+ Start a Discussion
THBrunoTHBruno 

Field level security vs. Flow

Hi all,

 

I was wondering what the effect is of field level security in flows.

 

Example: according to field level security, a user can only see 5 fields out of 10 of an object.

 

When I create a visual flow, I define 10 inputfields (one for each field in the object). Nevertheless, my user should only see 5 of them. Is this automatically taken into account?

 

My guess is no because there is no link between my defined inputfields and the object itself. Correct? If so, is there any way to take the advantage of field level security into flows?

 

Thanks!

 

Bruno

Best Answer chosen by Admin (Salesforce Developers) 
Peter_sfdcPeter_sfdc

You are correct that Flow, as of today, will not remove a UI element based on user's field level security. It will be validated on save, in this instance, and should not be accessible to display. 

 

If you nest your flow in a Visualforce page, there are ways that you can use Javascript to get to the HTML inside the flow. I wrote a blog post about it last week here:

 

http://blogs.developerforce.com/developer-relations/2013/08/setting-field-focus-in-visual-workflow.html

 

In this case, you would get to the fields in question and use myField.style.display='none' to make them disappear. 

 

The way you would leverage the user's FLS is by using a controller in the visualforce page and using the Apex describe features, building a map between the fields in the flow and the fields' accessibility for that user, then applying them accordingly. 

 

For a larger flow, this would entail some decent degree of effort, but it isn't impossible. 

 

 

All Answers

Sonam_SFDCSonam_SFDC

Hi Bruno,

 

In flows, the record elements use the security settings of the current user. So FLS and CRUD are enforced. As a result, if your profile doesn’t have access to the object or field, you won’t see them in the cloud-based Flow Designer.

Vinita_SFDCVinita_SFDC

Hello Bruno,

 

FLS will come into picture when you create/update a record from your flow. At flow screen FLS will not be applied. If user does not have access on the field and he submits a record for creation he will get an error.

 

THBrunoTHBruno

Thanks for the answers!

I understand that FLS is taken into account when an action is done on database level.

 

But what about the inputscreens? Is there any way inputfields on the screen can be managed by FLS?

 

Thanks!

Peter_sfdcPeter_sfdc

You are correct that Flow, as of today, will not remove a UI element based on user's field level security. It will be validated on save, in this instance, and should not be accessible to display. 

 

If you nest your flow in a Visualforce page, there are ways that you can use Javascript to get to the HTML inside the flow. I wrote a blog post about it last week here:

 

http://blogs.developerforce.com/developer-relations/2013/08/setting-field-focus-in-visual-workflow.html

 

In this case, you would get to the fields in question and use myField.style.display='none' to make them disappear. 

 

The way you would leverage the user's FLS is by using a controller in the visualforce page and using the Apex describe features, building a map between the fields in the flow and the fields' accessibility for that user, then applying them accordingly. 

 

For a larger flow, this would entail some decent degree of effort, but it isn't impossible. 

 

 

This was selected as the best answer
THBrunoTHBruno

Hi Peter,

 

Thanks a lot for your suggestion! Just what I needed!