Field level security

hi,

If I have a field on my custom object which is hidden from particular user profile.

Even though , can user of that profile read or write this field through Apex code or web service API

Thanks,

dsk

May 17, 2010
·
Like
0
·
Follow
0

Best Answer chosen by Admin (Salesforce Developers)

BrendanOC
Removing a field from the Page Layout will prevent a user from seeing the field directly, but is not a security measure. The field will still show up via the API or the Search menu unless the FLS is set to Hidden.

The API will enforce all Sharing, CRUD, and FLS settings of the current user. Apex With Sharing mode will NOT enforce FLS by default. Apex With Sharing only applies sharing rules, not Field Level Security.

If the Field(s) in question are bound to a VisualForce page, VF will enforce the FLS automatically, as long as an S-Object is used. If this is purely Apex code, Apex will not pay attention to FLS by default. If you want your Apex code to follow FLS, check out the Force.com ESAPI here:

http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Force.com

May 17, 2010
·
Like
0
·
Dislike
0

This was selected as the best answer

desidsk
Thanks Brendan.

May 21, 2010
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

Field level security

All Answers

You need to sign in to do that.