How to use Permission Set for Field Level Security

Field-level security in Salesforce restricts a user from accessing and viewing specific fields within a Salesforce object. This means that users can only access the fields necessary for their role, while they are prevented from viewing or editing any unnecessary fields. This functionality is particularly useful when you want to grant access to an object without allowing permission for certain fields to specific users.

In Salesforce, each user has a profile that contains essential information, such as login hours, object-level permissions, field-level permissions, password policies, and more. Field-level security can also be defined at this level for each user.

From winter '23, Salesforce has introduced an option to set field-level security within permission sets, which can provide more flexibility than profiles when managing field access.

In this blog, we will explore why we need permission sets for Field-Level Security, how to enable permissions for field-level security, and the advantages and disadvantages of utilizing permission sets for field-level security.

Why do we need a Permission Set for FLS? 

A permission set is a group of settings and permissions that lets a user access certain features in Salesforce. It allows us to give extra permissions to a user without changing any profile settings.

For example, if you have a custom profile called "Employee," and you have set up all the permissions for this profile and assigned it to five users, you cannot give extra permissions to just a few of those users through the profile. Any changes you make would affect all five users. Instead, you can use permission sets to grant specific permissions to selected users.

Permission sets are also helpful in situations where you want to give access to certain fields for users from different profiles or for a single user within a profile. This feature makes it easier to manage who can see certain fields by allowing you to create a separate permission set that includes the needed permissions for a specific group of users.

Turning on "Field-Level Security for Permission Sets during Field Creation" helps manage access to custom fields. You can set permissions when you create the field, so you don't have to do it later. This saves time and helps prevent mistakes, ensuring that the right people can access the right information from the start.

How to enable the Permission set for FLS 

Follow the steps below to enable the settings to use Permission Sets for FLS,

  👉 Go to Setup

  👉 In the Quick Find box, search for User Management Settings and select it.

  👉 Scroll down to ‘Field-Level Security for Permission Sets during Field Creation’ and enable it. 

Now you can set a field-level security for the permission set while creating a field. When you enable this setting in your org, the option will be enabled for all users.

Create Custom Fields with Field Level Security by Permission Sets

1. Go to Setup
2. Click on the Object Manager and select any standard or custom object
3. Select the Fields & Relationships and click on the New button
   1. Select the Datatype of the custom field and click on Next
   2. Enter the Field Label, Field Name, Description, and all other required fields. Click on Next
   3. Select the permission sets that need to have edit and read access to the custom field.
   4. Add the custom field to the Page Layout and click on Save.

Advantages of using the Permission set for FLS 

Let's consider a scenario where you need to set field-level security for a user who is assigned to the standard Salesforce platform user profile. However, there are two users within this profile, and you only need to grant access to one of them. To achieve this, you can create a permission set for the specific user and assign all the necessary permissions to access the fields.

In addition, you need to create two more fields for an object and grant access to that particular user. Thankfully, you have enabled the 'Field-Level Security for Permission Sets during Field Creation' option. This feature allows you to set field-level permissions at the time of field creation, so you don’t have to worry about manually configuring these permissions later.

Disadvantages of using the Permission set for FLS 

One drawback of enabling 'Field-Level Security for Permission Sets during Field Creation' is that it doesn't allow you to set field-level permissions for profiles at the time of field creation. Instead, it only permits you to add field-level permissions to the permission sets. If you must assign field-level security to profiles, you can turn off Field-Level Security for Permission Sets During Field Creation in User Management Settings at any time.

Conclusion 

We discussed extensively about permission sets, including how to enable permission sets for Field-Level Security and how to use the permission set efficiently for field-level security. We appreciate your time and engagement with this content. Happy Learning😊!