Are you aiming to become a Salesforce Certified Sharing and Visibility Designer? This certification is a key credential for Salesforce professionals who specialize in designing secure, scalable, and efficient sharing and visibility models within the Salesforce platform. In this article, you’ll learn what this exam covers, why it matters, and how you can prepare effectively — including leveraging top resources like Exam Sage.
What Is the Salesforce Certified Sharing and Visibility Designer Exam?
The Salesforce Certified Sharing and Visibility Designer exam is designed for architects, administrators, and developers who focus on data security and record-level access in Salesforce. This exam tests your knowledge of how to design sharing strategies that align with business requirements, ensuring the right users have access to the right data at the right time without compromising security.
Passing this exam demonstrates your expertise in advanced sharing concepts such as role hierarchy, sharing rules, manual sharing, Apex managed sharing, territory management, and more.
What You Will Learn from the Exam
Preparing for this certification will deepen your understanding of Salesforce’s complex sharing architecture. Key learning outcomes include:
Designing data access models using organization-wide defaults (OWD) and sharing rules
Applying role hierarchies and manager groups for record access control
Implementing manual sharing and Apex managed sharing to meet unique business needs
Using territory management to organize and share accounts efficiently
Leveraging implicit sharing through master-detail relationships
Auditing and troubleshooting sharing settings and access issues
Understanding how profiles, permission sets, and sharing settings interact
These skills help ensure your Salesforce environment is secure yet flexible enough to support your company’s operations.
Key Topics Covered in the Exam
The exam covers a wide range of topics that reflect real-world scenarios you’ll encounter as a Sharing and Visibility Designer. These include:
Organization-Wide Defaults (OWD): Setting the baseline level of record visibility for your Salesforce objects
Role Hierarchy and Manager Groups: Structuring user access in line with company hierarchy
Sharing Rules: Both criteria-based and owner-based rules to extend access beyond the role hierarchy
Manual Sharing: Granting temporary or ad hoc access to individual users or groups
Apex Managed Sharing: Using Apex code to create complex sharing logic not achievable with declarative tools
Territory Management: Sharing account access based on territories and territories hierarchy
Implicit Sharing: Understanding automatic sharing that occurs through master-detail relationships and other parent-child links
Auditing Sharing Settings: Tracking and troubleshooting access via sharing tables and audit trails
Sharing Sets and Communities: Managing access for external users and customer portals
Access Levels: Distinguishing between read, read/write, and full access rights
Impact of “View All” and “Modify All” permissions on record visibility
How Exam Sage Can Help You Prepare
Preparing for the Salesforce Certified Sharing and Visibility Designer exam requires comprehensive study materials, practice questions, and detailed explanations. ExamSage.com is a trusted platform that offers a rich collection of updated, carefully crafted practice exams and study guides tailored to Salesforce certifications.
At Exam Sage, you can find:
Hundreds of high-quality multiple-choice questions with answers and detailed explanations
Practice tests that simulate the real exam environment
Coverage of all essential exam topics, including advanced sharing scenarios
Regular updates to reflect the latest Salesforce platform changes
User-friendly interfaces to track your progress and identify weak areas
Using Exam Sage’s resources helps you build confidence, reinforce your understanding, and improve your chances of passing the exam on your first attempt.
Final Thoughts
The Salesforce Certified Sharing and Visibility Designer certification is a powerful validation of your skills in one of Salesforce’s most critical areas: data security and sharing. By mastering the concepts tested on the exam, you not only improve your professional credibility but also contribute significantly to your organization’s data governance.
To maximize your success, invest time in understanding the exam topics, practice extensively with quality questions, and consider trusted study aids like Exam Sage. This strategic preparation will help you pass the exam and excel in your Salesforce career.
Sample Questions and Answers
1. A user in Sales wants access to a custom object record owned by a colleague in another department. What is the best way to provide access while following the principle of least privilege?
A. Modify the Role Hierarchy
B. Grant View All permission on the object
C. Create a manual share
D. Create a new profile with wider access
Answer: C. Create a manual share
Explanation: Manual sharing allows selective access to individual records without granting broad object access or changing role hierarchy.
2. What is true about implicit sharing in Salesforce?
A. It grants access based on object-level permissions.
B. It applies to all records in a private sharing model.
C. It automatically grants access to related records such as parent and child.
D. It overrides sharing rules.
Answer: C. It automatically grants access to related records such as parent and child.
Explanation: Implicit sharing provides access to related records automatically, such as granting access to child opportunities when you have access to an account.
3. Which tool is most appropriate for analyzing and troubleshooting record-level access?
A. Data Loader
B. Role Hierarchy viewer
C. Sharing Settings
D. Sharing Button / Sharing Hierarchy
Answer: D. Sharing Button / Sharing Hierarchy
Explanation: The Sharing button provides a detailed breakdown of why a user has access to a record.
4. What’s the maximum number of criteria-based sharing rules allowed per object?
A. 50
B. 25
C. 100
D. Unlimited
Answer: B. 25
Explanation: Salesforce allows up to 25 criteria-based sharing rules per object.
5. Universal Containers has set the Opportunity object to private. A sales rep cannot see their team’s opportunities. What’s the recommended solution?
A. Enable Opportunity Team Selling
B. Change OWD to Public Read Only
C. Create a criteria-based sharing rule
D. Modify the role hierarchy
Answer: A. Enable Opportunity Team Selling
Explanation: Opportunity Team Selling allows sharing records with selected users working on the same deal without exposing all records.
6. Which feature respects the role hierarchy?
A. Manual Sharing
B. Criteria-Based Sharing Rules
C. Apex Sharing
D. Organization-Wide Defaults (OWD)
Answer: A. Manual Sharing
Explanation: Manual sharing respects the role hierarchy and gives record access to specific users based on roles.
7. A user needs full access to a record regardless of the sharing model. Which permission ensures this?
A. Read All
B. Modify All
C. View All
D. Transfer Record
Answer: B. Modify All
Explanation: Modify All allows users to read, edit, delete, and transfer all records of the object, bypassing sharing rules.
8. What is the default behavior when a parent record is deleted?
A. Child records are also deleted.
B. Sharing rules are removed.
C. Manual shares are retained.
D. Record-level access is unchanged.
Answer: A. Child records are also deleted.
Explanation: In master-detail relationships, deleting the parent deletes the child records as well.
9. What should a designer use to share records dynamically in a custom way?
A. Sharing Rules
B. Apex Sharing
C. Manual Sharing
D. Role Hierarchy
Answer: B. Apex Sharing
Explanation: Apex sharing provides programmatic control for complex, dynamic sharing scenarios.
10. What happens if the user’s profile does not allow access to an object, but a sharing rule is created to grant record access?
A. The user gains full access.
B. The user can only view records.
C. The user cannot access the records.
D. The user can edit records.
Answer: C. The user cannot access the records.
Explanation: Sharing rules grant record-level access, but object-level permissions are still required to see the records.
11. How can you prevent a user from accessing a record if it’s granted by implicit sharing?
A. Revoke object permission
B. Use Apex managed sharing
C. Use a criteria-based sharing rule
D. You cannot remove implicit sharing directly
Answer: D. You cannot remove implicit sharing directly
Explanation: Implicit sharing is automatic and cannot be removed manually.
12. How is access to a child object record typically granted in a master-detail relationship?
A. Based on role hierarchy
B. Through sharing rules
C. Inherited from parent
D. Object-level permissions
Answer: C. Inherited from parent
Explanation: In master-detail relationships, the child inherits sharing from the parent record.
13. When using criteria-based sharing, which of the following is not allowed?
A. Sharing based on formula field values
B. Sharing with public groups
C. Sharing with specific roles
D. Sharing with individual users
Answer: D. Sharing with individual users
Explanation: Criteria-based sharing can only be done with roles, roles and subordinates, or public groups.
14. What is the benefit of using public groups in sharing rules?
A. They bypass OWD
B. They simplify sharing management
C. They grant Modify All permissions
D. They enable Apex sharing
Answer: B. They simplify sharing management
Explanation: Public groups allow administrators to manage access for multiple users with minimal configuration.
15. What is a key limitation of using Apex sharing?
A. It doesn’t work for custom objects
B. It does not respect the role hierarchy
C. It requires a sharing reason for standard objects
D. It cannot be used with system context
Answer: C. It requires a sharing reason for standard objects
Explanation: Apex sharing for standard objects requires predefined sharing reasons.
16. What is true about the “View All” permission?
A. It grants full access including delete
B. It grants access regardless of record ownership
C. It can override field-level security
D. It applies only to public sharing models
Answer: B. It grants access regardless of record ownership
Explanation: “View All” bypasses sharing rules but doesn’t allow edit/delete actions.
17. A private OWD is set for the Case object. How can support managers view all cases?
A. Change OWD to public read-only
B. Create a sharing rule
C. Use View All permission
D. Enable case teams
Answer: C. Use View All permission
Explanation: “View All” gives full visibility without modifying the sharing model.
18. What tool is best for mass assigning user access to multiple records?
A. Data Import Wizard
B. Apex Sharing
C. Manual Sharing
D. Salesforce Data Loader
Answer: D. Salesforce Data Loader
Explanation: Data Loader supports bulk creation of share records via insert into share objects.
19. Which object is used to store custom record-level sharing?
A. UserShare
B. ObjectShare
C. <Object>__Share
D. ShareTable
Answer: C. <Object>__Share
Explanation: Custom objects have associated __Share tables to manage record-level sharing.
20. What is the default behavior of external users in a community?
A. Full record access
B. Restricted by OWD
C. Access to internal user records
D. Same sharing as internal users
Answer: B. Restricted by OWD
Explanation: External users like community users have restricted access by default.
21. Which permission set feature respects the organization-wide default settings?
A. Modify All Data
B. View Setup and Configuration
C. Object Settings
D. System Permissions
Answer: C. Object Settings
Explanation: Object-level permissions in permission sets still respect OWD and sharing rules.
22. Which sharing method is best for assigning access based on a combination of conditions and user criteria?
A. Manual Sharing
B. Apex Sharing
C. Role Hierarchy
D. Default Sharing Settings
Answer: B. Apex Sharing
Explanation: Apex sharing allows conditional logic for record access.
23. What happens when a user is removed from a public group?
A. Access to records remains
B. Access is revoked
C. Access is converted to manual
D. Sharing rules stop working
Answer: B. Access is revoked
Explanation: Public group membership determines access. Removal revokes access granted via group-based rules.
24. How many levels of roles can exist in Salesforce?
A. 5
B. 10
C. 500
D. 1000
Answer: D. 1000
Explanation: Salesforce supports up to 1000 roles in a role hierarchy.
25. How is record access typically calculated in Salesforce?
A. At the object level
B. Dynamically at runtime
C. Every 24 hours
D. Through nightly jobs
Answer: B. Dynamically at runtime
Explanation: Salesforce evaluates record access dynamically, especially for role hierarchy and sharing rules.
26. What determines access when both role hierarchy and sharing rules apply?
A. Role hierarchy overrides all
B. Most restrictive applies
C. Most permissive access is granted
D. Sharing rules are ignored
Answer: C. Most permissive access is granted
Explanation: Salesforce grants the highest level of access among all applicable methods.
27. How can you prevent access to a record that a user owns?
A. Change OWD to Public
B. Modify Profile
C. Use a sharing rule
D. You cannot remove access from owners
Answer: D. You cannot remove access from owners
Explanation: Record owners always have access unless the object is set to controlled by parent.
28. What’s the best way to share private object records with a specific department?
A. Create a permission set
B. Use criteria-based sharing rules
C. Modify OWD
D. Add department to public group and use sharing rule
Answer: D. Add department to public group and use sharing rule
Explanation: This approach is scalable and easy to maintain.
29. How is “View All Data” different from “View All”?
A. “View All” applies to the org
B. “View All Data” is more restrictive
C. “View All Data” is an admin-level system permission
D. They are the same
Answer: C. “View All Data” is an admin-level system permission
Explanation: It allows users to view all data across all objects, regardless of sharing.
