Apex Code Development You need to sign in to do that
Don't have an account?
Stuck on Security Specialist Superbadge step 2
Hey All,
First time posting here, I look forward to what I can learn from the community. I am a mostly self taught Admin so I suspect my issue stems from some of the common knoweldge gaps that newer self taught types can have. I've read post after post and watched countless videos and can't figure out the small little thing that is hanging me up on this. I also see that this doesn't seem to have spell check so all you grammer hounds please grant me mercy.
First, since language changes on these modules I'll post the step for future readers and then the error I'm getting.
---
2)
Set record-level security settings
Configure other Salesforce settings related to record-level security to meet the business requirements.
Create a user, Samantha Cordero, and assign her the Field Sales User profile and the Field Sales role
Create an opportunity owned by Samantha with the stage name 'Needs Analysis'
Create a Closed Won opportunity owned by Samantha, with the type of 'Existing Customer - Upgrade'
---
The error on the apex test thing I get: "Assertion Failed: Field Sales users should not be able to read Opportunities owned by someone else. However, the test returned records not owned by the user. #sadtrombone: Expected: 1, Actual: 3"
So here are the few things I've drilled into and checked, I honestly can't think of anything else that I'm missing. Other parts of this could be messed up but as far as relation to the error thrown I just can't find it.
1) Issue with the Profile, "Field Sales User". I don't think this is it due to the error throwing a lower case "user" which makes me think it's an issue with roles. Also this doesn't really have much to do with viewing rights beyond basic allowance so.. eh. Honestly I'm not even sure the best way to approach Profiles vs Roles, but again, noob here. In this profile I have the Opportunity object checked for everything except "delete" as the trail ask.
2) Roles. Now here is where we get to the good stuff. I've checked the hierchy and have tried to mark that lowly field reps are not worthy of viewing other's opportunities (humor y'all). For your consideration here are shots of the hierchy and the field where I marked them as unworthy.
---
3) Sharing Settings. This is the last area I know of to deal with this error. I have set Opportunities to private. This, in combination with the other rules really baffles me as to why field reps can still creep on other opportunities. For visual confirmation:
Any help or hints would be much appreciated on this. In the event I make it out to Dreamforce and the lucky person that helps me out the most does I will gladly buy you a beer or coffee or heck even both!
Cheers.
First time posting here, I look forward to what I can learn from the community. I am a mostly self taught Admin so I suspect my issue stems from some of the common knoweldge gaps that newer self taught types can have. I've read post after post and watched countless videos and can't figure out the small little thing that is hanging me up on this. I also see that this doesn't seem to have spell check so all you grammer hounds please grant me mercy.
First, since language changes on these modules I'll post the step for future readers and then the error I'm getting.
---
2)
Set record-level security settings
Configure other Salesforce settings related to record-level security to meet the business requirements.
Create a user, Samantha Cordero, and assign her the Field Sales User profile and the Field Sales role
Create an opportunity owned by Samantha with the stage name 'Needs Analysis'
Create a Closed Won opportunity owned by Samantha, with the type of 'Existing Customer - Upgrade'
---
The error on the apex test thing I get: "Assertion Failed: Field Sales users should not be able to read Opportunities owned by someone else. However, the test returned records not owned by the user. #sadtrombone: Expected: 1, Actual: 3"
So here are the few things I've drilled into and checked, I honestly can't think of anything else that I'm missing. Other parts of this could be messed up but as far as relation to the error thrown I just can't find it.
1) Issue with the Profile, "Field Sales User". I don't think this is it due to the error throwing a lower case "user" which makes me think it's an issue with roles. Also this doesn't really have much to do with viewing rights beyond basic allowance so.. eh. Honestly I'm not even sure the best way to approach Profiles vs Roles, but again, noob here. In this profile I have the Opportunity object checked for everything except "delete" as the trail ask.
2) Roles. Now here is where we get to the good stuff. I've checked the hierchy and have tried to mark that lowly field reps are not worthy of viewing other's opportunities (humor y'all). For your consideration here are shots of the hierchy and the field where I marked them as unworthy.
