Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Rich ColoyanRich Coloyan 

Trailhead Module Data Security Controlling Access to Fields Error Message: The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object

I am trying to complete the Trailhead Module "Data Security: Controlling Access to Fields"

Create a Profile and Permission Set to properly handle field access

The Marketing Coordinator and Account Manager both require access to view and update Account Records, but only the Account Manager should be able to see and edit certain fields. Specifically, only the Account Manager should be able to see and edit the Rating field. The Marketing Coordinator should not be able to see or edit the Rating field. Create one profile and one permission set with the appropriate field-level security to solve for this use case.The profile must be named 'Basic Account User' and result in an API name of 'Basic_Account_User'. It should use the 'Salesforce' user license type.
The permission set must be named ‘Account Rating’ and result in an API name of 'Account_Rating'.


This is driving me absolutely insane.  

I created a custom profile named Basic Account User, it is Read on the Account Object and the Rating field is unchecked for both Read and Edit.  
I created a permission set named Account Rating, it is Read & Edit on the Account Object and the Rating field is checked for both Read & Edit.  
I have both the profile and permission set assigned to the other user in my Dev Org.  I logged in as this user and the permission set is functioning as expected.  With the permission set he can see and edit the rating field, without the permission set he can't see it at all.

Yet I keep receiving the "The 'Basic Account User' profile did not have the appropriate object and field-level security for the Account object" error message.

What am I missing? I have tried every conceivable combination.
Best Answer chosen by Rich Coloyan
Shyama B SShyama B S
Hi Rich,
This is what I did for the challenge and it worked.
I created a new profile named 'Basic Account User' cloned from the 'Standard User' profile. 
I then set the field level security for Accounts -> Rating as below:

User-added image

Unchecked it for all the other profiles.

Thanks,
Shyama

All Answers

Chandra Sekhar CH N VChandra Sekhar CH N V
Make the field level security of Rating at the Account object level visible. It should work.
Rich ColoyanRich Coloyan
I have the Field Level Security for Rating set to visible for every profile except Basic Account User.  I still receive the same error.
Patrick CantelmiPatrick Cantelmi
I figured it out somehow! I went to the field accesibilty by account, then set the account manager as editable for rating, the basic account user as hidden, and the cotnract manager as hidden. It worked after that! I almost couldnt believe it
Rich ColoyanRich Coloyan
Where did the Account Manager profile come from?
Patrick CantelmiPatrick Cantelmi
I had to create both the account manager and contract manager profiles
Patrick CantelmiPatrick Cantelmi
The tutorials were very good at going step by step up until this part. I was stuck on this challenge for 2 days
Shyama B SShyama B S
Hi Rich,
This is what I did for the challenge and it worked.
I created a new profile named 'Basic Account User' cloned from the 'Standard User' profile. 
I then set the field level security for Accounts -> Rating as below:

User-added image

Unchecked it for all the other profiles.

Thanks,
Shyama
This was selected as the best answer
Rich ColoyanRich Coloyan
Shayma, what are the Account Object permissions for your Basic Account User profile, Read or Read & Edit?
Shyama B SShyama B S
It is read and edit for Account object. The challenge is a bit confusing. Whether the Basic Account User should be the only profile with permissions to read and edit the rating field or should be the only profile which doesn't have the read and edit rating field access. You said you uncheked the read and edit on rating field for Basic Account user. They meant the opposite. Only Basic Account User should be given access.
Rich ColoyanRich Coloyan
Shayma, I created a new Developer org to make sure nothing else interfered and did exactly what you said and it worked so thank you!  

They really need to reword the instructions and specify whether the Marketing Coordinator & Account Manager would be using the same profile or not.
Robert RobinsonRobert Robinson

YEEEEEEEAAAAARRRRRRRRRGGGGGGGGGHHHHHHHHHH!!!!!!!!!!!

I finally got it after unchecking every. Single. One. Of. Those. Field Permissions. In. The. Account Ratng. Permission Set.

I say it again...YEEEEEEEEEEAAAAARRRRGHHHHHHHHH!!!!!!!!!!

What's worse is that I am on a plane on the way to Dreamforce, so I can't bloody well go off in this enclosed space...you woud see the story tomorrow of someone being taken off the plane in Salt Lake City. Observers only heard the following words....Trailhead...field level security....nnnnggggggg...some on the plane seemed to know what he was saying, but declined to comment; reason being is that the first rule of Trailhead is...

You don't talk about Trailhead...
Robert McKinnonRobert McKinnon
I followed the "Shyama B S" comment and I got it to work, however, it doesn't seem to be aligned to what the challenge is asking.
 