30. What is the key purpose of setting a default internal access of “Private” on an object?
A. Restrict access to only system admins
B. Ensure only record owners and explicitly shared users can access
C. Prevent guest users from accessing
D. Disable reporting on the object
Answer: B. Ensure only record owners and explicitly shared users can access
Explanation: Private OWD limits access to only the owner and those who are granted access through sharing mechanisms.
31. A user needs to access a record they do not own and no sharing rule applies. The record is not shared via the role hierarchy. What option could grant access?
A. Profile setting
B. Field-level security
C. Apex Managed Sharing
D. Record Types
Answer: C. Apex Managed Sharing
Explanation: Apex Managed Sharing allows programmatic sharing of records when declarative options do not meet the requirement.
32. How can you monitor the impact of changes to the role hierarchy on sharing recalculations?
A. Setup Audit Trail
B. Debug Logs
C. Recalculation Queue Monitoring
D. Role Impact Matrix
Answer: C. Recalculation Queue Monitoring
Explanation: When role hierarchy changes, sharing recalculation queues can be monitored to assess system impact and processing delays.
33. A record is shared via both a public group and a sharing rule. Which level of access is applied?
A. The lowest level of access
B. Role-based access
C. The most permissive level of access
D. Default sharing setting
Answer: C. The most permissive level of access
Explanation: When multiple sharing mechanisms apply, Salesforce always grants the highest possible access among them.
34. How can you prevent users from accessing related records (e.g., child objects) via implicit sharing?
A. Remove from role hierarchy
B. Use a lookup instead of master-detail relationship
C. Turn off OWD
D. Use criteria-based sharing rules
Answer: B. Use a lookup instead of master-detail relationship
Explanation: Implicit sharing only applies to parent-child relationships; using a lookup instead avoids automatic sharing inheritance.
35. What tool in Salesforce helps visualize how record access is granted across users?
A. Object Manager
B. Sharing Hierarchy
C. Profile Comparison
D. Record Type Matrix
Answer: B. Sharing Hierarchy
Explanation: Sharing Hierarchy shows how access to a record is granted (role, group, manual, etc.).
36. In a private sharing model, how do users in the same role gain access to each other’s records?
A. They don’t unless shared manually or via rules
B. Role hierarchy grants access
C. OWD grants access
D. Profiles allow mutual access
Answer: A. They don’t unless shared manually or via rules
Explanation: Users in the same role do not automatically get access to each other’s records in a private sharing model.
37. When a user is deactivated, what happens to their manual shares?
A. Manual shares are revoked
B. Shares remain active
C. Shares convert to public group shares
D. Shares are reassigned to the manager
Answer: B. Shares remain active
Explanation: Manual shares created by a user persist even if the user is deactivated, until explicitly removed.
38. What happens if a public group used in a sharing rule is deleted?
A. The rule fails silently
B. Access is revoked
C. Rule is converted to a role
D. Records remain shared indefinitely
Answer: B. Access is revoked
Explanation: When the group is deleted, the sharing rule no longer applies, and access is removed.
39. A developer wants to give access to a record through code. What must be true?
A. Record must be owned by the user
B. Object must support Apex Sharing
C. Role hierarchy must be modified
D. User must be in the owner’s role
Answer: B. Object must support Apex Sharing
Explanation: Apex sharing can only be used with objects that support sharing and have a corresponding Share object.
40. What does the “Controlled by Parent” sharing setting do?
A. Inherits access from the child object
B. Requires manual sharing
C. Inherits access from the parent object
D. Ignores role hierarchy
Answer: C. Inherits access from the parent object
Explanation: This option is used in master-detail relationships to mirror sharing behavior from the parent record.
41. You want to allow only managers to transfer ownership of leads. What permission is needed?
A. Modify All
B. Transfer Record
C. View All
D. Edit Object
Answer: B. Transfer Record
Explanation: Transfer Record permission allows a user to change record ownership.
42. What is the impact of enabling “Grant Access Using Hierarchies” on a custom object?
A. Access is limited to record owners
B. Roles gain access to subordinate records
C. Profiles are overridden
D. Public groups get access
Answer: B. Roles gain access to subordinate records
Explanation: This setting allows access to records owned by users lower in the hierarchy.
43. How can sharing recalculations be triggered?
A. Changing record type
B. Changing OWD
C. Viewing the sharing button
D. Modifying field-level security
Answer: B. Changing OWD
Explanation: OWD changes trigger recalculation of record-level access across the org.
44. Which user license is most restricted in terms of access?
A. Salesforce
B. Chatter Free
C. Partner Community
D. Customer Community
Answer: D. Customer Community
Explanation: Customer Community users have very limited access, typically read-only or scoped to specific objects.
45. What is the role of the “UserRecordAccess” object?
A. Stores user login history
B. Tracks field-level changes
C. Returns access rights of a user for a record
D. Assigns record types
Answer: C. Returns access rights of a user for a record
Explanation: This object helps determine how a specific user can interact with a record.
46. A consultant is designing a solution with millions of records and complex sharing rules. What should be considered?
A. Manual sharing for all
B. Use of external objects
C. Performance of recalculations
D. Ignore role hierarchy
Answer: C. Performance of recalculations
Explanation: Large data volumes and sharing rules can impact performance, requiring optimization and planning.
47. What should be used to restrict access to a field even if the user has record access?
A. OWD
B. Sharing rule
C. Field-Level Security
D. Manual share
Answer: C. Field-Level Security
Explanation: FLS restricts visibility and editability of specific fields regardless of record access.
48. How does Salesforce determine record access when a user has multiple roles via groups?
A. Access is calculated once per user
B. Most restrictive access is applied
C. Most permissive access is applied
D. Only the primary role is used
Answer: C. Most permissive access is applied
Explanation: Users receive the highest level of access granted by any role, group, or sharing rule.
49. A record is shared using Apex sharing but later unshared manually. What happens?
A. Apex share persists
B. Both shares are removed
C. Manual share overrides Apex
D. User loses access
Answer: A. Apex share persists
Explanation: Apex sharing is controlled separately and persists unless explicitly removed via code.
50. What is true about the “Private” organization-wide default?
A. Only record owners and above can access
B. All users can view but not edit
C. Only admins have access
D. Roles cannot override it
Answer: A. Only record owners and above can access
Explanation: A private model limits access to the owner, users above in the role hierarchy, and those explicitly shared with.
51. What is one risk of using “View All Data” in production?
A. Users can’t see related lists
B. Unintentional data exposure
C. Field-level security is overridden
D. Reports can’t be run
Answer: B. Unintentional data exposure
Explanation: This powerful permission can expose sensitive data across all objects.
52. A user needs access to cases related to accounts they own. What sharing behavior supports this?
A. Manual sharing
B. Implicit sharing
C. Sharing rules
D. Criteria sharing
Answer: B. Implicit sharing
Explanation: When a user owns an account, Salesforce implicitly shares related cases.
53. Which of the following does NOT bypass record-level sharing?
A. Modify All Data
B. View All
C. RunAs in Apex Test
D. Manual Sharing
Answer: D. Manual Sharing
Explanation: Manual sharing respects existing sharing model and does not bypass it.
54. Why would a developer use “with sharing” in an Apex class?
A. To enforce field-level security
B. To enforce organization-wide defaults and sharing rules
C. To ignore all sharing settings
D. To inherit user profile permissions
Answer: B. To enforce organization-wide defaults and sharing rules
Explanation: “With sharing” ensures that Apex respects sharing rules for the current user context.
55. What’s the best practice when defining access in a scalable enterprise org?
A. Manual sharing
B. Apex sharing only
C. Use roles, groups, and sharing rules
D. Use profiles alone
Answer: C. Use roles, groups, and sharing rules
Explanation: This structure ensures scalable, maintainable access control that aligns with business logic.
56. What happens when a user is removed from a public group that is used in a sharing rule?
A. The user retains access
B. Access is revoked immediately
C. Access persists until next login
D. Sharing rule is deleted
Answer: B. Access is revoked immediately
Explanation: As group membership determines access in sharing rules, removing a user from a group removes their access in real time.
57. What tool would best help you troubleshoot why a user can’t access a record?
A. Debug Log
B. Sharing Button
C. Schema Builder
D. Object Manager
Answer: B. Sharing Button
Explanation: The Sharing Button (available in Classic or via setup in Lightning) shows who has access and why, helping debug sharing issues.
58. A company wants only Support Managers to view escalated cases. How can this be achieved?
A. Create an Apex sharing rule
B. Use field-level security
C. Use criteria-based sharing rule
D. Use role hierarchy
Answer: C. Use criteria-based sharing rule
Explanation: You can create a rule to share only records meeting specific criteria (e.g., escalated = true) with a specific role.
59. What’s a disadvantage of using “Manual Sharing” at scale?
A. Too many API calls
B. Cannot be removed
C. Not tracked in audit logs
D. Difficult to manage and automate
Answer: D. Difficult to manage and automate
Explanation: Manual sharing is user-driven, not scalable, and can be inconsistent across the org.
60. What happens to Apex sharing records if an associated user is deleted?
A. They remain active
B. They are reassigned
C. They are automatically deleted
D. They become read-only
Answer: C. They are automatically deleted
Explanation: Apex-managed shares are programmatically maintained, so when the user or owner context is deleted, so are the shares.
61. When are recalculation jobs most likely to cause performance issues?
A. During batch jobs
B. During data imports with OWD changes
C. When record types are modified
D. When report filters are used
Answer: B. During data imports with OWD changes
Explanation: Large changes to OWD, especially combined with bulk data operations, can create large recalculation queues and affect performance.
62. What happens if “Grant Access Using Hierarchies” is disabled on a custom object?
A. Role-based sharing no longer applies
B. Sharing rules are deleted
C. Users lose access to child records
D. Public groups are disabled
Answer: A. Role-based sharing no longer applies
Explanation: If this setting is off, users higher in the role hierarchy will not inherit access to records owned by subordinates.
63. Which mechanism respects sharing rules: “without sharing” or “with sharing”?
A. Both
B. Without sharing
C. With sharing
D. Neither
Answer: C. With sharing
Explanation: “With sharing” enforces OWD, role hierarchy, and sharing rules; “without sharing” runs in system context and ignores them.
64. What is a recommended way to give read-only access to a large group of users?
A. Manual sharing
B. Sharing Rule to a Public Group
C. Apex Sharing
D. Role Hierarchy
Answer: B. Sharing Rule to a Public Group
Explanation: Sharing rules are scalable and allow granting access to many users efficiently.
65. Which object holds records used in Apex Managed Sharing?
A. ObjectName__Share
B. ObjectNameHistory
C. SharingRules
D. ApexShareTracker
Answer: A. ObjectName__Share
Explanation: Custom share objects (e.g., AccountShare) store programmatic and declarative sharing records.
66. Which of the following would best enforce record-level access without changing ownership?
A. Role hierarchy
B. Manual sharing
C. Profiles
D. Record types
Answer: B. Manual sharing
Explanation: Manual sharing provides access without needing to change ownership or rely on role-based access.
67. A community user should only see their own records. Which sharing model should be used?
A. Public Read Only
B. Public Read/Write
C. Private
D. Controlled by Parent
Answer: C. Private
Explanation: A Private model ensures the user can only see records they own or are explicitly shared.
68. Which permission grants object-level visibility but not record-level access?
A. Read
B. Modify All
C. View All
D. Edit
Answer: C. View All
Explanation: “View All” grants access to all records for an object, bypassing record-level sharing, while “Read” still enforces sharing.
69. How can you determine the sharing reason for a specific user’s record access?
A. Login History
B. User Record Sharing Report
C. Sharing Button > Access Reason
D. Apex Debug Log
Answer: C. Sharing Button > Access Reason
Explanation: The Sharing button shows who has access and under which condition or reason (e.g., owner, rule, implicit).