---
3) Sharing Settings. This is the last area I know of to deal with this error. I have set Opportunities to private. This, in combination with the other rules really baffles me as to why field reps can still creep on other opportunities. For visual confirmation:
Any help or hints would be much appreciated on this. In the event I make it out to Dreamforce and the lucky person that helps me out the most does I will gladly buy you a beer or coffee or heck even both!
Cheers.
Thank you for your response. To my knowledge the only sharing settings I've tweaked were oppurtunities to private - I have not created any sharing rules beyond what I put above. Also, as the badge recomended I started this all in a brand new dev org. As a side note, I haven't created the project manager yet which may be where I went wrong and what could be messing with the apex test?
Fyi to check this I went to "Sharing Settings" and browsed through the page; no object has configured rules showing.
Some of my buddies thought my hierachy might be wrong however I do have field sales set to report to the executive so I don't think that is what - even though inside sales is below on the graph that doesn't actually denote being "under" as both roles are set to report to the executive (right?).
I was able to clear this stage with the following steps (and, I am sure most of these steps you all are following):
1. OWD settings for Opportunity object is 'Private'
2. Created public group as 'Project Managers' for Project Manager related requirements.
3. Setup Profiles and Roles for Field Sales User, Inside Sales User, and Sales Executive User
4. Created one criteria based sharing rules for Opportunity:
Criteria: (Opportunity: TypeEQUALSExisting Customer - Upgrade) AND (Opportunity: StageEQUALSClosed Won)
Shared with: Group: Project Managers
Access level: Read Only
5. Then, created another sharing rule for Opportunity (this one I created only after unsuccessful run of the test cases). This sharing rule is owner based, with the following details:
Criteria: Owner in All Internal Users (you may also use Sales Executive role as the criteria instead of All internal users)
Shared with: Role: Inside Sales
Access level: Read/Write
Hope this helps.
Motto of the story, even with OWD set to private, roles, and the sharing settings for opps/cases within roles, can open the sharing up even with no sharing rules.
Same situation with me ( Tests are passing for me but trailhead is still not validating, followed the exact steps listed above ) so just emailed Trailhead support. Let's see what happens ?
(Opportunity: TypeEQUALSExisting Customer - Upgrade) AND (Opportunity: StageEQUALSClosed Won)Group: Project Managers Read Only.
Hope this helps you .
Thank you,
Regards,
Tawseef
I am only able to pass 1/2 of the apex test. Here is the error i recieve:
System.AssertException: Assertion Failed: Inside Sales users should be able to read all Opportunities but the test did not find all records. #sadtrombone: Expected: 3, Actual: 2
Any advice?
Getting this Error, Have been pulling my brains past 13 hours..
Pleaase help me out
@Nidhi Soni @Kelly Thorsgard 14
I had the same issue. Turns out my sharing rule was not incorrect. The error message was misleading. I accidentally left one of the Opportunities in my name. Check to see if one of the other requirements was off. Good luck!
This is the error I am getting, can anyone please help me out in this.
mt apex test also failed
--> Go to sharing rules
-->select Opportunity Sharing rules
-->Create two sharing rules as shown save them and proceed to run apex tests.
[Remember rule label can be anything]
**Create a public group named "Project Managers" before creating sharing rules..
Rule1-->rule type (Based on criteria)
Opportunity type equals Existing customer upgrade and opportunity stage equals closed won.
share with:public group-->>Project Managers
opportunity access:read only
Rule 2--> rule type(Based on record owner)
Owned by members of:Owners in all internal users(it can be sales executive as well)
Share with:role-->Inside sales
Opportunity access:read/write
After creating sharing rules go to :"Apex test Execution" and click on select tests and click 'run'
@sai Kiran, followed as above you mention, sone where its works till apex test, but finally am facing the same error.
thought i am missing some thing else
This is the error I am getting..
my sharing rules
could you please help me on this.
May I suggest you please follow the below steps to complete challenge 2 of the security specialist super badge.
1. Navigate to "Sharing Settings"
2. Edit "Organization-Wide Defaults" and set "Opportunity" to private in the drop-down menu and save.
3. Scroll down to "Opportunity Sharing Rules" and click "new"
Rule1.
