You need to sign in to do that
Don't have an account?
THBruno
Field level security vs. Flow
Hi all,
I was wondering what the effect is of field level security in flows.
Example: according to field level security, a user can only see 5 fields out of 10 of an object.
When I create a visual flow, I define 10 inputfields (one for each field in the object). Nevertheless, my user should only see 5 of them. Is this automatically taken into account?
My guess is no because there is no link between my defined inputfields and the object itself. Correct? If so, is there any way to take the advantage of field level security into flows?
Thanks!
Bruno
You are correct that Flow, as of today, will not remove a UI element based on user's field level security. It will be validated on save, in this instance, and should not be accessible to display.
If you nest your flow in a Visualforce page, there are ways that you can use Javascript to get to the HTML inside the flow. I wrote a blog post about it last week here:
http://blogs.developerforce.com/developer-relations/2013/08/setting-field-focus-in-visual-workflow.html
In this case, you would get to the fields in question and use myField.style.display='none' to make them disappear.
The way you would leverage the user's FLS is by using a controller in the visualforce page and using the Apex describe features, building a map between the fields in the flow and the fields' accessibility for that user, then applying them accordingly.
For a larger flow, this would entail some decent degree of effort, but it isn't impossible.
All Answers
Hi Bruno,
In flows, the record elements use the security settings of the current user. So FLS and CRUD are enforced. As a result, if your profile doesn’t have access to the object or field, you won’t see them in the cloud-based Flow Designer.
Hello Bruno,
FLS will come into picture when you create/update a record from your flow. At flow screen FLS will not be applied. If user does not have access on the field and he submits a record for creation he will get an error.
Thanks for the answers!
I understand that FLS is taken into account when an action is done on database level.
But what about the inputscreens? Is there any way inputfields on the screen can be managed by FLS?
Thanks!
You are correct that Flow, as of today, will not remove a UI element based on user's field level security. It will be validated on save, in this instance, and should not be accessible to display.
If you nest your flow in a Visualforce page, there are ways that you can use Javascript to get to the HTML inside the flow. I wrote a blog post about it last week here:
http://blogs.developerforce.com/developer-relations/2013/08/setting-field-focus-in-visual-workflow.html
In this case, you would get to the fields in question and use myField.style.display='none' to make them disappear.
The way you would leverage the user's FLS is by using a controller in the visualforce page and using the Apex describe features, building a map between the fields in the flow and the fields' accessibility for that user, then applying them accordingly.
For a larger flow, this would entail some decent degree of effort, but it isn't impossible.
Hi Peter,
Thanks a lot for your suggestion! Just what I needed!