70. In a complex sharing model with thousands of rules, what is the risk?
A. Data loss
B. Object corruption
C. Performance degradation
D. Broken validation rules
Answer: C. Performance degradation
Explanation: Too many sharing rules increase recalculations and can reduce performance significantly in large data volume orgs.
71. When should “Territory Management” be used over standard roles?
A. For support case routing
B. For regional sales team access based on geography
C. For partner onboarding
D. For sandbox replication
Answer: B. For regional sales team access based on geography
Explanation: Enterprise-level geographic-based access control is best managed with Enterprise Territory Management.
72. Which of these is NOT a valid sharing option in Salesforce?
A. Owner-based sharing
B. Manual sharing
C. Validation Rule Sharing
D. Criteria-based sharing
Answer: C. Validation Rule Sharing
Explanation: Validation rules govern data input, not sharing.
73. You need to revoke Apex sharing access on a record. What do you do?
A. Update profile
B. Delete the Apex share record
C. Change OWD
D. Disable FLS
Answer: B. Delete the Apex share record
Explanation: Apex-managed shares can be revoked by removing the record in the corresponding __Share object.
74. What happens if “Modify All” is granted on an object?
A. Sharing rules are respected
B. All records for the object are accessible and editable
C. Only owned records are editable
D. Access is limited by role
Answer: B. All records for the object are accessible and editable
Explanation: “Modify All” bypasses sharing and grants full CRUD access to every record on the object.
75. Which automation tool supports invoking Apex for complex sharing logic?
A. Workflow
B. Process Builder
C. Flow
D. Approval Processes
Answer: C. Flow
Explanation: Flows can invoke Apex actions when built with custom logic, making it ideal for advanced sharing operations.
76. What’s the default access in a Master-Detail relationship?
A. Read-only
B. Private
C. Controlled by Parent
D. Public Read/Write
Answer: C. Controlled by Parent
Explanation: In master-detail, the child’s access is always controlled by the parent record’s access.
77. What should you consider before using “View All Data”?
A. It overrides sharing and FLS
B. It respects sharing rules
C. It only works in Classic
D. It restricts record edits
Answer: A. It overrides sharing and FLS
Explanation: This is a powerful admin-level permission and should be used with caution.
78. A user has “Read” on the object but still cannot view a record. Why?
A. Record is not shared
B. Profile is missing
C. OWD is set to Public
D. The user is inactive
Answer: A. Record is not shared
Explanation: Object-level permissions grant the ability to view records, but sharing rules and ownership grant access to specific records.
79. Which is true about Enterprise Territory Management and sharing?
A. It replaces OWD
B. It supplements the role hierarchy
C. It ignores sharing rules
D. It disables Apex sharing
Answer: B. It supplements the role hierarchy
Explanation: Territories provide a parallel sharing structure that works alongside roles and sharing rules.
80. What type of access can be granted using criteria-based sharing rules?
A. Owner-only
B. View All Data
C. Read-Only or Read/Write
D. Transfer Record
Answer: C. Read-Only or Read/Write
Explanation: Criteria-based rules allow granting read or read/write access to records that match certain conditions.
81. What is the best way to enforce object-level permissions in Apex?
A. Use “with sharing” keyword
B. Use Schema.Describe to check object access
C. Use isAccessible() method
D. Use profile settings
Answer: C. Use isAccessible() method
Explanation: isAccessible() ensures object-level security is enforced in Apex by checking whether the current user can access the object.
82. In a private sharing model, how can users access peer records?
A. Through role hierarchy
B. Through manual sharing
C. By enabling public groups
D. Using permission sets
Answer: B. Through manual sharing
Explanation: When OWD is private, users need manual sharing, sharing rules, or other mechanisms to access peer records.
83. Which of the following is true regarding implicit sharing?
A. It overrides Apex sharing
B. It can be disabled
C. It grants access to parent or child records automatically
D. It must be configured manually
Answer: C. It grants access to parent or child records automatically
Explanation: Implicit sharing allows access to related records, such as allowing account owners to view associated contacts or opportunities.
84. When creating a criteria-based sharing rule, what is a valid target?
A. Object
B. User
C. Role
D. Role and Subordinates
Answer: D. Role and Subordinates
Explanation: Criteria-based rules can target roles, public groups, territories, or roles and subordinates.
85. Which action clears the recalculation queue in Salesforce?
A. Clearing debug logs
B. Manually deleting sharing rules
C. Making no changes
D. Waiting for recalculation jobs to finish
Answer: D. Waiting for recalculation jobs to finish
Explanation: The recalculation queue is automatically processed; administrators must wait for background jobs to complete.
86. Which statement about “View All” vs. “Modify All” is true?
A. Both bypass sharing
B. “View All” respects record-level access
C. “Modify All” does not allow record deletion
D. “Modify All” respects org-wide defaults
Answer: A. Both bypass sharing
Explanation: Both “View All” and “Modify All” allow access to all records of an object, bypassing sharing rules.
87. If a user has “Modify All Data,” what is true?
A. They can only access records they own
B. Sharing rules apply
C. They bypass all sharing and FLS
D. They have full access except to attachments
Answer: C. They bypass all sharing and FLS
Explanation: “Modify All Data” is a powerful permission that overrides all sharing and field-level access control.
88. What is the primary benefit of using Apex-managed sharing?
A. Automatic recalculations
B. Better performance
C. Full control over who gets access programmatically
D. Easier reporting
Answer: C. Full control over who gets access programmatically
Explanation: Apex-managed sharing is ideal for complex business logic where declarative sharing isn’t sufficient.
89. What is required to implement an Apex sharing reason?
A. Create a custom object
B. Use the Database.SharingReason class
C. Enable “Apex Sharing Reason” on the object
D. Write a trigger
Answer: C. Enable “Apex Sharing Reason” on the object
Explanation: This feature must be enabled to add custom sharing reasons that are selectable when viewing sharing on records.
90. Which object relationship supports implicit sharing?
A. Lookup
B. Master-Detail
C. Junction
D. External Object
Answer: B. Master-Detail
Explanation: Implicit sharing typically applies in master-detail relationships, enabling parent-controlled access to child records.
91. You need to share records with users in multiple roles. What’s the best method?
A. Create a manual share for each role
B. Create multiple sharing rules
C. Use one public group that includes those roles
D. Assign a permission set
Answer: C. Use one public group that includes those roles
Explanation: Public groups improve maintainability and performance when sharing records with multiple user groups.
92. Which permission allows access to user records?
A. View All
B. View Setup and Configuration
C. Manage Users
D. Modify All Data
Answer: C. Manage Users
Explanation: This permission is required to view, create, edit, or deactivate user records.
93. When would you use “controlled by parent” sharing setting?
A. For unrelated custom objects
B. For reports
C. When the child object should mirror parent access
D. To restrict API access
Answer: C. When the child object should mirror parent access
Explanation: “Controlled by Parent” means access to the child is determined by access to the parent record.
94. In a private model, how do you give access to 2000 users?
A. Assign owner to all
B. Use criteria-based sharing to a public group
C. Use profiles
D. Change to public read-only
Answer: B. Use criteria-based sharing to a public group
Explanation: Public groups with sharing rules are ideal for scalable sharing in large orgs.
95. What happens if a user tries to access a record they don’t have access to?
A. A generic error occurs
B. They’re redirected to homepage
C. They see a “Record Not Found” message
D. The app crashes
Answer: C. They see a “Record Not Found” message
Explanation: Salesforce hides the existence of restricted records for security reasons.
96. Which tool provides a complete breakdown of user access to a record?
A. Login History
B. Sharing Button
C. Object Settings
D. Role Hierarchy Graph
Answer: B. Sharing Button
Explanation: The Sharing Button lists all users with access and how access was granted.
97. What is the maximum number of criteria-based sharing rules per object?
A. 10
B. 25
C. 50
D. 100
Answer: C. 50
Explanation: As of recent Salesforce limits, each object can support up to 50 criteria-based sharing rules.
98. How can you extend sharing rules to include partner users?
A. Assign internal licenses
B. Include them in roles
C. Use permission sets
D. Use Partner Roles or groups
Answer: D. Use Partner Roles or groups
Explanation: Partner users must be added to specific partner roles or groups to be included in sharing rules.
99. A user in a higher role cannot see a record owned by someone below them. Why?
A. OWD is public read/write
B. Grant Access Using Hierarchies is disabled
C. Apex Sharing is enabled
D. The profile is incorrect
Answer: B. Grant Access Using Hierarchies is disabled
Explanation: When disabled, users higher in the hierarchy won’t inherit access from subordinates.
100. Which sharing mechanism is automatically removed when ownership changes?
A. Manual Sharing
B. Role-based sharing
C. OWD
D. Profile settings
Answer: A. Manual Sharing
Explanation: Manual sharing is user-specific and automatically removed upon ownership change.
101. A user has access through a sharing rule and a permission set. What happens?
A. Only the sharing rule applies
B. The most restrictive applies
C. The most permissive access is granted
D. Access is denied
Answer: C. The most permissive access is granted
Explanation: Salesforce evaluates all access paths and grants the highest level of access available.
102. Can Apex sharing be used on standard objects?
A. No
B. Yes, with restrictions
C. Only via API
D. Only for system administrators
Answer: B. Yes, with restrictions
Explanation: Apex-managed sharing works with most standard and custom objects that have a __Share object.
103. What field in the __Share object determines the access level?
A. OwnerId
B. RowCause
C. AccessLevel
D. SharingReason
Answer: C. AccessLevel
Explanation: This field defines whether the access is Read or Read/Write.
104. When should “View All Data” NOT be used?
A. In sandbox
B. In production with strict data compliance
C. For system admin testing
D. For data migration
Answer: B. In production with strict data compliance
Explanation: It bypasses all sharing rules and should be avoided in environments requiring strict visibility controls.
105. Which API is best for managing Apex shares?
A. Metadata API
B. Bulk API
C. Tooling API
D. REST API
Answer: B. Bulk API
Explanation: For large data operations like mass record sharing, the Bulk API is optimized for performance.
106. What is the purpose of the RowCause field in a share object?
A. It stores the record type
B. It indicates the reason for sharing
C. It tracks the last modified user
D. It lists the object’s access level
Answer: B. It indicates the reason for sharing
Explanation: RowCause helps identify the type of sharing (manual, rule-based, Apex, etc.), aiding in debugging and management.
107. Which sharing setting is NOT applicable to a master-detail child object?
A. Private
B. Public Read Only
C. Controlled by Parent
D. Read/Write
Answer: C. Controlled by Parent
Explanation: For master-detail relationships, the child object automatically uses “Controlled by Parent.”
108. What happens if multiple sharing rules grant different access levels?
A. The lowest access is applied
B. Access is denied
C. The highest access level is granted
D. Only the first rule applies
Answer: C. The highest access level is granted
Explanation: Salesforce combines sharing rules and applies the most permissive access level.
109. A developer wants to control record access using Apex. What is required?
A. Record owner’s role
B. Read/Write field access
C. with sharing keyword
D. __Share object for the target object
Answer: D. __Share object for the target object
Explanation: The __Share object is necessary for Apex-managed sharing, enabling developers to programmatically share records.
110. What is a benefit of using public groups in sharing rules?
A. Increased security
B. Reduced maintenance overhead
C. Manual share visibility
D. Custom object accessibility
Answer: B. Reduced maintenance overhead
Explanation: Public groups reduce the number of sharing rules needed and simplify sharing management.
111. A user needs read-only access to all accounts. What is the best way?
A. Create a sharing rule for the user
B. Assign “View All” on Account
C. Add to a role with access
D. Make Account OWD public read/write
Answer: B. Assign “View All” on Account
Explanation: “View All” grants full read access across all records of the object regardless of ownership or sharing.
112. Why would “Grant Access Using Hierarchies” be unchecked?
A. To improve performance
B. To prevent managers from seeing subordinates’ data
C. To restrict profile access
D. To enable external sharing only
Answer: B. To prevent managers from seeing subordinates’ data
Explanation: This setting disables access inheritance through the role hierarchy.