1. Label can be anything you like
2. Rule type = "based on criteria"
3. Field = Type, Operator = Equals, Value = Existing Customer - Upgrade (the last one will be in the lookup using the icon right next to it)
- the second field will be: Field = Stage, Operator = Equals, Value = Closed Won (also use the lookup icon)
***Make sure you created a public group called "Project Managers" prior to this step if you haven't already***
4. "Share with" should be "Public Groups" in the first drop-down, and "Project Managers" for the second drop down.
5. Opportunity access should be set to "read-only"
Rule 2.
1. Label can be anything you like
2. Rule type = "Based on Record Owner"
3. Opportunity: owned by members of = Roles and Subordinates, and choose Sales Executives for the second drop-down menu
4. Share with: Roles, and choose Inside Sales Users for the second drop-down menu
5. Opportunity access should be set to "Read/Write"
Save both of these rules.
Type "Apex" into your quick search and choose Apex Test Execution
- Click Select Tests
- Choose "All namespaces" from the drop-down menu
- Choose "BeAwesome" and click run.
Your results should be 2/2.
Now navigate to the app launcher, and launch the "Sales" tab, and click on "Opportunities"
1. Click New
2. Name the opportunity anything you want
3. Choose Stage "Needs Analysis"
4. The close date should be picked as a value in the future.
5. click save
6. Create another "New" opportunity and name it anything you'd like again
7. For type, select "Existing Customer - Upgrade"
8. Set the date as whatever today's date is
9. Set the stage to "Closed Won"
10. Save
Now we need to make these opportunities owned by your user "Samantha Cordero"
1. Open the first opportunity you created, and click on the details tab
2. Under "Opportunity Owner" select "Change Owner" and change it to Samantha Cordero
3. Repeat steps 1-2 on the second opportunity.
***You might run into a bug where it doesn't allow you change the ownership to Samantha Cordero***
if this happens, you need to edit the "Field Users Profile" you created by going into it's "Object Settings" and setting the Read/Create/Edit configuration outlined in the Super badges Field Sales User Outline.
It's very important that you set up the previous opportunities, or the error will still throw.
Once the opportunities are created and you have configured everything else, the error will be gone.
TADA! You just passed step 2!!
If you have any more questions, feel free to ask
Kindly mark this as solved if it's resolved so that it gets removed from the unanswered queue which results in helping others who are encountering a similar issue.
Thanks
Siva
Challenge Not yet complete... here's what's wrong:
We couldn't find the Sharing Rule that shares Opportunities owned by Field Sales users with Inside Sales users. Please check if the setup of this Sharing Rule is correct.
Could somebody help on this please?
The challenge is passed now. Not sure what is wrong.
6. Create another "New" opportunity and name it anything you'd like again
7. For type, select "Existing Customer - Upgrade"
8. Set the date as whatever today's date is
9. Set the stage to "Closed Won"
10. Save
after
Challenge Not yet complete... here's what's wrong:
The unit tests in the managed package have not passed successfully. Make sure you run all test in your org before checking this section. Ensure that they all pass.
Below screenshot of one of the test class failing.. not sure what is being missed
Does the Project Managers group need to have any roles or subordanats added to it?
Challenge Not yet complete... here's what's wrong:
We couldn't find the Sharing Rule that shares Opportunities owned by Field Sales users with Inside Sales users. Please check if the setup of this Sharing Rule is correct.
I have created sharing rules for opportunity and i'm able to pass 2 Apex tests.
Rule1.
Field = Type, Operator = Equals, Value = Existing Customer - Upgrade
Field = Stage, Operator = Equals, Value = Closed Won
"Share with" "Project Managers"
Opportunity access "read-only"
Rule2
Opportunity: owned by members of = Roles and Subordinates, and Sales Executives
Share with: Roles, and choose Inside Sales Users
Opportunity access "Read/Write"
I doubt I have some issues with the Roles I created. I have Following setting for Roles please let me know if these are correct.
Inside sales
This role reports to- Sales Executive
Sharing Groups- Role, Role and Subordinates
Opportunity Access- Users in this role cannot access opportunities that they do not own that are associated with accounts that they do own
Field Sales
This role reports to- Sales Executive
Sharing Groups- Role, Role and Subordinates
Opportunity Access- Users in this role can view all opportunities associated with accounts that they own, regardless of who owns the opportunities
Please Help.
