the list views with the appropriate public group.**...
No.# The correct answer is:
✅ **C. Granular Locking**
### Explanation
Large-scale Role Hierarchy realignments can cause **record locking and performance issues**, especially when many users and records are involved. **Granular Locking** is an advanced Salesforce platform feature that reduces lock contention by allowing more specific, fine-grained locks instead of broad object- or table-level locks.
Salesforce Support can enable this feature to improve performance during operations like:
* Role hierarchy changes
* Territory realignments
* Sharing recalculations
* Large data loads
### Why not the others?
* **A. Skinny Table Indexing**
Used to improve query performance on large objects; unrelated to role hierarchy realignment.
* **B. Partitioning by Divisions**
Helps logically segment data for reporting and searching, but does not address locking.
### Final Answer: **C. Granular Locking**
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
No.# **Correct Answer: C. Create a sharing set to share cases with the students.**
### Explanation
Because the students are using a **Customer Community license** (not Customer Community Plus), they cannot be granted record access using sharing rules or role hierarchy.
**Sharing Sets** are specifically designed for Customer Community users and allow access to records associated with the user’s **Account** or **Contact**.
For this requirement:
* Students should only see **Cases related to their Account**.
* A **Sharing Set** can be configured to grant Case access based on the user’s AccountId matching the Case’s AccountId.
### Why not the other options?
| Option | Reason |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| **A. Apex sharing** | ❌ Not necessary and not allowed for Customer Community users unless they are Customer Community Plus or Partner users. |
| **B. Sharing rule** | ❌ Sharing rules *do not apply* to Customer Community license users. They have no roles, and sharing rules require roles. |
Thus, the optimal, Salesforce-recommended method is:
👉 **C. Create a sharing set to share cases with the students.**...
No.# **Correct Answer: C. Public Groups**
### Explanation
When you need to give access to a **specific, unrelated group of users** (users who are not connected by role hierarchy, territory, or other structural relationships), the correct approach in Salesforce is to:
✔ **Create a Public Group**
✔ **Use a Sharing Rule** (criteria-based or manual sharing)
✔ **Grant that group access to the records**
### Why not the other options?
| Option | Why It’s Incorrect |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| **A. Role Hierarchy** | Only works for users related through the hierarchy (e.g., managers above subordinates). Doesn't help for unrelated users. |
| **B. Sharing Sets** | Used exclusively for **Communities/Experience Cloud** users, not internal users. |
So the correct and standard solution is:
👉 **C. Public Groups**...