Salesforce Developer Data Security Field Access


TODO: Put each specific instruction onto their own separate pages, and link to them.

// Salesforce - Developer - Data Security - Access to Fields (Overview):

In some cases, you might want users to have access to an object, but limit 
their access to individual fields in that object. Field-level security—or field 
permissions—control whether a user can see, edit, and delete the value for a 
particular field on an object. These are the settings that allow us to protect 
sensitive fields such as a candidate's social security number without having to 
hide the candidate object.

Unlike page layouts, which only control the visibility of fields on detail and 
edit pages, field-level security controls the visibility of fields in any part 
of the app, including related lists, list views, reports, and search results. 

In fact, to make absolutely sure that a user can't access a particular field, 
it's important to use the field-level security page for a given object to 
restrict access to the field. There are simply no other shortcuts that provide 
the same level of protection for a particular field.

On the screen where we assign field-level security to a profile, there are two 
columns of check boxes labeled with "Visible" and "Read-Only".  Sometimes, 
these check boxes are disabled because we have set this field as required 
on the layout.  First remove this field as required from page layout, then 
try again.

Here are some field-level security settings you might need to set for the 
Recruiting app:

1. Position object: hide minimum and maximum pay from standard employees and 

2. Candidate object: hide social security numbers from hiring managers and 

3. Job Application object: make the Position and Candidate lookup fields 
   read-only for hiring managers.

We can define field level security either through the modifying profiles screen 
or through the modifying permission sets screen.  We can also define field
level security from the Security Controls | Field Accessibility menu in Setup. 

We can define field-level permissions in one of two ways:

1. For multiple fields on a single permission set or profile

2. For a single field on all profiles

To set field-level security in permission sets and profiles:

1. From Setup, enter Manage Users in the Quick Find box, then select 
   Manage Users, then click Permission Sets or Profiles.

2. Select a permission set or profile.

3. Depending on which interface you're using, do one of the following:

   1. Permission sets or enhanced profile user interface: In the Find Settings... 
      box, enter the name of the object you want and select it from the list. 
      Click Edit, then scroll to the Field Permissions section.

   2. Original profile user interface: In the Field-Level Security section, 
      click View next to the object you want to modify, and then click Edit.

4. Specify the field's access level.  If both check boxes are selected, the 
   field is read-only.  If only the visible box is selected, the field is 
   editable.  If both check boxes (Read-only, and Visible) are not checked, the 
   field is hidden from the user.

5. Click Save.

To set field-level security for a field on all profiles:

1. From Setup, enter Customize in the Quick Find box, then select Customize, 
   click a tab or activity link, and click Fields.

2. Select the field you want to modify.

3. Click View Field Accessibility.

4. Specify the field’s access level.

5. Click Save.

After setting field-level security for users, you can:

1. Create page layouts to organize the fields on detail and edit pages.

2. Verify users’ access to fields by checking the field accessibility.

3. Customize search layouts to set the fields that display in search results, 
   in lookup dialog search results, and in the key lists on tab home pages.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License