Configuring Field-level Security Using Profiles

Configuring field-level security using profiles is a crucial aspect of Salesforce development services. Profiles in Salesforce allow administrators to define which users or groups have access to specific fields within objects. This granular control ensures that sensitive information is protected and only accessible to authorized individuals or teams. By assigning field-level security settings within profiles, organizations can maintain data integrity and comply with privacy regulations while tailoring the Salesforce platform to meet their unique business needs. Whether it’s securing customer data, financial records, or proprietary information, Salesforce development services include configuring profiles to strike a balance between data accessibility and data protection, ultimately enhancing the overall security and efficiency of the CRM system.

What is field-level security in Salesforce?

Not all users have access to all fields in an object. Granting and restricting the view, edit, create, and delete access of fields in an object to the users is known as field-level security.

For example, a company has HR and manager profiles. The company does not want the manager to delete any employee record or view the salary and SSN Number of any employee. But view, create, and edit other details of the employee. The HR, however, will have to view, edit, create, and delete all the details of the employee. Field-level security enables the admin to grant varied field access to HR and managers in the company.

We created a manager profile in the previous article/video. Let us configure field-level access for the manager profile.

Configuring field-level security using profiles in Salesforce

We can configure field-level security in three different methods.

1. From the profile detail page
2. From field accessibility
3. From the object detail page

From the profile detail page

1. Go to Setup
2. Search for a profile in the quick find and click on profiles.
3. Search for a manager profile. You do not have a search option on the profiles page. Click on the letter M, and you will be able to view all profiles starting from the letter M.

4. Click on Manager, not on Edit. You will land on the profile detail page of the manager.
5. Scroll. You will be able to view field-level security.

6. Search for the employee object and click on view. You can press Ctrl+F and type employee to search easily among so many objects.

7. Click on the edit button.

8. Uncheck the Read and Edit access for the Salary and SSN Number fields, and click Save.

You will not be able to change the access for standard fields like last modified by, created by, etc.

• From field accessibility

1. Go to Setup.
2. Search and click on field accessibility in the quick find.

3. Search and click on the employee object.
4. You will see two options- view by fields and view by profiles. Click on view by fields.

5. Next, choose the field- Salary.

6. You will be able to see all the profiles and the kind of access they have to the field salary.

7. The manager profile is hidden as we have already removed the access. Click on hidden.

You can change the field-level access from this page as well.

• From the object detail page

1. Go to Setup.
2. Next, go to the object detail page of the employee object and click on fields & accessibility on the sidebar. 
3. Click on Salary

4. Click on view field accessibility and choose the field.

You will be able to change the field-level access from this page as well.

Now that we have changed the field-level access, let us test it.

Testing field-level security in Salesforce

To test field-level security, we can use the testing user we created earlier. But, the testing user has a standard user profile. To test field-level security, we have two options.

1. Change the object and field-level access for the standard user profile.
2. Change the profile of the testing user to manager.

We cannot exercise the first option, because a standard user profile is a standard profile, and standard profiles cannot be edited. We will have to clone the standard user profile, create a new profile, and edit the access.

Hence we will opt for the second option. Make sure that the manager profile has access to the employee object and tab.

1. Go to Setup.
2. Search and click on users in the quick find.
3. Click on edit for testing user.

4. Change the profile to the manager and save.
5. Now, log in as a testing user
6. Go to the employees’ tab and create a new record.

You will not be able to view the Salary and SSN number fields, both while creating and on the detail page.

7. Log out and log in with your admin account.
8. Now, go to the employees tab, view all records, and click on Rajesh.

You will be able to view and edit the Salary and SSN Number fields.
Salesforce development services play a pivotal role in configuring field-level security using profiles, safeguarding critical data, and ensuring that Salesforce implementations align with an organization’s security and compliance requirements. By leveraging the power of profiles, businesses can strike a delicate balance between granting access to the right individuals and protecting sensitive information. This not only fosters trust among customers and stakeholders but also enhances the overall effectiveness of Salesforce as a robust CRM platform. As businesses continue to rely on Salesforce for their daily operations, the strategic deployment of field-level security through profiles remains a cornerstone of data protection and integrity in the Salesforce ecosystem.