Apex Code Development (89878)
General Development (54729)
Visualforce Development (37149)
Lightning (17587)
APIs and Integration (16778)
Trailhead (11582)
Formulas & Validation Rules Discussion (11173)
Other Salesforce Applications (8010)
Jobs Board (6637)
Force.com Sites & Site.com (4797)
Mobile (2662)
You need to sign in to do that
Don't have an account?
desidsk hi,
If I have a field on my custom object which is hidden from particular user profile.
Even though , can user of that profile read or write this field through Apex code or web service API
Thanks,
dsk
Removing a field from the Page Layout will prevent a user from seeing the field directly, but is not a security measure. The field will still show up via the API or the Search menu unless the FLS is set to Hidden.
The API will enforce all Sharing, CRUD, and FLS settings of the current user. Apex With Sharing mode will NOT enforce FLS by default. Apex With Sharing only applies sharing rules, not Field Level Security.
If the Field(s) in question are bound to a VisualForce page, VF will enforce the FLS automatically, as long as an S-Object is used. If this is purely Apex code, Apex will not pay attention to FLS by default. If you want your Apex code to follow FLS, check out the Force.com ESAPI here:
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Force.com
All Answers
Removing a field from the Page Layout will prevent a user from seeing the field directly, but is not a security measure. The field will still show up via the API or the Search menu unless the FLS is set to Hidden.
The API will enforce all Sharing, CRUD, and FLS settings of the current user. Apex With Sharing mode will NOT enforce FLS by default. Apex With Sharing only applies sharing rules, not Field Level Security.
If the Field(s) in question are bound to a VisualForce page, VF will enforce the FLS automatically, as long as an S-Object is used. If this is purely Apex code, Apex will not pay attention to FLS by default. If you want your Apex code to follow FLS, check out the Force.com ESAPI here:
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Force.com
Thanks Brendan.