Table of Contents
Why use field-level security when we can configure what the User can access with the help of page layouts?
Let’s understand why:
- Page Layouts, in conjunction with Field-Level access, determine the fields the User can view. The most restrictive of the two always applies.
- Unlike Page Layouts which can only control field visibility in the details and edit page, field-level security can control field visibility throughout the org. (Refer to the table below for the complete picture.)
- Controlling field-level access via Page Layout would result in the tedious task of creating multiple page layouts.
- Using field-level security results in better security, and we can be sure that the User cannot access the restricted field anywhere in the org.
Field-level security can be approached in either of these ways (We’ll be focusing on the former for now) :
- For multiple fields using a single permission set or profile
- For a single field on a profiles
Restrict Field Access with a Profile
Let’s restrict a User’s overall access to a field using their profile.
1. Open Setup, type Profiles in the Quick Find Box, and click Profiles.
2. Click on the profile you want to restrict.
3. Open Object Settings and select the Object for which you want to edit the field-level settings.
4. Click Edit.
5. Scroll down to Field Permissions to edit field-level permissions.
6. Click Save once you’re done.
Add Field Access with a Permission Set
Let’s expand field-level access with a permission set. Remember that permission sets are used to expand Users’ access, while profiles are used to restrict access.
1. Open Setup, type Permission Sets in the Quick Find Box, and click Permission Sets.
2. Open the permission set you want to work on.
3. Click Object Settings and then select the Object you’re working with, and click Edit.
4. Scroll down to Field Permissions and configure the access for fields as required.
5. Click Save once you’re done.
6. Click Manage Assignments to select Users to assign the permission set to.
We just completed the second step (field-level access) for an effective and highly secure data access model. The next article will let us know the third and final step (record-level access).