A service account is an identity that an application or a Compute Engine VM uses to run authorized API calls to Google Cloud services such as Google Cloud Storage, BigQuery, and so on. Contrary to a user account, this account type is not created in the Google Admin console as a Cloud Identity, but in…
Permission sets – Certified Advanced Salesforce Admin Exam Guide
Permission sets Permission sets are, as the term suggests, a collection of permissions or settings that give users access to specific platform features/functions. Permission sets are used to extend application feature access to users without changing their profiles. Every setting you can apply to permission sets is also found on profiles (but not vice versa)….
Organization policies – Google Cloud Engineer Exam Guide
One of the additional benefits of building a resource hierarchy is the ability to centrally set constraints on what users can configure on a Google Cloud service. Applying organization policies to a resource hierarchy at the root level helps to comply with a company’s security policies across all projects. Let’s look at the following example….
Profiles, permission sets, and object security 2
From now on, we’ll be using the original interface. Let’s briefly look at every section on the profile editor page: A custom profile is a profile that’s created upon cloning a standard profile. If you want to create a new custom profile, you only have to jump to the standard profile you want to modify…
Profiles, permission sets, and object security
Profiles, permission sets, and object security Profiles define how users can access data and the whole Salesforce application. There should be one profile per user and one license type per profile – easy to remember. Also, more than one user can share the same profile. Your organization comes with standard profiles that (there are exceptions…
IAM policies – Google Cloud Engineer Exam Guide
Now that we have learned how to create accounts, build a resource hierarchy, and set up roles, we will look into IAM policies that connect all of those items to allow users to access resources in a fine-grained way within a hierarchy. In IAM, Cloud Identity users, Cloud Identity groups, service accounts, and, for some…
The sharing model – Certified Advanced Salesforce Admin Exam Guide
The sharing model One of the first steps when designing a new Salesforce CRM implementation is to set up data access using the sharing model engine. This specifies who can see what! To understand how this works, have a look at the following diagram: Salesforce sharing architecture Profiles determine Object-Level Security (OLS) and Field-Level Security…
Secure Data Access – Certified Advanced Salesforce Admin Exam Guide
Secure Data Access In each Salesforce organization, the administrator is the key holder: they are the guardian of the company’s data and thus their main concern is protecting this valuable asset. The right object permissions shape data according to the kind of user who accesses it, while planning the right sharing strategy enables users to…
IAM roles – Google Cloud Engineer Exam Guide
In Google Cloud, permissions are not assigned to users and groups directly. Instead, users have roles assigned to them. Roles are a collection of permissions. Permissions usually match API methods that describe which operations are allowed on a resource and have the following form: <service>.<resource>.<action>. Figure 12.12 – Example of a role, which is a…
Building a resource hierarchy
In the Google Cloud resource hierarchy, an organization is provisioned automatically and it is the top-level node above all other folders, projects, and resources. Any policies or restrictions set at the organization level will apply to the folders, projects, and resources that fall under it. The hierarchy helps to manage access to resources, so there…