function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Andrew EversleyAndrew Eversley 

Controlling Access to Objects Challenge - Trailhead - Need Some Help!

Hello everyone, I've been working on this challenge in the Date Security portion of Trailhead for some time but need some help (See below)

The challenge requires a profile to be created with the following traits:
    Name: Account Reviewer
    Salesforce license type
    Only read access to Account object. (And no access to any other object in the Org)

Understand that I did read the indepth reading before hand and I created a read-only clone profile in the Accounts profile list but am stuck as how to proceed from there. Challenge error states: Challenge not yet complete ... here's what's wrong: The 'Account Reviewer' profile does not work as expected. Please Advise.
Best Answer chosen by Andrew Eversley
Andrew EversleyAndrew Eversley
I figured it out, I had to go into the Account Reviewer profile and drill down into the object permissions and individually uncheck all of the options that had permissions and make them "No Access" it was tedious but it did the trick. It was a bit frustrating but I learned a great lesson, so it was well worth it lol

All Answers

William TranWilliam Tran
I have never done trailhead, but if I read you question right, 

All you need to do is go to the "Account Reviewer" profile and uncheck everything for every object except "read" for the account object.


User-added image
Andrew EversleyAndrew Eversley
Thanks William, but the issue I'm having is that I'm not sure what profile to clone for this example. Secondly, the screenshot you shared in the post, where is that located and how do I access it. As you can see I'm a little lost here on this challenge. Please Advise anyone.
Andrew EversleyAndrew Eversley
I figured it out, I had to go into the Account Reviewer profile and drill down into the object permissions and individually uncheck all of the options that had permissions and make them "No Access" it was tedious but it did the trick. It was a bit frustrating but I learned a great lesson, so it was well worth it lol
This was selected as the best answer
Andrew EversleyAndrew Eversley
William TranWilliam Tran
Andrew, great job, on to the next challenge :-)

Be sure to mark best answer to indicate that this issue is resolved.

Ryan WatlingtonRyan Watlington

I finally found out whats going on. I was having the same issue. I am new to and the trailhead shows you to turn on the Advanced user profile interface. The view shown by William is the "unadvanced" view or the old view. If you turn off the advanced user profile interface it will let you do this easily, and will look like what William has linked in the screenshot.

Hope this helps!


Thanks Ryan!!
Bonnie SingsonBonnie Singson
I'm still getting the error message Account Viewer profile cannot be found, but I have give all the objects No Access except Account object with Read Only.
I think this should solve your problem:
1. Click New Profile
2. Choose Standard user from the 'Existing Profile' drop down list
3. Put profile name as 'Account Reviewer' and click save
4.Click Edit and scroll down 'Standard Object Permission
5. Uncheck all the boxes except for 'Read' against Accounts. Click Save. 

Hope this works for you..Screenshot belowUser-added image
Hi All,
I have removed all read access from All objects. Except I am not able to do for Contacts.When Account is given a read access, Contacts is automatically getting read access, and if i remove the access from contacts, the access is automatically lost from Accounts as well. Finally the 'The Account Reviewer Profile does not work as expected error is thrown'. Any idea how to solve this?
Do you have Person Acounts enabled? If so, Salesforce has acknowledged an issue with this challenge if that's the case, since with Person accounts enabled, Contacts under Org-Wide Defaults are set to "Controlled by Parent" and can't be changed, which therefore means when you create a profile with Read access to the Accounts object, you must also give Read access to the Contacts object. And if you take away Read access from Contacts, as you say, access is automatically lost from Accounts.

Here's the response/workaround from Salesforce:

"Once Person Accounts is activated, it cannot be deactivated. Please try to do this challenge in a new Dev Org.
To login into trail head you can use your old org only but for activity(code and config) related changes you can use new org. In such a way all point will add in your old profile only."
Thank you Maman, it worked. Cheers
Dzemo SukuricaDzemo Sukurica