May I suggest you please follow the below steps to complete challenge 2 of the security specialist super badge.
1. Navigate to "Sharing Settings"
2. Edit "Organization-Wide Defaults" and set "Opportunity" to private in the drop-down menu and save.
3. Scroll down to "Opportunity Sharing Rules" and click "new"
Rule1.
1. Label can be anything you like
2. Rule type = "based on criteria"
3. Field = Type, Operator = Equals, Value = Existing Customer - Upgrade (the last one will be in the lookup using the icon right next to it)
- the second field will be: Field = Stage, Operator = Equals, Value = Closed Won (also use the lookup icon)
***Make sure you created a public group called "Project Managers" prior to this step if you haven't already***
4. "Share with" should be "Public Groups" in the first drop-down, and "Project Managers" for the second drop down.
5. Opportunity access should be set to "read-only"
Rule 2.
1. Label can be anything you like
2. Rule type = "Based on Record Owner"
3. Opportunity: owned by members of = Roles and Subordinates, and choose Sales Executives for the second drop-down menu
4. Share with: Roles, and choose Inside Sales Users for the second drop-down menu
5. Opportunity access should be set to "Read/Write"
Save both of these rules.
Type "Apex" into your quick search and choose Apex Test Execution
- Click Select Tests
- Choose "All namespaces" from the drop-down menu
- Choose "BeAwesome" and click run.
Your results should be 2/2.
Now navigate to the app launcher, and launch the "Sales" tab, and click on "Opportunities"
1. Click New
2. Name the opportunity anything you want
3. Choose Stage "Needs Analysis"
4. The close date should be picked as a value in the future.
5. click save
6. Create another "New" opportunity and name it anything you'd like again
7. For type, select "Existing Customer - Upgrade"
8. Set the date as whatever today's date is
9. Set the stage to "Closed Won"
10. Save
Now we need to make these opportunities owned by your user "Samantha Cordero"
1. Open the first opportunity you created, and click on the details tab
2. Under "Opportunity Owner" select "Change Owner" and change it to Samantha Cordero
3. Repeat steps 1-2 on the second opportunity.
***You might run into a bug where it doesn't allow you change the ownership to Samantha Cordero***
if this happens, you need to edit the "Field Users Profile" you created by going into it's "Object Settings" and setting the Read/Create/Edit configuration outlined in the Super badges Field Sales User Outline.
It's very important that you set up the previous opportunities, or the error will still throw.
Once the opportunities are created and you have configured everything else, the error will be gone.
TADA! You just passed step 2!!
If you have any more questions, feel free to ask
Kindly mark this as solved if it's resolved so that it gets removed from the unanswered queue which results in helping others who are encountering a similar issue.
Thanks
Siva
I have completed this Security Specialist superbadge Step 2. Please follow below instructions.
1. OWD settings for Opportunity object should be 'Private'.
2. Create a public group named 'Project Managers' for Project Manager related requirements.
3. Setup Profiles and Roles for Field Sales User, Inside Sales User, and Sales Executive User
4. Follow below role hierarchy with opportunity access as-
For Inside Sales User and Sales Executive User role choose option 3 for opportunity access and Option 1 for Field Sales User role.
5. Create sharing Rule as shown below-
a. Created one criteria based sharing rules for Opportunity:
Criteria: (Opportunity: StageEQUALSClosed Won) AND (Opportunity: TypeEQUALSExisting Customer - Upgrade)
Shared with: Group: Project Managers
Access level: Read Only
b. Create another sharing rule for Opportunity owner based, with the following details:
Opportunity owned by members of: Sales Executive role
Shared with: Role: Inside Sales
Access level: Read/Write
c.Create another sharing rule for Opportunity owner based, with the following details:
Opportunity owned by members of: Field Sales Role
Shared with: Role: Inside Sales
Access level: Read/Write
6. Run the Test class and once it is pass then you can submit your challenge.
Hope this works. @Jordan, Please mark my Answer as best answer if it solves your problem.
Thanks & Regards,
Siddhant Arya
Hello
Siddhant Arya.
Still can't pass the chellange.
Error message:
"We couldn't find the Sharing Rule that shares Opportunities owned by Field Sales users with Inside Sales users. Please check if the setup of this Sharing Rule is correct."
