[SalesForce] Salesforce shield and global search

If I enable Salesforce shield platform encryption and start encrypting standard and/or custom fields like Contact.LastName or Contact.Marital_Status__c for example.

What will happen if I do a global search?

  1. When I have "View Encrypted Fields" permission
  2. When I DON'T have "View Encrypted Fields" permission

Since Shield encrypts data at rest, will it include that data in the search results?

Assume that I have FLS and data access to the field and record.

Best Answer

There is a little information available about this topic as this is a paid feature and some of its part is in pilot.

As per the implementation guide search index files are not encrypted. It means user may get the records based on search term However, field will be masked for users not having "View Encrypted" Permission.

Search index files are not encrypted. Encrypted search indexes are available to some customers on a pilot basis. Talk to your Salesforce representative if you’d like to join the pilot program. See the Summer ’16 Release Notes for details.

Without Encryption:

Users without the “View Encrypted Data” permission can still do these things with encrypted fields:

  • Change the value of an encrypted field, unless the field-level security is set to read only.
  • See encrypted fields in search results, although their values are masked.
  • Create contact and opportunity records from Chatter actions, related lists on account detail pages, and Quick Create.

Note that field like Name, LastName, First have their own behavior when encrypted using Shield encryption.

Related Topic