thnx it worked fine, 
Rich WingerterRich Wingerter
This was a very confusing challenge because (1) I was not able to find a way to make a new profile, only to clone an existing one, and (2) the "enhanced" interface would make it extremely time-consuming to deny access to all the objects except one. So, I turned on the Enable Enhanced Profile User Interface interface to create the profile (which I cloned from the "Read Only" profile), and then turned it off. Then I went to the Standard Objects Permissions block that William Tran suggested and unchecked all except Account (in both columns of objects). This worked, but I still don't know why clicking the New Profile button on the Profiles page doesn't give me a clean, new profile with nothing set.
David WheatleyDavid Wheatley
I had the same problem as Rich. I had to clone a "Read-only" profile, couldn't make a new one. And I found the 'enhanced' user interface to be very user-unfriendly, so I turned it off. This trailhead module/challenge needs an update.
Andy AdkinsAndy Adkins
Aditya's solution works, but like Rich and David suggest, you have to turn off the Enhanced Profile User interface to see that list of objects.   Weird that you can't have a quick, granular object control in the "enhanced" view without editing each object...?
Mustafa GuldoganMustafa Guldogan
can't agree more. this is not a very smart challange but time consuming.
Thomas HThomas H
This is a bit confusing for sure. I created a new profile named Account Reviewer. I de-selected ALL the permission check boxes - yes everyone single one ... EXCEPT the one for READ access on the Account object.

See the screen capture above        - it works !

However - I am a bit fuzzy on why I didn't need to assign the profile to a User ?   Thoughts ?

Mariah ColbyMariah Colby
Aditya, Thank you!!! That worked for me! I was stuck on that challenge for a while.
Steve MontgomerySteve Montgomery
I am following Aditya's instructions but still having an issue as there is no "Edit" option for #4, just "Edit Properties" which only gives me access to the Name and Description Field.  I tried drilling down into "Object Settings" and no way to modify.  Was going to attach screenshots showing the steps but exceed the 1MB limit after one. You can also see that I did a search on "Edit" and it was only found in one place (Edit Properties).

User-added image

Steve MontgomerySteve Montgomery
I unchecked "Enable Enhanced Profile User Interface" and it worked.  Is this a bug?
Harrison BadeHarrison Bade
Thank you Rich for the work around! I believe this is a bug, as it instructs you to enable the enhanced user profile interface, but does not allow you to perform the functions with it enabled. This Trailhead should be flagged as this is very confusing, and does not do a good job at educating the student. 
Gopal yadav (ASY)Gopal yadav (ASY)
not to worry .. just go to profile section from quick find and click on NEW option .. there choose read only from existing profile and give the name cleaner. in edit section just open object permissions and here u file find all three option from dropdown menu as account, leads, contacts. just go in that sections and just check the boxes right of the options of read and edit.. cool ... u have complete ur task
Richard Webb 2Richard Webb 2
Wowee, thanks for this feedback. I followed all this advise and completed the challenge, before discovering the "Read Only" profile is on page 2. If you are new Trailhead user like me, you may not notice that there are two pages of profiles because the text is so small. Hope this helps. 
Divya KannayagariDivya Kannayagari
It very simple.... I cleared the Challenge...Try This
quick find --> profile--->search for profile name Read Only----->select clone beside Read Only Profile---->give the profile name you want to
- click the object permission
-  and below click the object which you want to edit
- next click edit 
- and make changes what you want in object pemission and save 

Thank You.
Ryan Johnson 108Ryan Johnson 108

I turned on the Enhanced Profile User Interface as it instructed. The Read Only profile was found on the second page of profiles. Took me a minute to locate it. Easy to clone that. Then when you need to add Edit to the Object's, you'll have to select "Object Settings" under Apps and go into each one individually. Contacts / Accounts / Leads Hit edit in each one and then just check the box next to Edit and save. Worked pretty good after I played iSpy in the profiles segment.

Cheers Y'all Goodluck.

deep kaurdeep kaur
Hi i am new to saleforce.I face following problem in Data Security :Control access to objects challenge
The 'Cleaner' profile does not have read only permission for all other standard objects besides account, contact and lead.
deep kaurdeep kaur
I did all the steps that Divya said but my profile view is different

deep kaur ,
it  means that we have to give read-only permissions for all the other srandard objects except Account, Contact, and Lead objects. Yep its tedious and they don;t tell you that.  I just did it and I got my 500 points.
Pulkit Malhotra 6Pulkit Malhotra 6
Inside "Object Settings", please ensure only three objects(Accounts,Contacts and Leads) should be having read,edit access, you can change others if they have edit access to complete this challenge
deep kaurdeep kaur
Hi Guys,
Thank you for your help & Support . I completed this challenge  in October
shivashankar dasshivashankar das
first u have to select read only profile from profiles  after that  click on edit on which you profile created recently namely  cleaner then scroll down and select object permissions then select the check box for read and edit option only for account contact and lead then remove permisions for remaing objects what u enables then it works .