Salesforce-Platform-Sharing-and-Visibility-Architect Exam Questions With Explanations

The best Salesforce-Platform-Sharing-and-Visibility-Architect practice exam questions with research based explanations of each question will help you Prepare & Pass the exam!

Over 15K Students have given a five star review to SalesforceKing

Why choose our Practice Test

By familiarizing yourself with the Salesforce-Platform-Sharing-and-Visibility-Architect exam format and question types, you can reduce test-day anxiety and improve your overall performance.

Up-to-date Content

Ensure you're studying with the latest exam objectives and content.

Unlimited Retakes

We offer unlimited retakes, ensuring you'll prepare each questions properly.

Realistic Exam Questions

Experience exam-like questions designed to mirror the actual Salesforce-Platform-Sharing-and-Visibility-Architect test.

Targeted Learning

Detailed explanations help you understand the reasoning behind correct and incorrect answers.

Increased Confidence

The more you practice, the more confident you will become in your knowledge to pass the exam.

Study whenever you want, from any place in the world.

Salesforce Salesforce-Platform-Sharing-and-Visibility-Architect Exam Sample Questions 2026

Start practicing today and take the fast track to becoming Salesforce Salesforce-Platform-Sharing-and-Visibility-Architect certified.

2774 already prepared
Salesforce 2026 Release
77 Questions
4.9/5.0

An architect has a requirement to create a criteria-based sharing rule based on the customer Social Security Number. However, when setting up the rule in Contact Sharing, the field is not shown on the list of available fields.
What is causing this issue?

A. The field hasbeen configured for encryption.

B. The architect's profile docs not have Field Level Security for this field.

C. The architect does not have permission to Compliance fields.

A.   The field hasbeen configured for encryption.

Summary:
The issue is that a specific field (Social Security Number) is unavailable for selection when defining a criteria-based sharing rule. Sharing rules rely on field values to filter records, but certain field types and configurations are restricted from being used in this context for security and performance reasons. The most common restriction applies to fields containing highly sensitive, personally identifiable information (PII).

Correct Option:

A. The field has been configured for encryption.
This is the most likely cause. Fields encrypted with Shield Platform Encryption are often restricted from being used in certain features, including criteria-based sharing rules, to prevent the encrypted data from being exposed in the underlying sharing queries and to maintain a higher security posture. This is a standard limitation to protect sensitive data.

Incorrect Options:

B. The architect's profile does not have Field Level Security for this field.
While this could prevent the architect from seeing the field's value on a page layout, it does not prevent the field from appearing in the picklist for building a sharing rule in Setup. The sharing rule definition interface in Setup typically shows all fields on the object, independent of the admin's personal FLS.

C. The architect does not have permission to Compliance fields.
"Compliance fields" is not a standard Salesforce term or permission. There is no specific permission that governs access to fields for the purpose of building sharing rules. The restriction is typically applied at the system level based on the field's data type or configuration, such as encryption.

Reference:
Salesforce Help: Shield Platform Encryption Considerations for Sharing Rules

Universal Containers (UC) has a team that analyzes customer orders looking for fraud. This team needs access to Invoice records (custom object, Private organization-wide default). UC has complex rules to control users’ access. The architect recommended using Apex managed sharing to meet these requirements. Which recommendation should a developer consider when implementing the changes?

A. Use "Without Sharing” keyword to make sure record visibility will be considered.

B. Use "With Sharing” keyword to enforce Field-Level Security.

C. Use runAs system method to test different users accessing these records.

C.   Use runAs system method to test different users accessing these records.

Explanation:

Universal Containers (UC) has a team that needs access to Invoice records (a custom object with a Private organization-wide default, or OWD). The OWD being Private means only the record owner and users above them in the role hierarchy have access, unless additional sharing rules or mechanisms like Apex managed sharing are used. The architect recommends Apex managed sharing to handle complex access rules for the fraud analysis team. Let’s evaluate each option to find the best recommendation for a developer implementing this solution, keeping it clear and detailed for someone learning Salesforce.

A. Use "Without Sharing" keyword to make sure record visibility will be considered.
This is incorrect. The without sharing keyword in Apex means the code runs in system mode, ignoring the user’s sharing rules and role hierarchy. This would allow the code to access all Invoice records, regardless of the Private OWD or other sharing settings, which could lead to over-sharing sensitive data.
In this case, UC needs to enforce complex sharing rules for the fraud analysis team, so Apex managed sharing should respect user permissions and only grant access to specific records as defined. Using without sharing would bypass these controls, making it the opposite of what’s needed.
For example, if the Apex code creates share records to give the fraud team access to certain Invoices, without sharing might expose records the team shouldn’t see, violating the Private OWD.