113. What type of users can Apex sharing not be used for?
A. Users in roles
B. Queue members
C. External users
D. Partner users
Answer: B. Queue members
Explanation: Apex sharing cannot assign ownership or access directly to a queue.
114. Which user can revoke manual shares?
A. The admin
B. The record owner
C. The user who created the share
D. The profile with “Modify All Data”
Answer: B. The record owner
Explanation: Only the record owner or users with Modify All Data can revoke manual shares.
115. In which scenario is a sharing recalculation triggered?
A. Changing user profile
B. Updating a record field used in criteria-based sharing
C. Editing a page layout
D. Resetting login history
Answer: B. Updating a record field used in criteria-based sharing
Explanation: Any changes to fields involved in criteria-based sharing rules will queue a recalculation.
116. Why would you use a sharing set?
A. To share records with internal users
B. To override profiles
C. To grant access to external users in a community
D. To set public access to records
Answer: C. To grant access to external users in a community
Explanation: Sharing sets are used to define record access for portal and community users based on their contact or account.
117. What is the maximum number of conditions in a criteria-based sharing rule?
A. 5
B. 10
C. 25
D. 50
Answer: B. 10
Explanation: Each rule can have up to 10 conditions.
118. In a master-detail relationship, how is access to the detail record controlled?
A. By OWD
B. By sharing rule
C. By detail record owner
D. By parent record’s access
Answer: D. By parent record’s access
Explanation: Detail records inherit access from the master record automatically.
119. A user can see a record but cannot edit it. What might be the reason?
A. They own the record
B. They have “View All”
C. They have Read access only
D. Their role is above the owner
Answer: C. They have Read access only
Explanation: Sharing may grant visibility but not editing unless explicitly stated.
120. Where can you find a list of all sharing rules applied to a record?
A. Profile settings
B. Role hierarchy
C. Record Sharing Detail view
D. Field History Tracking
Answer: C. Record Sharing Detail view
Explanation: This shows all users with access and how access was granted.
121. Which sharing mechanism provides temporary access?
A. Manual sharing
B. Sharing rules
C. Apex-managed sharing
D. OWD settings
Answer: A. Manual sharing
Explanation: Manual shares are often temporary and removed on record ownership changes.
122. How are territory-based sharing rules created?
A. Using Apex
B. Through the Territory Model setup
C. With manual sharing
D. Using public groups
Answer: B. Through the Territory Model setup
Explanation: Territory management allows rules and access based on geographic or strategic segmentation.
123. Which setting affects the visibility of records in report results?
A. Role hierarchy
B. OWD
C. “View My Team’s Reports”
D. “View All Data”
Answer: D. “View All Data”
Explanation: This permission allows users to see all records regardless of sharing or ownership.
124. What is the impact of enabling external sharing models?
A. Disables manual sharing
B. Allows setting different OWDs for external users
C. Allows external users to edit internal records
D. Hides records from internal users
Answer: B. Allows setting different OWDs for external users
Explanation: External sharing models let you define stricter or more relaxed sharing rules for external users.
125. Which user type is not supported in Apex sharing?
A. Users
B. Groups
C. Queues
D. Roles
Answer: C. Queues
Explanation: Apex sharing cannot assign records to queues, only to individual users or groups.
126. In Lightning, where can you view who has access to a record?
A. Setup menu
B. Role hierarchy chart
C. Sharing button or “Sharing Hierarchy”
D. Page layout editor
Answer: C. Sharing button or “Sharing Hierarchy”
Explanation: These options provide access visibility directly from the record page.
127. What happens if a user’s access is removed via profile?
A. They retain object access
B. Record access is retained
C. Access is removed entirely
D. Apex sharing still works
Answer: C. Access is removed entirely
Explanation: Profile-level access is foundational; removing it revokes all access.
128. What is a key advantage of role hierarchies?
A. Inheritance of record ownership
B. Inheritance of access to subordinate records
C. Restriction of sharing
D. External sharing control
Answer: B. Inheritance of access to subordinate records
Explanation: Role hierarchies allow managers to access subordinates’ records.
129. You want to give access to records based on a custom logic. What’s best?
A. Manual sharing
B. Apex sharing
C. OWD change
D. Permission set
Answer: B. Apex sharing
Explanation: Apex allows fine-grained, programmable logic for custom access needs.
130. Which feature can be used to track who shared a record manually?
A. Audit Trail
B. Field history tracking
C. Sharing reason
D. Record Sharing Detail view
Answer: D. Record Sharing Detail view
Explanation: This view provides a log of all sharing entries, including manual ones.
131. A user is seeing more records than expected. What should you check?
A. Field-level security
B. Profile settings
C. Permission sets, role, and sharing rules
D. Login history
Answer: C. Permission sets, role, and sharing rules
Explanation: These determine user access and should be reviewed to identify excess visibility.
132. Sharing recalculations are triggered automatically when:
A. A user logs in
B. A trigger runs
C. A field relevant to a sharing rule changes
D. A report is run
Answer: C. A field relevant to a sharing rule changes
Explanation: Salesforce monitors changes to criteria fields and queues recalculations.
133. What is required for Apex sharing to work on a custom object?
A. Permission set
B. Sharing rule
C. A custom __Share object
D. Manual sharing
Answer: C. A custom __Share object
Explanation: Custom objects must have the __Share object enabled to support Apex sharing.
134. What occurs when you delete a user with active manual shares?
A. Shares remain indefinitely
B. Shares are reassigned
C. Shares are deleted
D. Shares are archived
Answer: C. Shares are deleted
Explanation: Manual shares linked to a deleted user are removed.
135. What is a common performance issue with excessive sharing rules?
A. Login delays
B. Report errors
C. Slow recalculation jobs
D. Loss of object access
Answer: C. Slow recalculation jobs
Explanation: Too many complex or overlapping sharing rules can cause delays in recalculations and degrade performance.
136. What is the most scalable way to provide access to records when ownership-based sharing is insufficient in a large enterprise?
A. Apex sharing using triggers
B. Manual sharing by record owner
C. Public groups with criteria-based sharing rules
D. Permission sets with record type access
Answer: A
Explanation: Apex sharing gives full control over record access and is the most flexible and scalable option when ownership- or criteria-based rules fall short, especially in complex enterprise access models.
137. Which object is used to programmatically grant access to a custom object in Apex?
A. CustomObjectAccess
B. CustomObjectShare
C. PermissionShare
D. RecordAccess
Answer: B
Explanation: Salesforce creates a CustomObject__Share object for every custom object with organization-wide defaults (OWD) set to Private or Public Read Only, allowing programmatic sharing.
138. What is a recommended solution to reduce recalculation load for sharing rules in high-churn organizations?
A. Use ownership-based rules instead of criteria-based rules
B. Increase field-level security filters
C. Disable role hierarchy
D. Use profiles with restricted record access
Answer: A
Explanation: Ownership-based sharing rules perform better than criteria-based rules because they require fewer recalculations and are less sensitive to frequent data changes.
139. A record is shared via both a public group and a sharing rule. If the sharing rule is removed, what happens to the user’s access?
A. Access is removed entirely
B. Access remains if the public group still grants access
C. Access is downgraded to read-only
D. Access is removed after a full recalculation
Answer: B
Explanation: Access is cumulative in Salesforce. If the user still has access via the public group, removing one source (the rule) does not remove access.
140. How does Salesforce define the concept of “record ownership”?
A. The user who last modified the record
B. The user with the highest permission on the record
C. The user who has full control over a record and shares it implicitly
D. Any user in the same public group
Answer: C
Explanation: The record owner is granted full access to the record and can share it with others, and their ownership impacts implicit sharing.
141. Which feature enables row-level security in Salesforce?
A. Record types
B. Profiles
C. Sharing rules
D. Role hierarchy
Answer: C
Explanation: Sharing rules enable row-level (record-level) security by granting access to individual records based on ownership or criteria.
142. Which scenario is best served by criteria-based sharing rules instead of Apex sharing?
A. Records need to be shared based on complex business logic
B. Records should be shared based on record type and amount
C. Sharing needs to be based on static field values
D. Access needs to be revoked based on login time
Answer: C
Explanation: Criteria-based sharing is most efficient when the logic is simple and based on static field values (like record status or region).
143. How does Salesforce handle record access if both manual sharing and Apex sharing grant different levels of access to the same user?
A. Only the most recent method applies
B. Manual sharing overrides Apex sharing
C. Access is the union of both methods
D. Apex sharing always overrides
Answer: C
Explanation: Access is cumulative. The user receives the highest level of access granted by any method.
144. Which of the following best explains the concept of “Group Maintenance” in Salesforce sharing architecture?
A. Regularly updating user permissions in profiles
B. Automating public group creation
C. Recalculating access when group membership changes
D. Changing OWD based on team assignments
Answer: C
Explanation: Group maintenance refers to the recalculation and propagation of access when users are added or removed from groups used in sharing rules.
145. What must be true for the UserOrGroupId in an Apex sharing record?
A. It must point to a public group only
B. It must point to a user or a group that exists and has the same role
C. It must be the record owner
D. It must be a valid User ID or Group ID
Answer: D
Explanation: The UserOrGroupId must refer to a valid user, public group, role, or queue that will receive access to the record.
146. Which tool should be used to investigate why a user has access to a specific record in a complex sharing model?
A. Debug Logs
B. Record Sharing Detail
C. Login History
D. Access Control Matrix
Answer: B
Explanation: The “Sharing Detail” section on the record’s Sharing button (if enabled) shows how a user got access—through owner, group, rule, etc.
147. What is a limitation of using Apex sharing in managed packages?
A. It cannot be used for custom objects
B. It’s only supported in Enterprise Edition
C. It must use “without sharing” keyword
D. Apex sharing cannot be deleted from packages
Answer: D
Explanation: Apex sharing logic included in managed packages is harder to customize or remove, especially in subscriber orgs.
148. Which Salesforce feature is best suited for revoking access based on data classification levels (e.g., Confidential, Public)?
A. Profile permissions
B. Apex managed sharing with custom logic
C. Public groups
D. Criteria-based sharing rules
Answer: B
Explanation: When access must dynamically adapt to data classification, Apex sharing with custom logic (e.g., via triggers) offers precise control.
149. What happens if a record is shared via Apex and then ownership changes?
A. Apex sharing is preserved
B. Apex sharing is revoked
C. Apex sharing is recalculated
D. Apex sharing and manual sharing are both removed
Answer: A
Explanation: Apex-managed sharing is maintained across ownership changes unless explicitly deleted by code. Manual sharing, however, is revoked.
150. In a high-security financial application, access must be reviewed and logged. What Salesforce feature supports audit of sharing actions?
A. Setup Audit Trail
B. Field History Tracking
C. Event Monitoring
D. Apex Debug Logs
Answer: C
Explanation: Event Monitoring can track user actions, including record access, which supports audit requirements for high-security use cases.
151. Which permission is required to grant access to records via manual sharing in Lightning Experience?
A. Modify All Data
B. Read/Write access to records
C. Full Access
D. Full sharing and “Share” button visibility
Answer: B
Explanation: Users need Read/Write access to the record and appropriate object-level permissions. The “Share” button appears only if manual sharing is enabled and supported in the Lightning UI for the object.
152. When does Salesforce recalculate implicit sharing?
A. When a user logs in
B. When record ownership or role hierarchy changes
C. Only during Apex sharing recalculation
D. Every time a record is updated
Answer: B
Explanation: Implicit sharing is recalculated when ownership changes or when the role hierarchy structure is modified, impacting access propagation.
153. Which statement best describes “Implicit Sharing” in Salesforce?
A. Sharing granted by an administrator manually
B. Sharing granted automatically to users above in the role hierarchy
C. Sharing via Apex code
D. Sharing applied through public groups
Answer: B
Explanation: Implicit sharing automatically provides access to related records (e.g., parent-child) and users higher in the role hierarchy, based on ownership.
