Aug 21, 2024

A big loophole in field level security !

We all use field level security as a trustworthy way of hiding selected fields from an entity where user could have the access rights for remaining fields. 

Typical scenario could be, Contact entity is a very generic type yet you could have sensitive details such as salary, bank details or marital status etc. Here field level security come in handy since you can hide only those fields for selected users.

Loophole

Well..keep in mind if users are allowed to check audit history of the record, irrespective of field level security setting, user will see all the audit details of all the fields those are enabled for auditing. This is not ideal isn't it?  :-( 

No comments:

Post a Comment