B. Use "With Sharing" keyword to enforce Field-Level Security.
This is incorrect. The with sharing keyword in Apex ensures the code respects the user’s sharing rules and role hierarchy, meaning it only accesses records the running user is allowed to see based on the OWD, sharing rules, or manual sharing. However, it does not enforce Field-Level Security (FLS). FLS is controlled separately using methods like Schema.sObjectType..fields..isAccessible() or isUpdateable() in Apex.
While with sharing is useful for respecting record-level access (e.g., ensuring the fraud team only sees Invoices they’re granted access to), the option incorrectly ties it to FLS, which is a different security layer. Additionally, Apex managed sharing itself handles record access programmatically, so with sharing may not always be required, depending on the implementation.

C. Use runAs system method to test different users accessing these records.
This is the correct recommendation. Apex managed sharing involves programmatically creating share records (e.g., Invoice__Share for the custom Invoice object) to grant access to specific users or groups based on complex rules. To ensure this works correctly, the developer must test the solution as different users (e.g., fraud team members, non-team members, or managers) to verify that only the right users can access the Invoice records.
The System.runAs() method in Apex test classes allows the developer to simulate how the code behaves for users with different profiles, roles, or permissions. This is critical for testing Apex managed sharing, as it confirms that:
→ The fraud analysis team gets access to the correct Invoice records.
→ Other users (e.g., those not in the sharing rules) are blocked by the Private OWD.
→ The complex sharing rules are applied correctly.
For example, a test class might use System.runAs(fraudTeamUser) to check if a fraud team member can see shared Invoices, then use System.runAs(nonTeamUser) to ensure a non-team user cannot. This ensures the Apex managed sharing logic is secure and works as intended.

Why Option C is the Best Recommendation?
Apex managed sharing is used to programmatically grant access to records (e.g., creating Invoice__Share records to give the fraud team Read or Edit access to specific Invoices). Since UC has complex rules, testing is critical to ensure the logic respects the Private OWD and only grants access to the right users. The System.runAs() method is the best way to test this, as it simulates different user contexts and verifies that the sharing rules work correctly for the fraud analysis team while keeping other records secure.

Additional Details:
Apex Managed Sharing: This involves creating share records in Apex to grant access (e.g., Read or Edit) to users, groups, or roles for specific records. For Invoices, the developer might write code to create Invoice__Share records based on complex criteria (e.g., Invoices flagged for fraud).
Private OWD: Only the record owner and users above them in the role hierarchy have access by default. Apex managed sharing extends access to others, like the fraud team, without relying on manual sharing or standard sharing rules.
Testing Importance: Since Apex managed sharing bypasses standard sharing rules, thorough testing with System.runAs() ensures no unintended access is granted and the complex rules are enforced correctly.
Security Checks: Beyond record access, the developer should also check Field-Level Security (using isAccessible() or isUpdateable()) and object permissions (using isCreateable() or isUpdateable()) to ensure the fraud team can only interact with allowed fields and objects.
Implementation Example: The Apex code might query Invoices meeting fraud criteria, then create Invoice__Share records to grant access to a public group containing the fraud team. Test classes would use System.runAs() to verify access for team members and no access for others.

Reference:
Salesforce Help: Apex Managed Sharing
Salesforce Help: Using the with sharing or without sharing Keywords
Salesforce Help: Testing with System.runAs

Mary is Joe's manager in the Role Hierarchy. The organization-wide default for a custom Invoice object is Public Read-Only, and Mary's profile is not granted the Read permission for the Invoice object.
Which action can Mary take on Joe's invoice records?

A. Read/Write

B. View Only

C. None

C.   None

Summary:
This question tests the interaction between object-level permissions (controlled by Profiles and Permission Sets) and record-level permissions (controlled by Organization-Wide Defaults and the Role Hierarchy). The key is that object-level "Read" permission is a prerequisite for seeing any records of that object, regardless of how open the record-level sharing is.

Correct Option:

C. None.
This is correct. Mary's profile does not have the "Read" permission for the Invoice object. Object-level permissions are the first gatekeeper in the sharing model. Without "Read" permission at the object level, a user cannot see, search for, or report on any records of that object, even if the OWD is set to the most permissive setting or they are the CEO in the role hierarchy. The record-level access granted by the Public Read-Only OWD and her position above Joe is irrelevant because she is blocked at the object level.