154. What Salesforce feature allows custom access to related records not automatically shared?
A. Role hierarchy
B. Apex sharing
C. Permission sets
D. Custom junction objects
Answer: B
Explanation: Apex sharing allows developers to programmatically define access to records that are not normally shared via standard methods, such as custom relationships.
155. In an organization with complex data access needs, what is a best practice for Apex managed sharing?
A. Always insert new share records without checking for existing ones
B. Use the “without sharing” keyword on all classes
C. Build a trigger framework that manages sharing consistently
D. Avoid using criteria-based rules
Answer: C
Explanation: A centralized trigger or handler framework ensures that Apex sharing logic is consistent, maintainable, and scalable across multiple objects.
156. A user needs access to opportunities only if the associated account’s rating is “Hot.” What is the best solution?
A. Use a criteria-based sharing rule on Opportunity
B. Use Apex sharing based on Account fields
C. Use a public group and ownership-based rule
D. Give Read access to all Opportunities
Answer: B
Explanation: Because the criteria is based on a related object (Account), Apex sharing is required. Standard criteria-based rules can’t evaluate parent object fields.
157. What is the correct order of sharing evaluation in Salesforce?
A. Manual → Apex → Criteria-based → Ownership
B. OWD → Role hierarchy → Sharing rules → Manual → Apex
C. Profiles → Sharing rules → Apex
D. OWD → Profiles → Public Groups → Apex
Answer: B
Explanation: Salesforce evaluates access in a layered model: OWD, then Role hierarchy, followed by Sharing rules, then Manual sharing, and finally Apex managed sharing.
158. Why might a user lose access to a record even if Apex sharing was applied previously?
A. The record was updated
B. The user changed roles
C. The share record was deleted
D. Sharing recalculation occurred
Answer: C
Explanation: If the Apex sharing record is deleted or programmatically removed, the user will lose access unless another sharing mechanism applies.
159. Which feature ensures that sharing access is aligned with user roles and automatically updated when the role hierarchy changes?
A. Public Groups
B. Criteria-based Sharing
C. Role Hierarchy
D. Permission Sets
Answer: C
Explanation: Role hierarchy enables automatic access to subordinate users’ records and updates dynamically when role assignments or structure changes.
160. In Salesforce, when is recalculation of sharing rules triggered?
A. When OWD is set to Public Read/Write
B. When the user refreshes their dashboard
C. When the fields used in sharing criteria change
D. When a report is run
Answer: C
Explanation: Sharing rules based on criteria are recalculated when the referenced fields change, ensuring access rules remain current and valid.
161. What is the purpose of the RowCause field in a share object?
A. It defines the object that created the record
B. It logs which user accessed the record
C. It indicates the reason or source of the share (e.g., Manual, Rule, Apex)
D. It controls whether access is Read or Read/Write
Answer: C
Explanation: RowCause is a system field that specifies the reason for the share, such as Manual, Owner, Rule, or Apex. It helps distinguish types of sharing.
162. Why should large enterprises limit the number of criteria-based sharing rules?
A. They don’t support queues
B. They require real-time approval
C. They can slow down sharing recalculations
D. They are deprecated
Answer: C
Explanation: Too many criteria-based rules can significantly slow sharing rule recalculations and lead to performance issues in large datasets.
163. What happens if a developer sets “with sharing” on an Apex class that creates records via Apex sharing logic?
A. It throws an error
B. The user context respects sharing settings
C. The records are created but not shared
D. It removes all sharing logic
Answer: B
Explanation: “With sharing” enforces the current user’s sharing rules. For Apex sharing, it means the logic will run with the user’s context and existing access levels.
164. How can an admin prevent external users in a community from gaining record access via the role hierarchy?
A. Use Profiles
B. Disable sharing rules
C. Set “Grant Access Using Hierarchies” to false
D. Use record types
Answer: C
Explanation: Disabling “Grant Access Using Hierarchies” on custom objects ensures that access doesn’t propagate upward via the role hierarchy, especially useful for community users.
165. Which tool can you use to simulate and evaluate access levels for different users in your org?
A. Sharing Debug Logs
B. Record Sharing Detail
C. Salesforce Sharing Tool (Salesforce Labs)
D. Data Loader
Answer: C
Explanation: The Salesforce Sharing Tool from Salesforce Labs provides a UI to simulate access levels, helping admins test and debug complex sharing configurations.
166. What occurs if a record is shared both via Apex managed sharing and manual sharing?
A. Only manual sharing is retained
B. Apex sharing overrides manual sharing
C. The user gets the most permissive access
D. Manual sharing is disabled automatically
Answer: C
Explanation: Salesforce applies the most permissive access when multiple sharing mechanisms apply. So if Apex and manual sharing both provide access, the user gets the highest level of access granted.
167. How can you identify which records are shared via sharing rules?
A. By checking the record owner
B. By querying the ObjectShare table and filtering by RowCause = ‘Rule’
C. By using permission sets
D. By reviewing the setup audit trail
Answer: B
Explanation: You can query the share object (e.g., AccountShare) and filter on RowCause = 'Rule' to identify records shared via sharing rules.
168. Which sharing method is best for dynamic, real-time access control based on complex business logic?
A. Organization-Wide Defaults
B. Criteria-Based Sharing Rules
C. Apex Managed Sharing
D. Role Hierarchy
Answer: C
Explanation: Apex managed sharing allows for custom logic to share records programmatically, ideal for complex and real-time access requirements.
169. A sales rep must see opportunities for accounts owned by users in the same region. What is the most scalable solution?
A. Manually share each record
B. Create a region-based public group and use a sharing rule
C. Use a permission set
D. Use Apex triggers
Answer: B
Explanation: Public groups combined with sharing rules based on region fields offer a scalable and maintainable solution for regional sharing.
170. Which field is required when inserting a custom share record via Apex?
A. ShareDate
B. RecordId
C. AccessLevel
D. RowCause
Answer: D
Explanation: When inserting custom share records via Apex, RowCause must be set, typically to Manual or a custom value if defined in a package.
171. What is a key limitation of using the “View All” object permission?
A. It does not allow editing
B. It grants access only to own records
C. It bypasses all sharing rules
D. It cannot be used with custom objects
Answer: C
Explanation: “View All” bypasses sharing rules and gives visibility to all records of the object, regardless of ownership or other sharing mechanisms.
172. A record is shared via a public group and also via manual sharing. What happens if the public group sharing is removed?
A. The user retains access if manual sharing still applies
B. The record is deleted
C. All access is revoked immediately
D. Manual sharing is also removed
Answer: A
Explanation: As long as another sharing mechanism (e.g., manual) still grants access, the user retains access to the record.
173. What is the best method to give temporary access to records for an audit team?
A. Create a permission set group
B. Use criteria-based sharing rules
C. Add them to a public group and use sharing rules
D. Share records via Apex and remove access after the audit
Answer: D
Explanation: Apex sharing allows fine-grained control, including adding and removing access programmatically when the audit period ends.
174. In a Partner Community, what mechanism ensures that partners only see their own data?
A. Role Hierarchy
B. Sharing Sets
C. Permission Sets
D. Record Types
Answer: B
Explanation: Sharing Sets are designed for communities to grant access to records associated with the logged-in user’s account or contact, ensuring proper data partitioning.
175. Why should you avoid granting “Modify All Data” to standard users?
A. It increases license cost
B. It limits app functionality
C. It bypasses all sharing and security controls
D. It prevents user logins
Answer: C
Explanation: “Modify All Data” overrides all sharing and security controls across all objects, which can lead to data exposure or integrity issues if granted too broadly.
176. What happens if you delete a public group used in sharing rules?
A. Sharing rules referencing the group are automatically deleted
B. Sharing rules stop functioning until updated with a new group
C. Users lose access permanently
D. The system throws an error on save
Answer: B
Explanation: Sharing rules that reference a deleted group become inactive, and users lose access through those rules until the rule is updated.
177. How can an admin audit which users have access to a particular record?
A. Use the “View All Data” permission
B. Review the record’s Sharing button details
C. Run a SOQL query on the Share object (e.g., AccountShare)
D. Check the user’s profile settings
Answer: C
Explanation: Querying the Share object related to the record reveals which users or groups have explicit access.
178. Which Salesforce feature restricts user access when “Grant Access Using Hierarchies” is disabled?
A. Organization-Wide Defaults (OWD)
B. Sharing Rules
C. Role Hierarchy
D. Profiles
Answer: C
Explanation: Disabling “Grant Access Using Hierarchies” prevents upward sharing via roles for that object, limiting role hierarchy access.
179. What is a major consideration when creating a sharing design for large data volumes?
A. Avoid using roles
B. Minimize the number of sharing recalculations
C. Use manual sharing extensively
D. Disable all sharing rules
Answer: B
Explanation: Excessive sharing rules or manual sharing can cause frequent recalculations, impacting performance.
180. What is the difference between “View All” and “Modify All” object permissions?
A. View All allows editing, Modify All allows deletion
B. View All provides read-only access, Modify All provides full access
C. View All is for standard objects, Modify All is for custom objects
D. No difference
Answer: B
Explanation: “View All” grants read-only access to all records, whereas “Modify All” provides full read/write/delete access regardless of sharing.
181. How does Salesforce handle sharing recalculations when a user is moved in the role hierarchy?
A. Sharing recalculation only occurs for the user’s own records
B. Sharing recalculation occurs for all records impacted by the role move
C. Sharing recalculation must be triggered manually
D. No recalculation occurs
Answer: B
Explanation: Role hierarchy changes trigger recalculation of sharing for all records owned by the moved user and their subordinates.
182. Which object type supports Apex managed sharing?
A. Only custom objects
B. Only standard objects
C. Both custom and standard objects that support sharing
D. None
Answer: C
Explanation: Apex sharing is supported for custom objects and standard objects that allow manual sharing.
183. What can cause Apex sharing records to be deleted automatically?
A. Changing the sharing rules
B. Changing the owner of the record
C. Deleting the user who owns the sharing record
D. All of the above
Answer: D
Explanation: Various actions such as changing ownership or deleting related users can trigger deletion of Apex sharing records.
184. Which setting controls whether role hierarchy grants access to records?
A. “Grant Access Using Hierarchies” checkbox on the object
B. “Enable Sharing Rules” in Setup
C. “Manual Sharing” checkbox
D. Permission Set assignment
Answer: A
Explanation: The “Grant Access Using Hierarchies” checkbox enables or disables role-based access for each object.
185. Which sharing mechanism requires the most system resources and can slow performance if overused?
A. Criteria-based sharing rules
B. Manual sharing
C. Apex managed sharing
D. Role hierarchy
Answer: C
Explanation: Apex managed sharing can be complex and resource-intensive, especially when not implemented efficiently.
186. What is the purpose of “Territory Management” in Salesforce sharing?
A. To assign record access based on geographic or organizational territories
B. To replace role hierarchies completely
C. To manage user licenses
D. To automate profile permissions
Answer: A
Explanation: Territory Management allows flexible sharing based on territories instead of roles, useful for geographic or market-based access control.
187. Which standard object contains the details of who a record is shared with?
A. UserShare
B. RecordShare
C. ObjectShare (e.g., AccountShare)
D. SharingDetail
Answer: C
Explanation: Each shareable object has a related Share object (e.g., AccountShare) that stores sharing info.
188. How can you restrict access to records owned by users in specific roles?
A. Use manual sharing
B. Use role-based sharing rules
C. Use permission sets
D. Use profiles
Answer: B
Explanation: Role-based sharing rules grant access to users in specific roles or groups.
189. How can a Salesforce admin grant users access to records owned by a queue?
A. Assign the user to the queue
B. Share the record with the user manually
C. Use criteria-based sharing rules
D. Queues automatically grant access
Answer: A
Explanation: Users assigned to a queue have access to the records owned by that queue.
190. What sharing model is the most restrictive?
A. Public Read/Write
B. Private
C. Public Read Only
D. Controlled by Parent
Answer: B
Explanation: Private sharing means users only see records they own or are explicitly shared with.
