+ Start a Discussion

Restrict users to modify field



I am writing a Validation rule as -


AND(ISCHANGED( field_name ) =TRUE,


I want to make sure that the field can be modified by above 2 users only.


However, I don't get an Error message I have supplied in Validation Rule.


Please help.



Have you considered doing this with Field Level Security instead?  A validation rule seems an odd way to do it.

Thanks for the reply. 


For using Field level security, I will have to create a Profile.


Is there a way to set field level security for a single user?




I don't know about the ISCHANGED, but I have a field that is a checkbox that only one user change change.  Here's a sample of the code. The user id is the concatenated version found in Setup.  (Look up the user and copy from web address - after the / to the ?. )

AND(Locked__c = true, NOT ( $User.Id ="00e50000000o6jp"))


You can't set up FLS for a single user; you should in fact make a different profile for this.  What happens if that user quits?!?  You'll have to change your validation rule.  That's fragile.

Field-level security (FLS) only works from native SF user interface. The appropriate fields are made visible, or editable based on profile only in standard SF pages. However, the moment you create a custom page, say using Visualforce or Javascript, and use Apex to query fields and populate a form, all bets are off.


According to Apex documentation, Apex does not observe profile based FLS rules, only observes roles based record sharing rules.


Even if you restrict it in the UI, the user can still access it through API. If you disable API for the user, then certain parts of your application, especially if it is custom application, may not function at all. 


What forceful says is not entirely true.


First, regarding FLS in Visualforce pages: it is true that a field on a Visualforce page will not respect FLS visibility rules, so if it's on the page it will show up.  However if that field is set to read-only using FLS then the user will not be able to save it.


Second, regarding FLS in the API, forceful is incorrect there.  The API respects FLS.  If a field is set to read only then a user will not be able to update it.  If the field is set in FLS to be invisible then it will not appear for that user at all in the API.