What can we help you with?
๐ก๏ธ How Field-Level Security Works in Salesforce
Overview
Field-Level Security (FLS) in Salesforce controls user access to individual fields on standard and custom objects. While object-level permissions determine if a user can view or manipulate records, FLS dictates which specific fields they can see or edit.
This guide explains how FLS works, how to configure it, and best practices for securing sensitive data.
๐ฏ Why Use Field-Level Security?
- Protect Sensitive Data (e.g., salary, SSN, credit info).
- Ensure Regulatory Compliance (e.g., HIPAA, GDPR).
- Limit Data Overload by hiding irrelevant fields from certain users.
- Enforce Business Rules by restricting edits to specific user groups.
๐ How Field-Level Security Works
Field-Level Security can override object-level and record-level permissions. Hereโs how:
| Access Level | What It Does |
|---|---|
| Visible | User can see the field in UI, reports, API, etc. |
| Read-Only | User can see but not edit the field value. |
| Hidden | Field is completely inaccessible to the user. |
โ๏ธ How to Set Field-Level Security
๐น Method 1: Via Profiles
- Go to Setup โ Profiles.
- Choose the desired profile.
- Under Field-Level Security, select an object.
- Click View beside the object name.
- Adjust visibility and read-only settings for each field.
- Click Save.
๐น Method 2: Via Permission Sets
- Go to Setup โ Permission Sets.
- Select or create a Permission Set.
- Under Field Permissions, click the object name.
- Set field access (Visible, Read-Only).
- Save and assign the Permission Set to users.
๐น Method 3: Via Field Settings (Object Manager)
- Go to Setup โ Object Manager.
- Select an object (e.g., Contact).
- Click Fields & Relationships.
- Click the field name.
- Click Set Field-Level Security.
- Choose which profiles can see/edit the field.
- Save.
๐ซ FLS and Other Access Controls
| Access Type | Controls | Can Override FLS? |
|---|---|---|
| Object-Level Access | Whether user can view object records | โ No |
| Record-Level Access | Whether user can view/edit specific records | โ No |
| Page Layouts | Whatโs displayed in the UI | โ No โ Hidden fields still wonโt show even if added |
| API Access | External data access via integrations | โ Controlled by FLS |
โ Best Practices
- Use Permission Sets for Flexibility: Easier to manage than editing multiple profiles.
- Audit Field Access Regularly: Especially for fields with sensitive data.
- Test with Login-As Feature: Simulate user access to verify FLS behavior.
- Avoid Page Layout-Only Security: Layouts hide fields in the UI but donโt secure them from API or reports.
- Restrict Create/Edit Fields Carefully: Fields like
IsActive,Discount, orSalaryshould often be read-only or hidden.
๐ Summary
Field-Level Security ensures precise control over data visibility and edit rights at the field level. Combined with Profiles and Permission Sets, it forms a crucial layer in Salesforceโs security architecture, helping safeguard sensitive information while enabling efficient user access.