What is Field Level Security in Salesforce?

Introduction

Securing the object and field data is really important for any customer so that the users can only see the data which they intended to see. There would be a data leak and data security issue if we do not provide the proper Object & Field Level Access.

Why Field-Level Security is Important?

When we talk about data security in Salesforce that means we need to make sure that we are taking care of the object(s) and field(s) level security because these are the first level of security and after that, the record level of security comes into the picture.

For Example, if you make the OWD of any object private and do not provide any field-level security then in that case if the user has access to any record then he/she will be able to access all the fields even if they do not need to see the fields.

Different ways to control field-level access

There are multiple ways from which you can control field-level access inside Salesforce.

1. Profiles
2. Permission Set
3. Page layout
4. Lightning Record page (Dynamic Form)

Control Field-Level Security from Profile Level

The profile is the first level of Security for objects and fields. And we can control the field security from the profile where we can set if the field is visible/readable or editable by the users who are assigned to a particular profile.

For Example, You have a requirement to provide read-only access to the Industry field of Account at the profile level so that any user having a “Custom Support Profile” can only read the Industry field but can not modify it.

Steps to provide the field level access at the profile

1. Log in to Salesforce Org
2. From the setup search for profiles and click on Profiles
3. Select “Custom: Support Profile” from the list of profiles
4. 
5. Select “Object Settings” under Apps
6. Select Accounts from the available object list & Click on Edit
7. Find Industry Field and Remove the Edit Access if given or Provide the Read Access only

When to provide field-level access at the profile level

As a best practice, we should not provide any field-level access at the profile level and always extend the permission from the Permission Set level.

However, if all the users under any profiles require at least read access then provide the read access at the profile level and if there are some exceptional users who needed edit access then provide edit access at the permission set level and assign it to the users who are required to edit the fields.

Control Field-Level Security from Permissionset Level

As we talked about that providing field-level security at the permission set level is very important because we can control which all users can read/edit/view any field related to Salesforce.

Create a Permission Set

If you do not have a permission set in the Salesforce org then the first step is to create the permission set. To Create the Permission Set follow the below steps

1. Login to Salesforce
2. Navigate to Setup and search for Permission Set and select “Permission Sets” from the search result under Users.
3. Click on New and provide the label as “Industry Field Edit Access” or you can give the name you want.
4. Click on save to save the permission set
   1. Select “Object Settings” under Apps
   2. Select Accounts from the available object list & Click on Edit
   3. Find Industry Field and Provide the Edit Access
      

      

Assign the Permission Set

once you have created the permission set and provided the required access to the object(s) and field(s). Now, we have to assign the permission set to the required users.

1. Click on Manage Assignment while you are on the Permission Set page
2. Click on the “Add Assignment” button
3. Select users from the available list to whom you wanted to assign the permission set
4. Click on Next
5. Click on Assign & Click on Done

Control Field-Level Security from Page Layout

There are many scenarios where we can access the field Level Access from the Page Layout as well. However, we can only make the field read-only and required from the Page Layout but we can not hide the field.

How to make field read-only/required using Page Layout

With the help of page layout in Salesforce, we can make a field read-only, or required which again comes as handy when we wanted to make a field read only for specific record type or wanted to make sure user fills out a field when creating a new recod from UI.

Steps to make a field required from page layout

1. Login to Salesforce
2. Navigate to Object Manager
3. Search for Account & Click on Account to Open Object detail page
4. Click on Page Layouts from the left side & Select the page layout in which you wanted to make the field required
5. Find your field and hover over the field to see the wrench icon. Click on the wrench icon
6. Make the field required or read-only
7. Click on Save to save the changes

Lightning Record page (Dynamic Form)

With the help of dynamic forms, we can show/hide the fields dynamically, or event we can make the field read-only or required.

To learn more about dynamic forms please go through the following links

1. https://www.salesforceben.com/salesforce-dynamic-forms-overview-deep-dive-tutorial/
2. https://help.salesforce.com/s/articleView?id=sf.dynamic_forms_overview.htm&type=5
3. https://help.salesforce.com/s/articleView?id=sf.dynamic_forms_considerations.htm&type=5

Your feedback is really appreciated.

Happy learning!