Salesforce Admin ADM-211 – Security and Access : Field Level Access
- Field Level Security
Field level security. The next concept that we are going to discuss about is field level security and it falls under the field level access. In the salesforce security model, we already discussed in detail about the object level access in the record level axis and now we are discussing about field level access. So, as the hierarchy says, first comes the object level access and we use the profiles and permission sets to determine the object level access. And once we get access to the object and then comes the record level access, yes, I have access to this particular object. But does it mean that I have access to all the records? Definitely not. It depends on various factors. And even if I have access to a particular record, does it mean that I have access to the full record? Definitely not. May not be. It depends on the free level security. So I may have access to the same record, you may have access to the same record, but it doesn’t necessarily mean that we access all the fields in the record access. A field level access might be restricted. In fact, this is a very common scenario that we use in real time, say for we can in fact give like a number of examples for this. Like managers.
The business model may be in such a way that managers only need to access some certain fields or maybe a particular team of maybe the sales team only should have certain fields. Only the marketing team should have access to certain fields. Like that. The business model can vary from business to business. So how do we implement this restriction on field level? There comes this concept of field level security wherein we can restrict the users access to view and edit fields. Perfect. Now that we know how to basically what is field level security? How do we do that? Where can we configure this field level security? We can control the access to fields in two different ways. One is in page layouts, the other we have the field level security settings on a field using that. Also we can do in page layouts. In page layouts we have two options read only, required.
So for every field in the page layout settings we then either make the field read only or required. And in field level security of a field we can make it visible and read only. However, always remember that when there are two places to make a setting so which one applies? Say for example in a page layout the field may be required and in the field level settings it may be read only. So what happens? In the page layout it is required, but in the field level security it is read only. In those scenarios, always remember that the most restrictive setting applies. Here the most restrictive setting is read only so the user will have only read only access. Let’s have a quick look at how to do these settings. I have logged into the salesforce developer. org and I am in the students object. Just a drill down on any record. So this is the record, this is the record detail page edit the layout and here we see all the fields out here in the field properties we’ll be able to set it up. So go for any field.
You should be able to see these options. So we can make the field either read only or required in a page layout. This is one of the ways we can do field level settings in the page layout level. And as I mentioned, we can also control the field level security using field level security settings on fields. So go to the object definition page and go to the custom fields and relationships. There you should be able to see all the fields and go for any field you would have the option of set field level security. Click on that button and there you should be able to see that option. You can make the field visible and read only here visible as the name says, it will be visible to this profile and read only.
As the name says it would be read only for this particular profile. So these are the two different ways how we can control field level access to users. And for a particular field, if there are more than one access defined in each of the wave, in page layout it is different. And in field level security if it is different, always remember that the most restrictive setting applies. And now we know what is field level security and where do we set it up. But basically, how do we configure this field level security for multiple profiles? For configuring this field level security, either we can define the field level security for multiple fields on a single profile or for a single field on all profiles. It depends on how we are basically taking up the task. If we are actually making the field level security for a single profile, then we go to that profile and make the changes.
But if we are setting up the field level security for a single field and if we are setting it up for multiple profiles, then we do it a different way. So when we say profile, we also mean permission sets because permission sets basically expand the profile axis. So in profiles are permission sets. So if we want to set up the field level security for multiple fields for a single profile, then we have to go for profiles. And in there we have the field level security settings. We have now navigated to the custom profile sales profile. And here you see the field level security. So now if we want to set up the field level security for this single profile but on multiple objects, then we can do it here. Click on the view button. Sorry, the link. And here you can edit your field level security settings. Here you can do the field level security settings for multiple fields for a single profile.
On the other hand, if you want to set it up for a single field on multiple profiles, then it is as we discussed earlier. Go to the object definition page, go for fields and there you’ll have that option set field level security. Then you can control the field level security for a single field on multiple profiles. So basically for testing purpose, what you can do is you can update the field level security for two different users. In our case we have a system admin and Sales profile.
And maybe here you do not make it visible and then log in as the user to and see if you are able to see that field or not. So thereby we have two users. So we can change the profiles accordingly and we can test this scenario. Perfect. This is how we assign field level security for different fields on a single profile or for a single field on different profiles. Now, there is one other concept that we need to understand that is about view field Accessibility.
So, field level security, this button we use for setting up the field level security, right? But this view field accessibility, this gives us the information about who are all the profiles, who can access this particular field and what is the level of access that they have on this particular field. So this is the student first name field. If I click on View Accessibility, it will list down all the profiles that has access to this particular field. And it will also list down what is the level of access that the profile has on this field. So it says that this profile has got editable access and why? Because the field is editable because of the page layout same. And it is hidden.
Field is hidden because of the field level security. Field is hidden because of the field level security. So it also gives the reasoning behind that, why this field is editable, why this field is hidden. Similarly, you can access the other fields as well. So all the fields that are there in this object would appear in this list dropdown list. So you can choose the field and you can see whether it is editable or hidden and based on which criteria. This information is important for a senior admin for us, because while troubleshooting, this comes very handy. Perfect. So this is all about field level security in Salesforce.