Overview of field-level security
Field-level security lets you set which fields users can see or edit. For example, if want to prevent users from accidentally changing an account number, you can restrict them from editing that field. Field-level security is available for the default fields on most entities and custom fields. Field-level security is managed by the security profiles. To implement field-level security, a system administrator performs the following tasks:
-
Enable field security on one or more fields for a given entity.
-
Associate one more existing security profiles, or create one or more new security profiles to grant the appropriate access to specific users or teams.
A security profile determines the following:
-
Permissions to the secure fields
-
Users and Teams
A security profile can be configured to grant user or team members the following permissions at the field level:
-
Read. Read-only access to the field’s data.
-
Create. Users or teams in this profile can add data to this field when creating a record.
-
Update. Users or teams in this profile can update the field’s data after it has been created.
A combination of these three permissions can be configured to determine the user privileges for a specific data field.
Best practices when you use field security
- When you use calculated fields that include a field that is secured, data may be displayed in the calculated field to users that don’t have permission to the secured field. In this situation, both the original field and the calculated field should be secured.
- Some data, such as addresses, are actually made up of multiple fields. Therefore, to completely secure data that includes multiple fields, such as addresses, you must secure and configure the appropriate field security profiles on multiple fields for the entity. For example, to completely secure addresses for an entity, secure all relevant address fields, such as address_line1, address_line2, address_line3, address1_city, and so on.
- It is possible to adjust the display on fields based on security profiles, so that you can limit who can view the information in a specific field. For example, some firms choose to to add a Client Restrictions field to the Contact page, but don't necessarily want all users to see what is displayed in this field.
Set up security permissions for a field
You can restrict access to a field by creating a field security profile. After you create the profile, you assign users to that profile, and set up specific read, create, or write permissions for the field.
1. Only System Administrators are able to make the following updates.
2. Go to Settings > Security.
3. Click Field Security Profiles, and then on the command bar, click New.
4. Enter a name and a description (optional) and click Save.
5. Under Common, click Field permissions.
6. Select a field, and then click Edit.
7. Select the permissions that you want to assign to users or teams, and then click OK.
8. To add users or teams:
a. Under Members, click Teams or Users.
b. On the command bar, click Add.
c. In the Look Up Records dialog box, select a team or user from the list (or search for a team or user), and then click Select.
d. Repeat the preceding steps to add multiple teams or users, and then click Add.
Enable or disable security for a field to control access
-
Go to Settings > Customizations.
-
Click Customize the System.
-
Under Components, expand Entities, expand the entity that has the field you want to secure, and then click Fields.
-
In the list of fields, double-click the field you want to secure.
-
In the Field window, on the General tab, to the right of Field Security, specify whether to Enable or Disable security for the field.
-
Click Save or Save and Close.
-
When your customizations are complete, publish them:
-
To publish customizations for only the entity that you are currently editing, in the navigation pane, select the entity, and then click Publish.
-
To publish customizations for all unpublished entities at one time, in the navigation pane, click Entities, and then on the command toolbar, click Publish All Customizations.
-