I have got questions:
Step 2:
"Create a public group named 'Project Managers' for Project Manager related requirements."
Who are the members of your Project Managers group?
Step 4:
Why in your role hierarchy Field Sales reports to Inside sales ?
Thanks
Tigran.
If you have followed all the step above ideally it should pass, as for the error you are getting i have created a sharing rule as mentioned in 5(c) and also placed Field Sales role below Inside Sales role in hierarchy so that they will be able to view records owned by Field Sales. Also follow these changes mentioned above.
For Inside Sales User and Sales Executive User role choose option 3 for opportunity access and Option 1 for Field Sales User role.
=> I have only created a Project Manager group and have not added any member.
=> I have placed Inside Sales above Field Sales in hierarchy as Field Sales has least access and also by doing that Inside Sales will have access to all opportunities owned by Field Sales.
Note: These changes help me pass this challenge and also i have completed the Superbadge.
Thanks
Siddhant
I've also complited the Superbagde.
I think you can build the role hierarchy as it is given in requirments, no need to make these changes.
You can grant access to All oportunities for Inside Sales User by sharing rules below, using right hierarchy. (It is forbidden to give View all permision for oppotrunities to Inside Sales User).
Rule1.
1. Rule type = "based on criteria"
2. Field = Type, Operator = Equals, Value = Existing Customer - Upgrade
Field = Stage, Operator = Equals, Value = Closed Won (also use the lookup icon)
3. Share with "Public Groups" -- "Project Managers".
5. Opportunity access "read-only"
Rule 2.
1. Rule type = "Based on Record Owner"
2. Opportunity: owned by members of = Roles and Subordinates, Sales Executives.
4. Share with: Roles, Inside Sales Users.
5. Opportunity access "Read/Write"
Hi,
I have followed all the steps as mentioned above but still getting this error. I have attatched all the relevant screenshots.
You have to create only 2 sharing rules, delete the middle rule and check once.
I have tried that but my apex execution fails all the time. Is my role hierarchy right?
@Monica Charles,
Did you solve this problem?
The unit tests in the managed package have not passed successfully. Make sure you run all test in your org before checking this section. Ensure that they all pass.
Thanks
I was unable to install Trailhead Security Superbadge, option "BEAWESOME" is not avaliable;
You will need to install the Trailhead Security Superbadge managed package, then run all Apex tests by:
1.Search for 'Apex Test Execution' in Setup Quick Find.
2.Click the' Select Tests' button.
3.Choose '[All Namespaces]' from the dropdown menu.
4.Select the 'BeAwesome' test with the 'sb_security' Namespace Prefix.
5.Click the 'Run' button.
Thanks
I finally managed to get past the same stage you were stucked. I have created and recreated all the sharing rules, roles hierarchy, public groups and adjusting the profile settings, but the challenge still thrown me the error - "We couldn't find the Sharing Rule that shares Opportunities owned by Field Sales users with Inside Sales users. Please check if the setup of this Sharing Rule is correct."
HOW I GET PASSED THIS STAGE? I followed every steps you descibed again. What i did differently this time is I deleted the two opprtunities I created earlier and recreated 2 two NEW opportunities according the requirement. and Walah, it passed!!!
Why this happened? I am not sure. I would not think that I have to create new opportunities every time I adjust the sharing settings, profile and role hierarchy. Anyow, I am stoked that I can continue to the next challenge. Good luck to all who are doing this challenege!!
Cheers,
Jeffrey
Could you please share your sharing settings, so that I can help you.
Loving this community - all so willing to share and help each other.
Cheers,
Jeffrey
I have completed this step.
Best way to install package on playground is via 'Install a Package'.
1) Paste the id and click install.
2) Select for admins only.
To run the tast class follow the steps mentioned in Step 2. If you dont see 'sb_security.BeAwesome' just expand the popup.
After going through every forum and testing every solution, I finally figured out the missing key to pass the Apex Test.
I'm assuming you've set up all the sharing rules correctly because there are plenty of solutions guiding you.
If you're still failing the Apex tests like I was, look into how you named your roles. As silly as it sounds, that finally got me to pass my Apex Tests.
My profiles were named as suggested in Challenge 1.
