[SalesForce] Field Level Security – Hide field for special User

in SF i created an sObject with custom fields. All users with admin permission can see all fields of this sObject. The user with the profile "Custom: Marketing Profile" should only see a few fields of this sObject but not all!

For this, i activated Field Level Security.

Security Controls > Field Accessibility > sObject > View by Fields > Select special Field > change Field Access to Hidden

If i logged in as an Custom: Marketing Profile user, i not see the Field in SF. As a admin i will see all fields.

Now i created an Lightning Component App and will show the field for the special users.

Unfortunately in LC my Custom: Marketing Profile will see all field of my sObject but i set the field access to hidden?! Why the Field Accessibilty not work in Lightning Component.

What should i do that LC only show the Fields which i selected in Field Accessibilty?

Best Answer

As per Standard Salesforce docs:

Lightning components don’t automatically enforce CRUD and FLS when you reference objects or retrieve the objects from an Apex controller. This means that the framework continues to display records and fields for which users don’t have CRUD access and FLS visibility.

You must manually enforce CRUD and FLS in your Apex controllers. For example, including the with sharing keyword in an Apex controller ensures that users see only the records they have access to in a Lightning component. Additionally, you must explicitly check for isAccessible(), isCreateable(), isDeletable(), and isUpdateable() prior to performing operations on records or objects.

So you need to set it manually. You can find more details here

Related Topic