Security: Scenario 3 Solution

[ScenarioSolutionIntro]

[sc:ScenarioSolution ]

Remove field-level security access to the fax field on lead and account for the inside sales profile.

Optionally, remove the fax field from the corresponding page layouts.  Removing the fax fields from the page layouts does not remove access to the data through other means (reporting, API, etc.).

[sc:ScenarioSolutionSteps ]

[box type=”note” style=”rounded” border=”full”]There are several different ways that you can change field-level security (1. Setup –> Security Controls –> Field Accessibility, 2. edit the profile, 3. on the field).  Which method you choose to use is up to you, but the net result will be the same![/box]

  1. Setup –> Customize –> Leads –> Fields.  Click Fax.  Click Set Field-Level Security.  Uncheck visible from the Inside Sales profile.  Save.
  2. Setup –> Customize –> Accounts –> Fields.  Click Fax.  Click Set Field-Level Security.  Uncheck visible from the Inside Sales profile.  Save.

30 thoughts on “Security: Scenario 3 Solution”

  1. I did this scenario, but had the wrong idea in the beginning because I only thought about hiding the ‘Fax’ field from page layouts ( Contact and Accounts). I actually didn’t think about the Leads object.

    I did go through both scenario solutions, but i still have an issue. I’m not sure if i am understanding the question properly.

    When i logged in as ‘James Smith’ and i ran a report, i was still able to add the fax field onto the report, but i guess since they wont have that field available to capture when the ‘Inside Sales’ team capture leads there wouldn’t be anything to report, but if there was information there wouldn’t they be able to see it?

      1. Hi John

        I suppose this was the response to my question above. Thanks

        So you are saying that even though i was able to see the field in the reports, this profile would not be able to see any information ( even if there were fax numbers there) because that field is hidden from the ‘Inside Sales’ profile?

        Thanks.
        Mimmie

  2. The instructions state that ‘the inside sales team should no longer collect or use fax numbers’. Therefore, I took that as throughout all of Salesforce, not just Leads/Accounts. So would it be safe to say that if I remove the Fax view/edit abilities from the Contact field section of the Profile that would suffice? By doing so, the Fax check boxes don’t even appear in Leads/Accounts (they only re-appear if the Fax check box within the Profile is enabled).

  3. Nice to see the other ways like going thru Security Controls as Jose Tejeda posted and Object Settings as Christopher Loncar showed.
    I would not go thru Page Layout since the user could still report it or maybe even serach it or create a formula field and get the data.
    I went Profile ==> Field-Level Security ==> Account ==> Fax ==> Unchecked
    Same for Lead and Contacts.

  4. Hi John,

    I see that for this scenario, I could either modify the profile, select account object, and then field permissions…. Or I could follow the solution and customise object then FLS.
    They both seem to achieve the same result. For certification I’m wondering if there are scenarios where one method would be “more correct / appropriate” than the other? (More than one right answer on a multiple choice would get confusing).

    Thank you
    Mark

  5. Hi John,

    In my org. I have a situation where group of employees carry certain profile and they use a certain Opportunity (that capture their work process). One individual should have extra fields that are not relevant for the other users, and those fields should not be relevant to the other users.

    If i remove all those fields from the opportunity and create 2 Permissions Sets (one for that individual for her fields, and Second for other users for their use of fields) – this means that they cannot report on each others fields

    The other options is to create a separate profile for that one individual and allow access to fields via Field level Security (and than all be able to report on all fields).

    Could you recommend me of best way to look at it?
    Thank you,
    Gil

    1. Yeah you’re on the right track. I would think about if the person with the elevated privileges is a “common” (or standard) user type (e.g. are you going to have many other users down the line assigned this set of permissions).

      If the answer to that is yes, then I’d lean towards a profile. Otherwise, I’d lean towards a permission set.

      Another question- will you need to assign those subset of permissions to users that belong to another profile? If yes, then permission set sounds more appealing again.

    1. Yes. Removing the fax fields from the page layouts does not remove access to the data through other means (reporting, API, etc.).

      So if the user should not have access to the data, you absolutely need to disable access to the field. Make sure you really understand the difference, I would expect this to appear on the exam.

  6. I went with removing it from the page layouts, and modifying the FLS permissions. I didn’t consider the lead objects which is an excellent point. Would it make sense to consider cloning the page layout, or do you assume they wouldn’t see the data period with the FLS permissions?

    Thank you in advance

  7. Hi John,
    Please help me to understand, following the steps to removing the viewing of Lead Fax and Account Fax from Inside Sales, I get. The part I dont understand is put how can I ensure Inside Sales ability to not “report” on these fields as well. It seem like the assignment is a two part scenario: 1.Users assigned the “Inside Sales” profile cannot VIEW or REPORT on the lead fax field or account fax field.

    1. Changing field level security (as in the steps above) will remove visibility to the field data itself, and therefore those users will no longer be able to report on this data (or access via the API). If you were simply to remove the field from the page layout, the users could potentially still report on the underlying data.

  8. I also went through manage users route, is this correct?
    setup>Manage Users>Profiles>’
    *Inside Sales
    *Page Layouts
    *Account Layouts then removed the Fax button and saved and then same for Leads Layout.

    1. I know I’m a little late to the game here, but users would still be able to see the field in reports if it’s only removed from the page layouts. So keep in mind for confidential / sensitive fields, this solution alone won’t be sufficient.

  9. I went another way and it seems to have the same result:
    Setup > Manage Users > Profiles
    * Choose “Inside Sales”
    * Choose “Object Settings”
    * Select Leads (or Accounts)
    * Edit
    and remove the Read permissions for Fax.

  10. Just an FYI-
    One can also navigate this way:
    Setup>Security Controls>Field Accessibility
    *Choose record type (LEAD)
    *Click “view by fields”
    *Select fax fields from dropdown menu (all record types will display containing Fax fields)
    *Under specific profile type, click on “Editable”
    *Uncheck “Visible” box from specific profile type.’ click save (field will now display “hidden”)

      1. Same should go true for Leads’ fax/fax opt-out fields as well since both Sales & Marketing teams are phasing out the non-electronic form of communication.

Leave a Reply