You need to sign in to do that
Don't have an account?
iainfarq
Field vs Object level security
Hi,
Quick question - I'm setting Read/Create/Edit/Delete custom object permissions on profiles - I'm not sure how this affects field level permissions (also set on profile). If I set a custom object on a profile to have no R/C/E/D permissions do I also need to set the field level security to invisible for each field?
My assumption is that Object level security trumps field level security..is that correct?
Cheers.
You are correct. If the user does not have CRUD to the Account object, they cannot see any of the Account fields. Field Level Security (FLS) is for fine tuning individual fields that a profile already has CRUD for.
Example:
Profile1 - CRUD access to Account
If Account has a custom field called secret__c, you could use FLS to make secret__c hidden, or make it Read Only. Profile1 can read, update, or delete any other fields
Profile2 - R access to Account
You don't need to mark secret__c as Read Only, because Profile2 does not have Update access to Account. Their maximum permission to all Account records is Read. If you want to hide secret__c, you would set FLS to hidden (uncheck the Visible checkbox.)
Profile3 - No CRUD access to Account
Zero permissions to any account records. No need to set FLS
Hope that helps!
All Answers
You are correct. If the user does not have CRUD to the Account object, they cannot see any of the Account fields. Field Level Security (FLS) is for fine tuning individual fields that a profile already has CRUD for.
Example:
Profile1 - CRUD access to Account
If Account has a custom field called secret__c, you could use FLS to make secret__c hidden, or make it Read Only. Profile1 can read, update, or delete any other fields
Profile2 - R access to Account
You don't need to mark secret__c as Read Only, because Profile2 does not have Update access to Account. Their maximum permission to all Account records is Read. If you want to hide secret__c, you would set FLS to hidden (uncheck the Visible checkbox.)
Profile3 - No CRUD access to Account
Zero permissions to any account records. No need to set FLS
Hope that helps!
Thanks that clarifies things a great deal!