Security: Scenario 1

Scenarios are free-form exercises that are designed to be practiced as if you were the system administrator responsible for an implementation.  Try to solve the scenario in your practice org (see Getting Started – Free if you do not have a practice org).  Once solved, or if you need help, turn the page for the solution.

Note: This scenario makes the assumption that you have already granted login access via a test user in your org.  See Users: Scenario 1 if you have not.


The inside sales team is currently assigned the “Standard User” profile.  The VP of sales has requested that the inside sales team no longer have the ability to export report data.

Note: Make sure that James Smith (or whichever user you will be testing with) is assigned the “Standard User” profile before beginning this scenario.

Success Criteria:

Login as a test user (e.g. James Smith from previous exercises).  Run any report.  Verify that the export report button is not present.

Scenario Solution

10 Responses to “Security: Scenario 1”

  1. fogcitynative May 16, 2017 at 1:33 am #

    Very misleading:

    “Note: Make sure that James Smith (or whichever user you will be testing with) is assigned the “Standard User” profile before beginning this scenario.”

    Because as part of the solution, we will be cloning the standard user and using the new profile.

    I realize the operative words here are “before beginning” but the implication is that the Standard Profile is the profile that must be used to complete the scenario. And it isn’t. It can’t be.

    So it doesn’t matter what profile is assigned to James Smith before beginning because we are going to clone the Standard User profile (regardless of what profile might be assigned to James Smith) and assign the newly created profile to James Smith.

    • JohnCoppedge May 16, 2017 at 2:24 pm #

      Correct- the assumption is that you’re starting with one profile (seeing what can be accomplished from the user perspective when assigned this profile) and then updating accordingly. Thanks for the feedback – I will see if I can make this more clear next update.

  2. Svi November 14, 2016 at 10:37 pm #

    Hi, I had a doubt while creating the new profile, I think only the administrator will be able to cretae the profiles right? When I tried to create a new profile from test user account, I was not allowed to do that. Could you please let me know abt that?

    • JohnCoppedge November 16, 2016 at 10:45 pm #

      Correct- you will need to create the profile from your primary account, assign it to the test user, then login as the test user to validate.

  3. Stephen Birge February 17, 2015 at 4:08 am #

    In my Free Developer’s Org, I do not have the option to click a “login” under the Action Column for another user. When I search help, it says that the feature must be enabled by SFDC and then configured under Security Controls > Login Access Policies. Now, I know I could simply log out as me and then in as them, but I thought that this feature would be enabled in the Developer’s Org. Did I miss something?

    • JohnCoppedge February 17, 2015 at 2:03 pm #

      You either need to turn on the feature globally (this sounds like the support article you read) or you need to have the user grant login access manually (per user). Once either of those is done, you should see login next to the user in setup when you are logged in as an admin.

  4. Michael Krenz December 14, 2014 at 3:49 pm #

    Hey John, you may want to change the link to this page as it is “/Security-secnario-1” (<- secnario) right now.

    • JohnCoppedge December 14, 2014 at 7:29 pm #

      Ah typo in the URL, not good. Thanks for the heads up, although I will probably leave it as is (to avoid 404s and other errors).

  5. Roger Grilo March 10, 2014 at 8:14 am #

    The beginning of the scenario states that “The inside sales team is currently assigned the “Standard User” profile”. However, on the default Practice Org that is not so; may I suggest you add a hint that we have to create the ‘Inside Sales Team’ first so that the org is correctly prepared for the exercise.

Leave a Reply