You need to sign in to do that
Don't have an account?
dmcheng
Field level security and UI search / API search
If I use field level security to hide a field for a custom profile, a user in the profile can still global search for text in that field and the record will appear in the results, even though the field is hidden. Is that supposed to happen?
Furthermore, I have an external website making SOSL searches through the SOAP API using this custom profile, and this is also finding the record. (The SOSL search uses ALL FIELDS.) But the API documentation explicitly states that API calls respect field level security.
Is there a way to guarantee that UI search and API SOSL/SOQL search respect field level security?
Thanks
David
Furthermore, I have an external website making SOSL searches through the SOAP API using this custom profile, and this is also finding the record. (The SOSL search uses ALL FIELDS.) But the API documentation explicitly states that API calls respect field level security.
Is there a way to guarantee that UI search and API SOSL/SOQL search respect field level security?
Thanks
David
Field-level security doesn’t prevent searching on the values in a field. When search terms match on field values protected by field-level security, the associated records are returned in the search results without the protected fields and their values.
All Answers
Field-level security doesn’t prevent searching on the values in a field. When search terms match on field values protected by field-level security, the associated records are returned in the search results without the protected fields and their values.