Salesforce Exam CRT101: Why Can a System Administrator View Account Records? | Universal Container

Why Can a System Administrator View Account Records?

Prev Question Next Question

Question

Universal Container company's sales VP reported that one the users can view records related to the account although he is not the owner of the record and his profile is a system administrator.

Why could this be happening in an organization that has a sharing model which is private? (Choose 2 options)

Answers

A. The owner of the account is the user manager within the role hierarchy.

B. Field level security for the fields is accessible.

C. The user has full access to the account object through his profile.

D. The user is added to the account team as a member.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A and D

Role Hierarchy opens access to all the records that are owned by all users below them in the role hierarchy.

So, a manager can have access to his team records through salesforce.

In addition to this, account members can be added to an account to be able to read or edit accounts based on the permission given to them by the record owner.

Option B is incorrect because field-level security works with the fields, not the records.

Option C is incorrect because the profile can prevent you from accessing certain objects or being able to view, edit, create or delete any record within that object.

References:

Based on the given scenario, there could be two possible reasons why the user is able to view records related to the account, even though they are not the owner of the record and the organization has a private sharing model.

The owner of the account is the user manager within the role hierarchy: If the owner of the account is the user's manager in the role hierarchy, then the user may be able to access the record based on the sharing settings defined for the account. When the manager of a user owns a record, the manager can grant access to the record to the user based on the role hierarchy settings. In this case, the sharing setting for the account could be set to "Grant Access Using Hierarchies" which would allow the user to access the record.
The user is added to the account team as a member: Another reason why the user may be able to view the account record could be that they are added to the account team as a member. The account team is a group of users who have been granted access to an account record. The account owner can add users to the account team to give them access to the record. If the user has been added to the account team as a member, they will be able to access the record even if they are not the owner of the record and the sharing model is set to private.

Field level security for the fields is accessible and the user has full access to the account object through their profile are not relevant factors that would allow the user to view the account record if they are not the owner of the record and the sharing model is set to private. Field level security determines which fields a user can see and edit within a record, while the user's profile determines their overall level of access to objects and records within the organization. However, these factors are not relevant to the specific scenario provided in the question.

Prev Question Next Question