+ Start a Discussion
dmchengdmcheng 

Field level security and UI search / API search

If I use field level security to hide a field for a custom profile, a user in the profile can still global search for text in that field and the record will appear in the results, even though the field is hidden. Is that supposed to happen?

Furthermore, I have an external website making SOSL searches through the SOAP API using this custom profile, and this is also finding the record. (The SOSL search uses ALL FIELDS.) But the API documentation explicitly states that API calls respect field level security.

Is there a way to guarantee that UI search and API SOSL/SOQL search respect field level security?

Thanks
David
Best Answer chosen by dmcheng
Sonam_SFDCSonam_SFDC
As is mentioned in the FLS documentation: https://help.salesforce.com/HTViewHelpDoc?id=admin_fls.htm&language=en_US

Field-level security doesn’t prevent searching on the values in a field. When search terms match on field values protected by field-level security, the associated records are returned in the search results without the protected fields and their values.

All Answers

Sonam_SFDCSonam_SFDC
As is mentioned in the FLS documentation: https://help.salesforce.com/HTViewHelpDoc?id=admin_fls.htm&language=en_US

Field-level security doesn’t prevent searching on the values in a field. When search terms match on field values protected by field-level security, the associated records are returned in the search results without the protected fields and their values.
This was selected as the best answer
dmchengdmcheng
Thanks, I searched everywhere else except I didn't read the documentation, sigh.