Field Sales User, Inside Sales User, and Sales Executive User
I named my roles the same way, which was causing my Apex tests to fail. After changing my roles to
Field Sales, Inside Sales, and Sales Executive... I was able to pass the Apex Tests.
P.S. Remember to change both the field name and field label in order to update the roles.
To ANYONE out there suffering with the Challenge 2 of the "#Security Specialist" #Superbadge.... I feel felt your pain
If you've ever seen an error like "System.QueryException: List has no rows for assignment to SObject" or "Class.sb_security.BeAwesome.createUser: line 133, column 1" after the "Apex Test Execution"... Triple check your profiles and roles names (stored in tmpVar1)... and ask your developper console for further assistance!
Make sure to always test which value tmpVar1 has or if it returns any rows!
e.g:
SOQL_EXECUTE_BEGIN [133]|Aggregations:0|SELECT Id FROM UserRole WHERE Name = :tmpVar1
I hope you could help me out
I've followed the steps above and I cannot pass the APEX test with the following results:
Apex Test Result Detail
Time Started30/03/2020 10:57
ClassBeAwesome
Method NamehelpAStranger
Pass/FailFail
Error MessageSystem.QueryException: List has no rows for assignment to SObject
Stack TraceClass.sb_security.BeAwesome.createUser: line 133, column 1
Class.sb_security.BeAwesome.setup: line 127, column 1
I have checked the naming of my roles and profiles and they were done correctly. please help me on how to solve this
thank you
I've completed all the requirements of Step 2 and apex tests are not throwing error. I logged in as Samantha(Field sales User ) and created 2 opportunities as per requirement but still getting error "Challenge Not yet complete... here's what's wrong:
We couldn't find the Opportunity record owned by Samantha Cordero with the expected Stage. Please make sure the record exists and it contains the correct values according to the requirements."
I am stuck here since yesterday and not able to resolve. Any suggestions on this or someone experienced the same issue?
Thank you to Tiggran!
I was finally able to get past this. I also kept getting the "Could not find a user named Samantha Cordero with the Field Sales User profile" message.
I have some questions for Trailhead:
- How has this been a known issue since 2016, and yet nothing has been resolved in the security superbadge test?
- Why is the part about creating a Project Manager "Public Group" SO unclear?
The addition of the 2nd sharing rule that Tiggran suggested, is still very unclear as far as what any of this would
have to do with the error message I received.
I don't expect a response, but this should really be resolved OR made clearer somehow.
Here is the Sales Exec Role permission.
I needed to add VIEW ALL to Sales Executive profile on Account and Opportunity.
I had thought that this was not allowed, but VIEW ALL and MODIFY ALL are not allowed on Field Sales / Inside Sales profiles per the Challenge:
"Note: When providing access to see and edit all accounts for Field Sales (and Inside Sales), do not use the profile View All and Modify All settings"
VIEW ALL is allowed for Sales Executive.
Just got passed one test case, after changing my Profile name.
Check in Debug mode and use Query Editor to find the missing ones, check your Profile settings one by one.
SELECT Id, Name FROM Profile WHERE Name = 'Sales Executive User'
Sharing Rules
Public Groups
Was able to pass apex tests without setting View All permissions using the next opportunity sharing rules (assuming role hierarchy from the specs is created):
Opportunity: owned by members of: Roles and subordinates: Sales Executive
Share with: Roles: Inside Sales
Opportunity Access: Read/Write
I have able to pass the test class after changing the role name from Inside Sales User to Inside Sales and Fied sales User to Field Sales.Thank you for comment
1- Sales excutives : option 2 Users in this role can view all opportunities associated with accounts that they own, regardless of who owns the opportunities
2- Inside sales : option 3 Users in this role can edit all opportunities associated with accounts that they own, regardless of who owns the opportunities
3- Field sales: option 3 Users in this role can edit all opportunities associated with accounts that they own, regardless of who owns the opportunities
Thank you
ALL: If the Apex Test Execution continutes to fail, make sure to check these two settings!
System.AssertException: Assertion Failed: Field Sales users should not be able to read Opportunities owned by someone else. However, the test returned records not owned by the user. #sadtrombone: Expected: 1, Actual: 3
please if anyone could help.
Also I have been passed 2 apex tests also successfully but geeting this error