191. What is the effect of the “Grant Access Using Hierarchies” setting on custom objects?
A. It controls whether roles affect sharing for that object
B. It disables sharing rules
C. It disables manual sharing
D. It removes all sharing rules
Answer: A
Explanation: It determines if role hierarchy automatically grants access to records of that custom object.
192. What must be done to enable manual sharing on a custom object?
A. Set OWD to Private or Public Read Only and enable manual sharing
B. Enable the “Grant Access Using Hierarchies” checkbox
C. Assign users to public groups
D. Create criteria-based sharing rules
Answer: A
Explanation: Manual sharing is only available when OWD is Private or Public Read Only and manual sharing is enabled.
193. What should a Sharing and Visibility Designer consider when granting access in Communities?
A. Use Apex sharing only
B. Use Sharing Sets and Sharing Groups tailored for external users
C. Use “Modify All Data” permission
D. Disable all sharing rules
Answer: B
Explanation: Sharing Sets and Sharing Groups are designed specifically for community (external) users’ sharing needs.
194. How can you automate sharing when a custom object record meets a complex business rule?
A. Use sharing rules
B. Use Apex managed sharing in triggers or batch jobs
C. Use permission sets
D. Use queues
Answer: B
Explanation: Apex sharing enables complex, programmable sharing logic beyond what sharing rules can handle.
195. How can you prevent sharing access propagation to a user’s manager?
A. Remove the user from the role hierarchy
B. Disable “Grant Access Using Hierarchies” on the object
C. Remove the user’s profile permissions
D. Use criteria-based sharing rules
Answer: B
Explanation: Disabling this option prevents access propagation via role hierarchy, blocking upward access.
196. What Salesforce feature provides visibility into who has access to which records?
A. Sharing settings page
B. Debug logs
C. Salesforce Shield Event Monitoring
D. Setup audit trail
Answer: C
Explanation: Salesforce Shield Event Monitoring can log detailed user and sharing access activity.
197. When might a Sharing and Visibility Designer use “Criteria-Based Sharing Rules”?
A. To grant access based on related object fields
B. To grant access to a public group or role based on record field values
C. To share records manually
D. To assign profiles
Answer: B
Explanation: Criteria-Based Sharing Rules grant access when a record meets specific field criteria.
198. Which type of sharing is not affected by “Grant Access Using Hierarchies”?
A. Manual sharing
B. Criteria-based sharing
C. Apex managed sharing
D. Owner-based sharing
Answer: A
Explanation: Manual sharing grants access explicitly and is not influenced by hierarchy settings.
199. How does Salesforce handle record sharing when an OWD is set to “Public Read Only”?
A. Users can edit all records
B. Users can view all records but edit only their own
C. Users cannot view records they don’t own
D. Users must be assigned via sharing rules
Answer: B
Explanation: “Public Read Only” means all users can view records, but only owners or users with explicit access can edit.
200. What is an important consideration when using Apex sharing to improve performance?
A. Avoid bulkifying Apex sharing code
B. Insert sharing records one by one in triggers
C. Bulkify sharing operations and use batch Apex if needed
D. Use synchronous calls only
Answer: C
Explanation: Bulkifying sharing operations and using batch Apex where appropriate is essential to maintain performance and avoid governor limits.
201. What happens if you try to share a record with a user who does not have access to the parent record in a master-detail relationship?
A. The sharing succeeds without issue
B. The share is ignored because child records inherit parent access
C. The system throws an error
D. The user gains access to both parent and child records
Answer: B
Explanation: In master-detail relationships, child record access is controlled by the parent; sharing the child alone has no effect if the user lacks access to the parent.
202. Which Salesforce tool allows administrators to see all the sharing access a particular user has?
A. Sharing Model Viewer
B. Permission Set Analyzer
C. Security Health Check
D. Setup Audit Trail
Answer: A
Explanation: The Sharing Model Viewer helps visualize record-level access by user or group.
203. Which of the following is true about “Controlled By Parent” sharing setting?
A. It allows the child record to have independent sharing
B. The child record’s access depends on the parent’s sharing settings
C. It disables sharing on the child record
D. It automatically shares child records with all users
Answer: B
Explanation: “Controlled By Parent” means the child record inherits the sharing and visibility of the parent record.
204. How does a public group differ from a role in Salesforce sharing?
A. Public groups cannot be used in sharing rules
B. Roles organize users by hierarchy, groups are arbitrary collections of users
C. Roles are used only for manual sharing
D. Public groups can contain roles, users, and other groups
Answer: D
Explanation: Public groups are flexible and can include users, roles, and other groups.
205. When creating a sharing rule based on criteria, what must you define?
A. The owner of the records to share
B. The criteria that records must meet
C. The specific user who should gain access
D. The profile that will receive access
Answer: B
Explanation: Criteria-based sharing rules share records that meet specific field conditions.
206. What is the maximum number of users that can be in a single public group?
A. 10,000
B. 100,000
C. 50,000
D. Unlimited
Answer: B
Explanation: Public groups can include up to 100,000 users or other groups combined.
207. How is record access determined for users assigned to multiple roles?
A. The user only gets access based on their primary role
B. Access is cumulative from all roles assigned
C. Users cannot have multiple roles
D. Access is based on the role with the highest hierarchy
Answer: C
Explanation: A user can have only one role in Salesforce, so no multiple role assignments exist.
208. How do permission sets complement profiles in sharing and visibility?
A. Permission sets override sharing rules
B. Permission sets add additional object permissions beyond the profile
C. Permission sets control record ownership
D. Permission sets replace role hierarchies
Answer: B
Explanation: Permission sets grant extra permissions to users without changing their profile.
209. What happens when “Grant Access Using Hierarchies” is disabled for an object?
A. Sharing rules stop working for that object
B. Role hierarchy does not grant access for that object
C. Manual sharing is disabled for that object
D. Users lose access to their own records
Answer: B
Explanation: Disabling “Grant Access Using Hierarchies” stops role hierarchy from granting access, but other sharing mechanisms still function.
210. What Salesforce sharing feature allows record owners to grant additional users access on a per-record basis?
A. Sharing rules
B. Manual sharing
C. Role hierarchy
D. Profiles
Answer: B
Explanation: Manual sharing lets record owners share individual records directly.
211. How can you restrict access to certain fields on records in Salesforce?
A. By configuring field-level security on profiles or permission sets
B. By using sharing rules
C. By assigning roles
D. By changing OWD settings
Answer: A
Explanation: Field-level security controls field visibility independent of record sharing.
212. What is the impact of setting Organization-Wide Defaults (OWD) to “Public Read/Write/Transfer”?
A. All users can view, edit, and transfer records
B. Only owners can edit records
C. Records are completely private
D. Only users in the same role can access records
Answer: A
Explanation: This OWD setting allows all users full access, including transfer rights, to records.
213. What does the Salesforce “View All Data” permission do?
A. Allows a user to view all records across all objects regardless of sharing
B. Allows a user to modify all data
C. Limits access to owned records only
D. Is used only for standard objects
Answer: A
Explanation: “View All Data” lets a user see every record irrespective of sharing.
214. When should a Sharing and Visibility Designer use Apex managed sharing?
A. For simple sharing requirements
B. When sharing logic requires complex or dynamic criteria not possible with standard sharing rules
C. To assign user permissions
D. To change profiles
Answer: B
Explanation: Apex managed sharing is suited for complex, programmatic sharing scenarios.
215. What is the maximum number of sharing rules you can create per object?
A. 100
B. 300
C. 200
D. 500
Answer: B
Explanation: Salesforce allows up to 300 sharing rules per object.
216. Which object type supports the “Manual Sharing” button on records?
A. Only custom objects with OWD set to Private or Public Read Only
B. All standard and custom objects
C. Only standard objects
D. Objects with Controlled By Parent sharing
Answer: A
Explanation: Manual sharing is available for custom objects with restrictive OWD settings.
217. How can you share records with users outside the role hierarchy?
A. Use role hierarchy only
B. Use sharing rules or manual sharing to grant access
C. Assign them to the same role
D. Change their profiles
Answer: B
Explanation: Sharing rules and manual sharing grant access beyond the role hierarchy.
218. How do territory roles differ from roles in the standard role hierarchy?
A. Territory roles apply only to accounts
B. Territory roles can be assigned to multiple users across hierarchies
C. Territory roles replace profiles
D. Territory roles are only for external users
Answer: B
Explanation: Territory roles allow multiple users and cross-hierarchy assignments.
219. What happens to sharing when a record owner changes?
A. Sharing recalculations occur for the new owner’s roles and groups
B. Sharing remains unchanged
C. Manual shares are deleted
D. Apex sharing records are deleted
Answer: A
Explanation: Ownership change triggers sharing recalculation based on the new owner’s access.
220. Which of the following tools is helpful in troubleshooting sharing issues?
A. Apex Debug Logs
B. Sharing Button on records
C. Salesforce Shield
D. Workflow Rules
Answer: B
Explanation: The Sharing Button shows detailed record access info.
221. What is the key advantage of using “Criteria-Based Sharing Rules”?
A. They automatically share records with all users
B. They allow sharing based on record field values without coding
C. They replace manual sharing
D. They assign users to roles
Answer: B
Explanation: Criteria-based rules share records meeting specified conditions.
222. What does the “Role Hierarchy” control in Salesforce sharing?
A. Profile permissions
B. Automatic upward sharing of records owned by users lower in the hierarchy
C. Field-level security
D. Organization-wide defaults
Answer: B
Explanation: Role hierarchy grants record access upward in the hierarchy.
223. How can you restrict access to records shared via a sharing rule?
A. Delete the sharing rule
B. Remove “Grant Access Using Hierarchies”
C. Change OWD to Private
D. Adjust the sharing rule criteria or target groups
Answer: D
Explanation: Modify sharing rule criteria or target groups to restrict sharing scope.
224. What is the relationship between queues and sharing?
A. Queues are user roles
B. Queues own records and users assigned to them get access
C. Queues control profile permissions
D. Queues replace public groups
Answer: B
Explanation: Queues own records; users assigned to queues gain access to those records.
225. How can you grant access to external users (Community users) in Salesforce?
A. Using sharing sets, sharing groups, and community-specific sharing settings
B. Assigning profiles only
C. Using manual sharing only
D. Using role hierarchy
Answer: A
Explanation: External sharing uses community sharing sets/groups suited to external user access needs.
226. How does the “Share” object function in Salesforce?
A. It stores manual and automated sharing records related to a specific object
B. It defines profiles
C. It controls OWD settings
D. It manages roles
Answer: A
Explanation: The Share object tracks all share records for an object.
227. What should a designer consider to reduce sharing recalculation overhead?
A. Use as many sharing rules as possible
B. Minimize the number of sharing rules and optimize sharing design
C. Use manual sharing only
D. Assign all users to the same role
Answer: B
Explanation: Keeping sharing rules minimal helps reduce system load and recalculations.
228. What is the purpose of the “Grant Access Using Hierarchies” checkbox?
A. To disable field-level security
B. To control if roles grant record access automatically
C. To enable manual sharing
D. To assign profiles
Answer: B
Explanation: This setting controls if role hierarchy applies to the object’s sharing.
229. Can users in different roles at the same hierarchy level access each other’s records by default?
A. Yes
B. No
Answer: B
Explanation: Role hierarchy only grants access upwards, not laterally between peers.
230. What is the best practice for sharing sensitive records?
A. Set OWD to Public Read/Write
B. Set OWD to Private and use sharing rules or manual sharing for exceptions
C. Grant “View All Data” permission to all users
D. Use Profiles only
Answer: B
Explanation: Private OWD with selective sharing provides the best control over sensitive data.
231. How does Salesforce handle sharing recalculations when a user’s role changes?
A. All shares owned by the user are deleted
B. Sharing recalculations are triggered for records owned or shared by the user
C. No changes occur automatically
D. Only manual shares are updated
Answer: B
Explanation: Role changes trigger sharing recalculations to reflect new access via the hierarchy.
