Skip to main content
Security

Field-Level Security (FLS)

Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.

Term Context

Category

Security

7 terms in this category

Related Terms

4

connected concepts

Glossary

66

total definitions

Field-Level Security (FLS) Explained

FLS operates independently from object-level permissions and record-level access. A user might have Read access to the Account object and see a specific Account record, but FLS can hide the Annual Revenue field from their profile entirely. For each field, FLS settings are binary per profile or permission set: Visible (the user can see the field) and Read-Only (the user can see but not edit). If a field is not visible, it is completely hidden, absent from page layouts, reports, list views, and API responses for that user.

FLS is critical for compliance and data governance. Common scenarios include hiding SSN fields from non-HR users, making salary data read-only for managers, and restricting API-only integration fields from the UI. In Apex, FLS is not enforced by default unless the code uses WITH SECURITY_ENFORCED in SOQL or Security.stripInaccessible. Clientell AI audits FLS configurations across all profiles and permission sets, flagging fields that are unnecessarily exposed and generating remediation metadata.

Related Salesforce Terms

4 terms

Profile

Administration

A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.

Permission Set

Administration

A Permission Set is a collection of permissions that can be assigned to users on top of their profile to grant additional access without changing the profile itself.

Organization-Wide Defaults (OWD)

Security

Organization-Wide Defaults define the baseline record access level for each object, establishing the most restrictive sharing setting before other mechanisms open access.

Sharing Rule

Security

A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.

Learn More

Permission ManagementAI Salesforce Admin

More in Security

View all →

Organization-Wide Defaults (OWD)

Organization-Wide Defaults define the baseline record access level for each object, establishing the most restrictive sharing setting before other mechanisms open access.

Sharing Rule

A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.

Shield Platform Encryption

Shield Platform Encryption encrypts sensitive data at rest in Salesforce using tenant-specific encryption keys, protecting it beyond standard database-level encryption.

Connected App

A Connected App is a configuration framework that enables an external application to integrate with Salesforce using OAuth 2.0, SAML, or other standard protocols.

Getting Started

Ready to transform your Salesforce?

Join hundreds of teams using Clientell AI to automate workflows and boost productivity.

Start free trialTalk to Sales

Unlimited messages  ·  No credit card required

SOC 2
HIPAA
GDPR
Salesforce Partner