+ Start a Discussion
Amey SinghAmey Singh 

Control Access to Fields

Hi, I am trying to complete following challenge in data security module under control access to fields.
Create a profile and permission set to properly handle field access
All the sales team members have access to create, edit, and view Accounts and Contacts, but NOT delete them. Also, only select senior sales members should be able to see or edit the account Rating field. For this challenge, assume they have the same object and field permissions of the Standard User profile.
Create a Profile to handle access to the Account and Contact objects. Create a Permission Set to give selective access to the Rating field.
Create a new profile based upon the existing profile: Standard User
Profile name: Account
Give the following access to the Account object: Read, Create, and Edit
Give the following access to the Contact object: Read, Create, and Edit
Remove from profile access to account Rating field: Read Access and Edit Access
Create a new permission set
Label: Rating
API Name: Rating
License: Salesforce
Give to permission set access to account Rating field: Read Access and Edit Access
My Solution Includes

Creating a profile named accounts with salesforce license and from page layout under object permission removing delete permission and keeping the READ, CREATE and EDIT permission for the account and contact object.and I couldn't find the account rating field there.
then I created the permission set called rating and in the object setting gave the read and edit access. Still unable to complete the challenge.
Please refer my mistake
Sowjanya SarideSowjanya Saride
Hi Amey,
Did you mean you edited the object permission from PROFILE ? May be posting a snapshot of your PRofile> Object Settings>Accounts
would give us clear idea.
User-added image
Amit Chaudhary 8Amit Chaudhary 8
Please check below post for step by step screen shot
1) https://developer.salesforce.com/forums/?id=906F0000000BNzFIAW
2) https://developer.salesforce.com/forums/?id=906F0000000BUghIAG
3) https://developer.salesforce.com/forums/?id=906F0000000AzmoIAC
4) https://developer.salesforce.com/forums/?id=906F0000000BNuPIAW

To complete this challenge, you must first create a profile called "Basic Account User".
  1. In Setup, choose Manage Users > Profiles
  2. Click the New Profile button at the top
  3. You will need to clone an existing profile; from the Existing Profile drop-down, select a profile that uses the Salesforce user license ("Standard User" is one of these)
  4. Name the profile "Basic Account User" and click Save
Now set the permission for the new profile so that it only has Read access to the "Accounts" object.
  1. From the Profiles list, click the Edit button next to Basic Account User
  2. Scroll down to the Standard Object Permissions section and uncheck every box for all objects; now check only the boxes in the Read and Edit columns for the Accounts object
  3. Scroll to the top or bottom and click Save
You now have the correct user profile to complete the challenge: A profile that can only view and update Accounts. It is now possible for two users to have these permissions. You now need to create a permission set that will grant extra permissions to any users it is applied to; in this case, the permission set will allow its assigned user to see and edit the Rating field in the Account object.
  1. In Setup, choose Manage Users > Permission Sets
  2. Click the New button near the top
  3. Give the new permission set the Name "Account Rating" and hit the Tab key; ensure that the API Name is "Account_Rating"
  4. From the Permission Sets list, click your new "Account Rating" permission set
  5. In the Apps section, click Object Settings
  6. Click Accounts
  7. Click the Edit button near the top
  8. Scroll down to Rating and check both boxes to allow this permission set to grant the user Read and Edit permissions to the Rating field
  9. Scroll to the top and click Save

  1. You've now solved the two main parts of the challenge: Creating a profile that can only view and update Accounts and creating a permission set that grants specific users the additional permission of being able to see and edit the Rating field.


This was the last piece of the puzzle that allowed me to finally solve this challenge: I needed to set the field-level security on the Rating field of the Accounts object to be hidden from all users. Here's how I did it. 
  1. In Setup, choose Customize > Accounts > Fields
  2. In the Account Standard Fields box, click Rating in the Field Label column
  3. Click the Set Field-Level Security button at the top
  4. In the Basic Account User row, uncheck all boxes

Let us know if this will help you
 
David LVSDavid LVS
Whoever created this challenge is a complete %@&%@^!*@%&!!!

You have already done all the steps yet the error still come up!

Challenge Not yet complete... here's what's wrong:
The 'Account' profile did not have the appropriate object and field-level security for the Account object.
Alexander DalyAlexander Daly
Try a trailhead in Classic Salesforce and set the Object permission in permission set to Read Create and Edit too. This worked for me.
Mark Stephens 39Mark Stephens 39
Create a new permission set with the following settings:
Label: Rating
API Name: Rating
User License: Salesforce

Give the Rating permission set access to account Rating field: Read Access, Edit Access

I cannot do this, yet.  I have a permission set, I have labeled it, API naming, but I have no permission sets with a Salesforce license, and there is not object button.  Basically, I am totally stuck, and the tutorial doesn't seem to cover it. 
Valerio CanovaValerio Canova
HI Mark,
I've solved searching:
Permission Set from setup menu, 
selecting "Rating" permission set and then
Permission Set Overview > Objects Settings > Account from
in Field Permissions list I found Rating and checked Edit Access and Read Access
see screenshot attached.
Hope this can help you!
Bye.
Valerio
ValerioGive the Rating permission set access to account Rating field: Read Access, Edit Access

 
Mark Stephens 39Mark Stephens 39
Thanks.. I think I solved it sometime ago
Rucha MM 9Rucha MM 9
1. For this:  profile did not have the appropriate object and field-level security for the Account object....
Go to Permission Sets - Rating(Edit) - Object Setting - Accounts - Edit - Object Permisiions - Read,Edit checked - Field Permissions - Rating: Read,Edit checked.

2. In profiles(click profile you created -sales) check standard object permissions for accounts and contacts read,create,edit should be checked.

3. In object manager - account - fields and relations - rating - set field level security - for sales visible and read only should be unchecked.
Aruni GunapalaAruni Gunapala
  1. Permission Set from setup menu, and then select "Rating" permission set
  2. Permission Set Overview > Objects Settings > Account > in Field Permissions list go to Rating and checked Edit Access and Read Access
  3. Click Manage Assignments and select the users who you expect to need the permissions you’ve just specified (the user who has standard user profile). Click Add Assignments and Done.