232. What is the difference between “View All” and “Modify All” object permissions?
A. “View All” allows viewing records, “Modify All” allows editing all records regardless of sharing
B. They are synonyms
C. “View All” applies to profiles, “Modify All” applies to permission sets only
D. “Modify All” limits access
Answer: A
Explanation: “View All” grants read access to all records; “Modify All” grants read/write access.
233. What happens when you add a user to a public group that is part of a sharing rule?
A. The user immediately gains access to records shared by that rule
B. The user must be assigned a role first
C. The sharing rule is disabled
D. No change in access occurs
Answer: A
Explanation: Public groups are dynamic; adding users grants them the access of the sharing rules tied to the group.
234. When would you use a criteria-based sharing rule over an owner-based sharing rule?
A. To share records owned by a specific user
B. To share records based on specific field values regardless of ownership
C. To override role hierarchy
D. To change OWD settings
Answer: B
Explanation: Criteria-based rules share records meeting certain field conditions, not based on owner.
235. Which Salesforce feature allows sharing rules to be applied automatically for external users?
A. Sharing Sets
B. Role Hierarchy
C. Profiles
D. Permission Sets
Answer: A
Explanation: Sharing Sets extend record access to community users based on criteria.
236. What effect does “Private” OWD have on record access?
A. Only record owners and users above them in the role hierarchy have access
B. Everyone can view all records
C. Sharing rules do not work
D. All records are locked
Answer: A
Explanation: Private OWD restricts access to owners and users with explicit sharing or higher roles.
237. How can you limit a user’s ability to see a record owned by a user in the same role?
A. Use field-level security
B. Use sharing rules
C. Set OWD to Private and no sharing rules grant access
D. Remove the user’s profile
Answer: C
Explanation: Private OWD restricts access to record owners only, preventing same-role users from seeing each other’s records.
238. What is the maximum number of records that can be manually shared in Salesforce?
A. 10,000 per day
B. 50,000 per object
C. No hard limit, but system limits apply
D. 1,000 per user
Answer: C
Explanation: Manual sharing has no fixed limit but is subject to Salesforce governor limits.
239. Which tool helps you monitor who has access to a specific record in Salesforce?
A. Sharing Button on the record page
B. Role Hierarchy Viewer
C. Field Accessibility Viewer
D. Sharing Settings page
Answer: A
Explanation: The Sharing Button displays detailed access for a record.
240. What happens if a user loses access to a parent record in a master-detail relationship?
A. They still can access the child record
B. They lose access to the child record automatically
C. Access to the child record is unchanged
D. Sharing rules apply only to the child record
Answer: B
Explanation: Child records inherit access from the parent in master-detail relationships.
241. How can you use Apex Managed Sharing to share a record?
A. By inserting a record into the object’s Share table via Apex code
B. By creating a sharing rule
C. By changing the role hierarchy
D. By changing the OWD
Answer: A
Explanation: Apex Managed Sharing inserts share records programmatically into the Share object.
242. What is the purpose of the “Manage External Sharing” permission?
A. To allow users to create sharing rules for external users
B. To assign roles
C. To view all internal data
D. To manage field-level security
Answer: A
Explanation: This permission allows managing sharing rules for external users (communities).
243. What is a limitation of sharing rules in Salesforce?
A. They can only grant read-only access
B. They cannot reduce access; they only grant additional access
C. They only work for custom objects
D. They replace profiles
Answer: B
Explanation: Sharing rules grant access but cannot restrict or reduce access.
244. What type of sharing rule would you use to share all records owned by a specific role with a public group?
A. Owner-based sharing rule
B. Criteria-based sharing rule
C. Manual sharing
D. Apex sharing
Answer: A
Explanation: Owner-based sharing rules share records owned by users in a role or group.
245. How does Salesforce handle sharing when a record owner is transferred to a queue?
A. The record becomes accessible to all queue members
B. Sharing is disabled
C. Only the previous owner can see it
D. Role hierarchy applies to queue members
Answer: A
Explanation: Queue members gain access to records owned by the queue.
246. Which Salesforce license type typically cannot be assigned a role in the role hierarchy?
A. Salesforce Platform user
B. Chatter Free user
C. Standard user
D. Community user
Answer: B
Explanation: Chatter Free users cannot be assigned roles.
247. What happens if you disable “Grant Access Using Hierarchies” for the Account object?
A. Users higher in the role hierarchy do not get access to records owned by subordinates
B. Sharing rules are disabled
C. Manual sharing is disabled
D. Field-level security is disabled
Answer: A
Explanation: Disabling this removes role hierarchy sharing for that object.
248. How does a “Private” sharing model affect report visibility?
A. Users can only see records in reports they have access to
B. Reports show all data regardless of sharing
C. Reports are disabled
D. Users can see all records in reports
Answer: A
Explanation: Report data respects sharing and OWD.
249. What is the purpose of the “Apex Sharing Reasons” feature?
A. To provide context for programmatic sharing entries
B. To create sharing rules
C. To assign profiles
D. To set OWD
Answer: A
Explanation: Apex Sharing Reasons label programmatic shares for clarity and management.
250. Can sharing rules grant access to users in a higher role in the hierarchy?
A. Yes
B. No
Answer: A
Explanation: Sharing rules can grant access to any users, regardless of role.
251. What is the recommended approach to managing sharing for a large number of records to optimize performance?
A. Use many sharing rules and manual shares
B. Use criteria-based sharing rules carefully and limit manual sharing
C. Disable sharing rules
D. Use role hierarchy exclusively
Answer: B
Explanation: Criteria-based rules are more scalable; excessive manual sharing degrades performance.
252. What kind of sharing is automatically removed when the related record is deleted?
A. Manual shares
B. Apex shares
C. Sharing rules
D. Role hierarchy sharing
Answer: A
Explanation: Manual shares tied to records are deleted when the record is deleted.
253. What permission do users need to see the “Sharing” button on a record detail page?
A. “View All” on the object
B. “Modify All” on the object
C. “Read” access to the record
D. “View Setup and Configuration”
Answer: A
Explanation: Users with “View All” can see the Sharing button.
254. How can you audit sharing changes in Salesforce?
A. Use Setup Audit Trail
B. Check Field History Tracking
C. Use Reports on Share objects
D. Use Salesforce Shield only
Answer: A
Explanation: Setup Audit Trail logs sharing and security configuration changes.
255. Which Salesforce feature allows record owners to delegate sharing management?
A. Manual sharing
B. Sharing Groups
C. Sharing Sets
D. Delegated Administration
Answer: D
Explanation: Delegated admins can manage users and sharing within specified boundaries.
256. How are sharing recalculations performed in Salesforce?
A. Real-time whenever ownership or sharing changes occur
B. Once a day only
C. Weekly only
D. Manually by an admin
Answer: A
Explanation: Sharing recalculations happen in near real-time when changes occur.
257. Which of these statements about Territory Management sharing is true?
A. Territory Management shares override role hierarchy
B. Territory Management shares only apply to accounts and related records
C. Territory Management cannot be used with sharing rules
D. Territory Management applies only to custom objects
Answer: B
Explanation: Territory Management is focused on account access and related records.
258. What is a “super user” license in Salesforce Communities?
A. A license that allows a community user to access all records within their territory
B. A license that allows users to manage other users
C. A license for internal Salesforce users only
D. A license that limits sharing
Answer: A
Explanation: Super users have broader access, often in partner or customer communities.
259. How can “Access Levels” be defined in Salesforce sharing?
A. By setting Read, Read/Write, or Full Access on shared records
B. By changing profiles only
C. By changing roles only
D. By setting OWD only
Answer: A
Explanation: Sharing defines access levels per record (e.g., read or read/write).
260. How can you ensure that a new custom object is not visible to all users by default?
A. Set OWD for the object to Private
B. Assign users to the same role
C. Disable “Grant Access Using Hierarchies”
D. Use profiles only
Answer: A
Explanation: Private OWD restricts default access; sharing can be granted later.
261. What happens to sharing access when a record is transferred from one owner to another?
A. Existing manual shares remain intact
B. Sharing recalculations are triggered for the new owner
C. Role hierarchy sharing is disabled temporarily
D. The old owner keeps access permanently
Answer: B
Explanation: Ownership changes cause sharing recalculations to update access rights accordingly.
262. How does Salesforce ensure secure sharing in a multi-tenant environment?
A. Through role hierarchy and sharing rules only
B. By isolating data via OWD, sharing rules, and user permissions
C. By allowing open access by default
D. By using external databases
Answer: B
Explanation: Multiple layers (OWD, sharing rules, profiles) ensure tenant data isolation.
263. Which object stores programmatic sharing records created via Apex?
A. ObjectName__Share
B. ObjectName__History
C. ObjectName__c
D. Share_ObjectName
Answer: A
Explanation: Apex sharing inserts records into the object’s Share table (e.g., AccountShare).
264. How can you grant record access to users outside the role hierarchy?
A. Only by changing OWD
B. Using sharing rules or manual shares
C. By assigning roles to those users
D. It’s not possible
Answer: B
Explanation: Sharing rules and manual sharing allow access beyond the hierarchy.
265. What feature allows external community users to gain record access based on profiles?
A. Sharing Sets
B. Manual Sharing
C. Role Hierarchy
D. Territory Management
Answer: A
Explanation: Sharing Sets enable access for external users based on profile criteria.
266. How do “View All Data” and “Modify All Data” differ from “View All” and “Modify All” on objects?
A. They provide access across all objects and records in the org
B. They only work for system admins
C. They provide field-level access
D. They are deprecated
Answer: A
Explanation: “View/Modify All Data” are org-wide permissions, not object-specific.
267. When would you use manual sharing?
A. To grant access to a single record temporarily or for specific users
B. To define broad access across roles
C. To override OWD globally
D. To create sharing rules
Answer: A
Explanation: Manual sharing is ideal for specific record-level exceptions.
268. Which of the following is NOT a valid sharing access level?
A. Read
B. Write
C. Read/Write
D. Full Access
Answer: B
Explanation: Salesforce uses Read or Read/Write, not “Write” alone.
269. How does “Grant Access Using Hierarchies” affect custom objects?
A. It is enabled by default and cannot be disabled
B. It can be disabled per custom object to restrict hierarchical sharing
C. It is irrelevant for custom objects
D. It overrides all sharing rules
Answer: B
Explanation: You can disable hierarchy sharing for custom objects if needed.
270. What happens when a user’s role is deleted in the hierarchy?
A. Users are assigned to the parent role automatically
B. Users are assigned to no role, potentially losing access
C. Users keep their original access indefinitely
D. Role hierarchy recalculates sharing immediately
Answer: B
Explanation: Removing roles without reassigning users can cause access issues.
271. What is the primary difference between “public read-only” and “public read/write” sharing models?
A. Read-only users can edit records
B. Read/write users can view records only
C. Read/write users can edit records; read-only can only view
D. They are identical
Answer: C
Explanation: Public read/write allows editing by everyone; read-only restricts edits.
272. Can a sharing rule reduce access granted by OWD?
A. Yes
B. No
Answer: B
Explanation: Sharing rules only add access; they cannot restrict it.
273. What tool can be used to simulate record access for a specific user?
A. Login As feature
B. Sharing button
C. Security Health Check
D. Setup Audit Trail
Answer: A
Explanation: “Login As” allows admins to see Salesforce as another user.
274. Which sharing type is available for cases in Salesforce?
A. Manual, criteria-based, and owner-based sharing rules
B. Territory-based sharing only
C. No sharing available
D. Manual only
Answer: A
Explanation: Cases support manual, criteria-based, and owner-based sharing.
275. How does Salesforce handle sharing recalculations for large data volumes?
A. Uses batch sharing recalculations asynchronously
B. Recalculates synchronously for all records
C. Does not recalculate sharing automatically
D. Requires manual recalculation
Answer: A
Explanation: Sharing recalculations happen in batches asynchronously to optimize performance.
276. What is a key consideration when designing a sharing model for a global enterprise?
A. Use only manual sharing for control
B. Balance role hierarchy depth and breadth to optimize performance and usability
C. Assign all users the system admin profile
D. Disable sharing rules
Answer: B
Explanation: Deep or broad role hierarchies can cause performance issues.