Incorrect Options:

A. Read/Write:
This is incorrect for two reasons. First, as explained, she lacks object-level Read access. Second, even if she had Read access, the OWD is Public Read-Only. The Role Hierarchy grants Read access to subordinates' records, not Read/Write access. Write access would require a sharing rule, manual share, or team.

B. View Only:
This is incorrect. "View Only" is a record-level access right, but it cannot be granted if the user does not have the object-level "Read" permission. Mary's profile blocks all access to the Invoice object, so she cannot view any invoices, including Joe's.

Reference:
Salesforce Help: How Object Permissions and Record Sharing Work Together

Universal Containers has selected a small and diverse group of users to review inactive accounts. Given the Private sharing model, a public group was created and made available to this group of users. A sharing rule was created to makeinactive accounts visible to the public group. However, some of these users are reporting they do not see any of the accounts that were shared with the public group.
What is the underlying issue for these users?

A. The users are in profiles that have no access to the Account object.

B. The page layout assigned to these users is different than the Account owner.

C. The accounts arc ownedby users higher in the Role Hierarchy.

A.   The users are in profiles that have no access to the Account object.

Summary:
This question highlights the foundational principle of the Salesforce sharing model: object-level permissions are checked before record-level permissions. A user must first have at least "Read" access to an object before any sharing rule, manual share, or team membership can grant them access to specific records. The sharing rule is correctly sharing records with the public group, but that is a record-level action that is being blocked at the object level for some users.

Correct Option:

A. The users are in profiles that have no access to the Account object.
This is the underlying issue. If a user's profile does not grant the "Read" permission for the Account object, they are blocked from seeing any Account records, regardless of how many sharing rules exist. The sharing rule successfully adds them to the AccountShare table, but the system denies access because they fail the initial object-level security check.

Incorrect Options:

B. The page layout assigned to these users is different than the Account owner.
Page layouts control which fields are visible and how they are arranged on a record detail page. They do not control whether a user can see the record itself. If a user could see the record but not a specific field, the layout might be the cause, but the problem described is that they "do not see any of the accounts," which is a record visibility issue.

C. The accounts are owned by users higher in the Role Hierarchy.
This is not the issue. In a Private sharing model, the role hierarchy grants access to records owned by users below in the hierarchy. However, a sharing rule that shares records with a public group overrides this. Once a record is shared with a user via a sharing rule, they can see it regardless of the owner's position relative to them in the role hierarchy.

Reference:
Salesforce Help: How Object Permissions and Record Sharing Work Together

A sales coach at Universal Containers wants to create and share a report folder with other sales coaches.
Which two permissions are required to accomplish this?

A. Create Report Folders and manage Reports in Public Folders

B. Create and customize Reports and Report Folders

C. Manage Reports in Public Folders and edit My Reports

A.   Create Report Folders and manage Reports in Public Folders

Summary:
The requirement is for a user to both create a new report folder and then manage sharing and content within public folders. These are two distinct administrative permissions in Salesforce. One permission grants the ability to create the container (the folder), while the other grants the authority to manage content within public containers, which is necessary for sharing the folder and its reports effectively with a group.

Correct Option:

A. Create Report Folders and manage Reports in Public Folders.
This is the correct pair of permissions.

"Create Report Folders": This permission allows the sales coach to create the new folder itself.

"Manage Reports in Public Folders": This permission allows the user to control the sharing settings of the folder (making it public and sharing it with other roles/groups) and to add, edit, or remove reports within any public folder, including the one they created.

Incorrect Options:

B. Create and customize Reports and Report Folders:
This option is incorrect. "Create and Customize Reports" is about building the report's logic and columns, not about folder management. "Report Folders" is not a standard permission; the correct permission is "Create Report Folders." This set lacks the critical "Manage Reports in Public Folders" permission needed to share the folder.

C. Manage Reports in Public Folders and edit My Reports:
This option is incorrect because it is missing the "Create Report Folders" permission. "Edit My Reports" only allows a user to modify reports in their personal "My Reports" folder, not to create a new, shareable public folder. Without the ability to create the folder, the user cannot accomplish the first step of the task.

Reference:
Salesforce Help: Grant Permissions for Reports and Dashboards

Prep Smart, Pass Easy Your Success Starts Here!

Transform Your Test Prep with Realistic Salesforce-Platform-Sharing-and-Visibility-Architect Exam Questions That Build Confidence and Drive Success!