Resource:

Advanced Administrator Exam Guide - https://developer.salesforce.com/resources2/certification-site/files/SGCertifiedAdvancedAdministrator.pdf

In this lesson, I provide a high-level overview of the Salesforce Security Model. 

Resource:
A Guide to Sharing Architecture - https://developer.salesforce.com/docs/atlas.en-us.dat.meta/dat/dat_components.htm

Data access in Salesforce begins with the User. Levels of access vary based on the type of user that is logging in. It is important that you understand the different license types available in Salesforce.

You can view your organization’s licenses in Company Information via Setup.

Resource:
User...

Profiles and permission sets provide object-level security by determining what types of data users see and whether they can edit, create, or delete records. For each object, the “View All” and “Modify All” permissions ignore sharing rules and settings, allowing administrators to quickly grant acc...

In this lesson, we look at permission sets, and profiles vs. permissions 

In this lesson, we go over record and field access levels.

In this lesson, we refer to the Salesforce Security Model Diagram, and how the Org-wide defaults specify the default level of access users have to each other’s records.

Resources:
Set Your Organization-Wide Sharing Defaults Help Article - https://help.salesforce.com/articleView?err=1&id=admin_sh...

In this lesson, we look at the relationship between various objects, first referring to the Sales Objects ERD Diagram found within the SOAP API Developer Guide. We then use the Schema Builder to further look at the relationship types between Account, Contract, Contract, Case and Opportunity.

Res...

A role hierarchy represents a level of data access that a user or group of users needs. The role hierarchy ensures that managers always have access to the same data as their employees, regardless of the organization-wide default settings. Role hierarchies don't have to match your organization cha...

In this lesson, we grant the ability for administrators to log in as other users in our org. We then adjust the Session Settings to unlock the Force relogin after Login-As-User setting. We also adjust Jim Doe’s profile to make him a Lightning Experience user.

In this lesson, I place myself at the bottom of the Role Hierarchy and place Jim Doe above me as my manager.

We then demonstrate how Jim is unable to create a new Account record.

Ownership-based sharing rules allow for exceptions to organization-wide default settings and the role hierarchy that give additional users access to records they don’t own. Ownership-based sharing rules are based on the record owner only.

In this lesson, I create a criteria-based sharing rule. We specify that any accounts that are named Sony or have a Start Year of 2018 should be shared with the Director, Channel Sales Role and Subordinates. We also create a new ownership-based sharing rule to better fit our scenario and to replac...

In this lesson, I manually share an account record with other users, after first confirming through the Sharing button that they don’t already have access through some other means.

In this lesson, we look at Team Access – specifically related to Account Teams, Opportunity Teams and Case Teams. We enable Account Teams and Opportunity Teams. We also cover how to specify default Account and Opportunity Teams. 

In this lesson, we go over record ownership and queues. 

Every record must be owned by a single user or a queue. The owner has access to the record, based on the Object Settings for the owner’s profile. For example, if the owner’s profile has Createand Read permission on an object, but not Edit...

In this lesson, I demo how to create a public group. 

In this lesson, we run the Health Check for our org. I address one of the issues listed in the report and then re-run the Health Check to see the impact on our scores.

Resource:
Health Check Help Article -https://help.salesforce.com/articleView?id=security_health_check.htm&type=5

Use Health Che...

In this lesson, I enable the Account Owner Report. We then run the report while logged in as Jim Doe. I also removed Jim Doe from my Default Account Team and also removed my Role designation on my user account to block access to my records for Jim. This was to demonstrate that although Jim does n...

Resource:
Who Can See What in Communities -https://help.salesforce.com/articleView?id=networks_visibility.htm&type=5

In this lesson, we introduce Record Types to the Asset object. We create Record Types for Medical Equipment and Office Equipment. We discuss how Record Types are leveraged to associate Page Layouts by Profile, as well as Picklist Values that are available. In addition, we discuss how Record Types...

In this lesson, we explore the use cases and functionality of Delegated Administration. Use delegated administration to assign limited admin privileges to users in your org who aren’t administrators. For example, let’s say you want the Customer Support team manager to manage users in the Support ...

In this lesson,  we explore the territory hierarchy and its single dimensional, additional hierarchy. Which can be structured by business units or any kind of segmentation in a hierarchical structure.