277. What is the effect of adding a user to multiple roles in Salesforce?
A. A user can only have one role; multiple role assignment is not allowed
B. The user gains cumulative access from all roles
C. The user only keeps the highest role
D. Salesforce merges roles automatically
Answer: A
Explanation: Each user can have only one role assigned.
278. Which objects support “Grant Access Using Hierarchies”?
A. Standard and custom objects by default
B. Only custom objects
C. Only standard objects
D. Only objects with master-detail relationships
Answer: A
Explanation: Both standard and custom objects support hierarchy sharing unless disabled.
279. What is the function of the “Sharing Rule Evaluation” process?
A. Determines which records to share based on criteria or ownership
B. Assigns profiles to users
C. Creates new roles
D. Deletes sharing rules
Answer: A
Explanation: It evaluates sharing rules to grant access appropriately.
280. How can you restrict external users from accessing internal records?
A. By configuring OWD to private and limiting sharing rules to external users
B. By assigning external users to the same roles as internal users
C. By disabling profiles
D. By creating manual shares for external users
Answer: A
Explanation: OWD and sharing rules control external user access.
281. What is the difference between a “Role” and a “Profile”?
A. Role controls record-level access; profile controls object- and field-level access
B. Role controls field-level access; profile controls record-level access
C. They are the same
D. Role controls login hours; profile controls data visibility
Answer: A
Explanation: Roles define data visibility via sharing; profiles control object/field permissions.
282. How do “Territory Management” and “Role Hierarchy” interact?
A. Territory sharing supplements role-based sharing and can be combined
B. Territory sharing replaces role hierarchy
C. They are mutually exclusive
D. Territory management only applies to external users
Answer: A
Explanation: Territory sharing adds an additional layer alongside roles.
283. What is the impact of “Manual Sharing” on performance?
A. Can degrade performance if overused due to many share records
B. Has no impact
C. Improves performance by caching shares
D. Automatically deletes old shares
Answer: A
Explanation: Excessive manual shares create large share tables affecting performance.
284. What type of access do partner users have by default in Salesforce Communities?
A. Access based on sharing sets and roles assigned in the partner community
B. Full system admin access
C. No access to records
D. Access to all records automatically
Answer: A
Explanation: Partner users get access through sharing sets and roles.
285. How do public groups differ from queues?
A. Public groups are collections of users for sharing; queues are for record ownership and assignment
B. They are the same
C. Queues cannot have users assigned
D. Public groups own records
Answer: A
Explanation: Public groups are for sharing purposes; queues hold ownership for assignment.
286. What happens to sharing when a record is deleted?
A. All associated shares are removed automatically
B. Shares remain but are inactive
C. Shares transfer to new owner
D. Sharing rules reapply
Answer: A
Explanation: Deleting a record deletes its share records.
287. Which Salesforce feature allows sharing across multiple unrelated users efficiently?
A. Public Groups
B. Role Hierarchy
C. Profiles
D. Permission Sets
Answer: A
Explanation: Public Groups allow sharing with multiple users or roles.
288. How does “Grant Access Using Hierarchies” affect data visibility for standard objects?
A. It is always enabled and cannot be disabled
B. It can be disabled for some standard objects
C. It restricts access by default
D. It applies only to custom objects
Answer: A
Explanation: For standard objects, hierarchy sharing is always enabled.
289. How can you delegate record sharing management to non-admin users?
A. Use delegated administration with appropriate permissions
B. Assign system admin profile
C. Provide API access only
D. It’s not possible
Answer: A
Explanation: Delegated admins can manage sharing and users within limits.
290. What is a key benefit of using criteria-based sharing rules?
A. Flexibility in sharing records based on field values rather than ownership
B. They override profiles
C. They reduce system performance
D. They eliminate need for roles
Answer: A
Explanation: Criteria-based rules allow granular access based on record data.
291. When should you use Apex Managed Sharing over declarative sharing rules?
A. When sharing logic requires complex business rules or dynamic conditions
B. When you want to assign roles to users
C. When OWD is set to public read/write
D. To grant field-level security
Answer: A
Explanation: Apex Managed Sharing allows for programmatic, fine-grained sharing logic beyond declarative limits.
292. What is the difference between “Criteria-based Sharing Rules” and “Owner-based Sharing Rules”?
A. Criteria-based share records based on field values; owner-based share based on record owner’s role or group
B. They are the same
C. Owner-based rules only apply to contacts
D. Criteria-based only work for custom objects
Answer: A
Explanation: Criteria-based sharing evaluates record fields; owner-based sharing depends on the record owner.
293. How can you audit record sharing changes?
A. By reviewing the Sharing tables and setup audit trail
B. Through field history tracking
C. By monitoring profiles
D. By checking login history
Answer: A
Explanation: Sharing tables and audit trail help track sharing modifications.
294. What impact does setting OWD to “Private” have on record access?
A. Only owners and explicitly shared users can access records
B. All users can see all records
C. Access is based only on profiles
D. It disables sharing rules
Answer: A
Explanation: Private OWD restricts access to owners and those granted explicit access.
295. Which statement best describes the role of the “Manager Groups” in sharing?
A. Manager Groups grant sharing access up the management chain beyond the role hierarchy
B. They replace roles in the hierarchy
C. They are deprecated
D. They are the same as public groups
Answer: A
Explanation: Manager groups provide sharing to managers above in the chain.
296. How do “Grant Access Using Hierarchies” and “Territory Management” interact in account sharing?
A. Territory sharing can grant additional access independent of role hierarchy
B. Territory Management disables role hierarchy sharing
C. Territory Management applies only to contacts
D. They cannot be used together
Answer: A
Explanation: Territory management is additive to role hierarchy sharing.
297. How can you limit record visibility to only certain users without roles?
A. Use criteria-based sharing rules or manual sharing with public groups
B. Change the profile settings
C. Set the OWD to public read/write
D. Remove users from the org
Answer: A
Explanation: Sharing rules and manual sharing can grant access to users without role assignments.
298. How does Salesforce handle sharing recalculations when you change OWD from public to private?
A. It recalculates sharing and removes implicit access as necessary
B. It keeps all access the same
C. It disables all sharing rules temporarily
D. Sharing recalculation is manual only
Answer: A
Explanation: Changing OWD triggers sharing recalculation to tighten access accordingly.
299. What’s the purpose of the “Access Level” field in the share object (e.g., AccountShare)?
A. To define the type of access (Read, Read/Write, etc.) granted to a user or group
B. To set profile permissions
C. To assign roles
D. To disable sharing
Answer: A
Explanation: Access Level specifies what kind of record access is granted.
300. Which is NOT a way to grant access to a record in Salesforce?
A. Profiles
B. Sharing Rules
C. Manual Sharing
D. Role Hierarchy
Answer: A
Explanation: Profiles control object and field permissions, not record-level sharing.
301. How does Salesforce handle record access for users with “View All” permission on an object?
A. They can view all records regardless of sharing rules
B. They can edit all records regardless of sharing
C. They only see records they own
D. It depends on OWD
Answer: A
Explanation: “View All” allows read access to all records on the object.
302. Can sharing rules grant access to territories?
A. Yes, territories can be targeted in sharing rules
B. No, territories are independent
C. Only roles can be shared with
D. Territories are deprecated
Answer: A
Explanation: Sharing rules can target territories for record access.
303. What is the function of the “Share” button on a record detail page?
A. Allows manual sharing of the record with specific users or groups
B. Sends the record via email
C. Publishes the record externally
D. Creates a public group
Answer: A
Explanation: The Share button enables manual sharing.
304. When is a “Grant Access Using Hierarchies” setting most likely disabled on a custom object?
A. When you want to limit sharing strictly to manual shares and sharing rules
B. When using external sharing models
C. When OWD is public read/write
D. When the object has no sharing
Answer: A
Explanation: Disabling hierarchy sharing tightens access control.
305. Which Salesforce feature allows sharing rules to be applied based on the related parent record’s ownership or criteria?
A. Parent Account Sharing
B. Role Hierarchy
C. Sharing Sets
D. Apex Sharing
Answer: A
Explanation: Parent Account Sharing can grant access based on parent record properties.
306. How do “Permission Sets” affect record visibility?
A. They do not affect record-level sharing, only object and field permissions
B. They grant record access
C. They override sharing rules
D. They remove user access
Answer: A
Explanation: Permission sets control permissions, not sharing.
307. What is the effect of using “Territory Hierarchy” in sharing?
A. Allows sharing records across related territories
B. Disables role hierarchy sharing
C. Grants all users admin access
D. Only applies to contacts
Answer: A
Explanation: Territory hierarchy sharing expands access within territory groups.
308. What is the recommended way to share records with a large number of users?
A. Use public groups in sharing rules
B. Create manual shares for each user
C. Assign system admin profiles
D. Use queues only
Answer: A
Explanation: Public groups simplify sharing with many users efficiently.
309. How can you automate sharing access on record creation?
A. Use criteria-based sharing rules or Apex sharing triggers
B. Assign manual shares after creation
C. Change OWD to public read/write
D. Use profiles only
Answer: A
Explanation: Sharing rules or Apex triggers automate access at record creation.
310. What does “Implicit Sharing” mean in Salesforce?
A. Automatic access granted due to relationships, like parent-child in master-detail
B. Manual sharing only
C. Role hierarchy sharing only
D. Sharing rules only
Answer: A
Explanation: Implicit sharing provides automatic access based on record relationships.
311. How do you grant record access to a user in a different role but the same public group?
A. Create a sharing rule targeting the public group
B. Change user roles
C. Modify the profile
D. Assign a queue
Answer: A
Explanation: Sharing rules can grant access to public groups irrespective of roles.
312. Which Salesforce object holds sharing data for the Case object?
A. CaseShare
B. CaseHistory
C. CaseRecord
D. CaseOwnership
Answer: A
Explanation: The CaseShare object stores sharing entries for cases.
313. How can you revoke manual sharing access?
A. By deleting the corresponding share record
B. Changing OWD to public
C. Changing the user’s profile
D. Assigning a different role
Answer: A
Explanation: Removing the manual share record revokes access.
314. What is the best practice to maintain performance with many sharing rules?
A. Minimize the number of sharing rules and groups
B. Create sharing rules for every user
C. Use manual shares only
D. Disable sharing hierarchy
Answer: A
Explanation: Excessive sharing rules can degrade system performance.
315. What is the effect of “View All” on object permissions?
A. Allows read access to all records in the object, ignoring sharing rules
B. Allows editing all records
C. Restricts access to owned records only
D. Disables manual sharing
Answer: A
Explanation: “View All” grants read-only access to all records regardless of sharing.
316. How do “Sharing Sets” benefit community users?
A. Grant record access based on user profiles or roles in external communities
B. They give full access to all data
C. They replace sharing rules
D. They are deprecated
Answer: A
Explanation: Sharing sets provide external users access tailored by profile.
317. Which is NOT a valid way to grant access in Salesforce?
A. Record Types
B. Sharing Rules
C. Manual Sharing
D. Role Hierarchy
Answer: A
Explanation: Record Types define UI and picklist values, not sharing.
318. How do you test if a user has access to a particular record?
A. Use the “Login As” feature or the Sharing button
B. Check the user’s profile
C. Review field-level security only
D. View Setup Audit Trail
Answer: A
Explanation: “Login As” allows simulating user access; Sharing button shows share details.
319. What happens if you delete a public group?
A. Sharing rules referencing the group become invalid
B. Records owned by the group are deleted
C. All users lose access permanently
D. The role hierarchy changes
Answer: A
Explanation: Sharing rules tied to that group no longer work until updated.
320. How does Salesforce handle sharing in a master-detail relationship?
A. The detail record inherits sharing from the master automatically
B. Sharing rules are needed for detail records
C. Detail records have independent sharing
D. Manual shares must be added
Answer: A
Explanation: Sharing is inherited by default in master-detail relationships.
