Field level security

You can use field level security to control access to individual fields within an object. Field level security is applied to the set of objects that the user is entitled to by either role-based security or record level security rules. If no field level security is defined for an object, security is applied at the object level (if security rules are defined) or at the folder level.
Figure 1. Field level security applies to object fields
The three levels of security are shown. An arrow points from record level security to field level security. Another arrow points from role-based security to field level security.

When you define a field level security rule, you must consider all the scenarios that are required to access the field. If any scenarios are not defined, a user's access to the field is denied. This is known as redaction.

For example, one rule might specify that if a user is not an Owner, they have only Read access to a field. If a user is an Owner, they have Read and Update access. When the outcome of the formula is true, then Read access or Read and Update access is granted to a user. When the outcome of the formula is false, the field is redacted.

The way that access is restricted depends upon whether the outcome of a formula is true or false when it is applied to a field.
  • True: The field is available to users as Read Only or Read and Update.
  • False: The field is redacted. Users can see the field label, but not its value. Instead, the value is redacted, and the user sees some text, such as Confidential in place of the field value.

Restrictions:

  • System fields are not supported.

    The system fields are Name, Description, Location, Creation Date, Created By, Last Modification Date, Last Modified By, and Comment.

  • Computed fields are not supported.
  • Simple string fields that are encrypted are not supported.
  • If more than one rule applies to a field, the rules are combined by using an OR condition.
  • If more than one rule is defined for the same field, and one grants Read access to the field and another grants Read and Update access, then a user is granted Read and Update access if the outcome of the formula for each rule is true.
  • Do not include fields that use field level security in Global Search. It might result in users being able to derive data values they otherwise would not have access to.