Sharon Wilson 22Sharon Wilson 22
Ok I am stuck... none of these answers is really clear to me.... The question seems to have changed from above to :
Two team members need to view and update Accounts, but only one should be able to see and edit the Rating field. Create one profile and one permission set with field level security to solve for this use case.
But that does not help, I think this whole item needs to be reworked...  I was flying along until this one and I really think I might skip this segment as it is really just confusing me and wasting my time...

I don't understand where is the "Field level security for Accounts -> Rating" ?  I would appreciate the step by step so that I can move past this.   
 
Katherine Cheng 7Katherine Cheng 7
Hi Sharon Wilson 22, I got confused by this question too. My initial solution was similar to Rich Coloyan's approach. After reading Shyama B S's answers, I understood the solution should come from the opposite approach. The steps I did finally were:
1. Create a new profile named 'Basic Account User' cloned from the 'Standard User' profile.
2. Goto Customize/Accounts/Fields, click Rating (in Field Label column), click Set Field-Level Security button, and 
set the field level security for Accounts -> Rating as below (only check it for Basic Account User, and Unchecked it for all the other profiles)
User-added image

3. Create a permission set named 'Account Rating', and go to object settings, click Accounts, click Edit, check Read and Edit in Object Permissions, check Read and Edit for Rating Field, click Save.
Benoit AlegreBenoit Alegre
Thanks Katherine Cheng 7! You made my day; Was stuck on this and your answer really helped. The approach to limit the field through the profil and then open it through permission was not obvious at first but meaningfull now.
Thank you very much!
Juan Manuel Fernandez ClementeJuan Manuel Fernandez Clemente
Thanks soooooooo muuuuuuuuch Katherine Chang 7!!!
Rich WingerterRich Wingerter
Thanks for all your answers. I struggled with this challenge a long time. The hard part was all the ambiguities in how it was worded. For example, it says, "The profile must be named 'Basic Account User' and result in an API name of 'Basic_Account_User'." How would I know if the API name was correct? I eventually gave up and assumed that if I put in the right profile name it would create the right API name. Also, it doesn't say anything about the other fields. So, does it matter which profile you clone to make "Basic Account User"?

I also went to Manage Users > Profiles > Basic Account User > Edit and unchecked Read and Edit for the Ratings field. I’m not sure if this was necessary with the other instructions, but it seemed to work.

I think Katherine Cheng 7 wrote very clear instructions. That was a big help.
Connie Hazendonk 1Connie Hazendonk 1
I can't believe this. Got completely stuck with this task. In the end I did the following:
logged into a 2nd developer account I have
follow Katherine Cheng's steps

And it worked!

Now my rating field is a mess in the main developer org but hey ho, I hope I never have to use it again!
Parth Joshi 24Parth Joshi 24
Amazing... Thank you @Shyama B S.... ... !! :)
Bhavishya MoolyaBhavishya Moolya
Thanks to all the answers here. Even I was stuck with this finally got it with the steps posted by Katherine Cheng. The last part after creating permission set 'account rating', edit the account object permission that helped complete this challenge. 
Catie DuBruilleCatie DuBruille
If anyone is stuck, use another dev org. That is hands down the only thing that would work for  me! Thank you for all the answers! This was a very vauge challenge, and I'm glad I was finally able to pass it! 
Dipika AroraDipika Arora
customize link is not available to me..
Marina Shuman 1Marina Shuman 1
This was really confusing. I interpreted instructions that the profile should ALLOW access to read and edit the Ratings field, and the Permission Set should NOT allow access. After fiddling with both of them, the solution actually seems to be the opposite. Very confusing.
Amber RavenscroftAmber Ravenscroft
Thank you Katherine Cheng 7 - literally the only thing that helped me through this one! 
 
Nina KreblNina Krebl
Thank you Katherine Cheng 7  - you saved a day of my life :)
Keith Stephens-MidtermKeith Stephens-Midterm
Hello, I am on the Basic Account User profile but I do not see option for:  Customize/Accounts/Fields, click Rating (in Field Label column), click Set Field-Level Security button, and 
set the field level security for Accounts -> Rating as below (only check it for Basic Account User, and Unchecked it for all the other profiles)
Keith Stephens-MidtermKeith Stephens-Midterm
also i dont see Basic_Account_User for API?User-added image
Hari Krishna 206Hari Krishna 206
Hi, i have follew all of these steps but coudnt resovle it
Can someone please state the step by step procedure so that to complete the challenge (Control Access to Fields)
Grace ChabutGrace Chabut
I am very confused on this challenge. I've been trying to follow the suggestions above but everything I've tried hasn't worked. Is there a better step by step process that anyone has found?
 
Dha ShahDha Shah
1. created 'Basic account user' from standard user as @shyama mentioned.
For SETTING  FIELD PERMISSION/SECURITY FOR PARTICULAR USER
2. Setup > select object ‘Account’ > field and relationship > click field ‘Rating’ > clcik ‘Set Field level security’ >