I know with permission sets and sharing rules you can limit visibility and how users can interact with entire records. Is there any way to limit visibility of fields? We are looking to make the basic details of records available to everyone but for people with the same role we want details to only be available to the owner and people higher up in the hierarchy.
I'm imagining this will have to be a customized detail page using Visualforce, but wanted to see if anyone knew of an approach that didn't require development.
Attribution to: Ryan Elkins
Possible Suggestion/Solution #1
I know this was an older question, but you kind of can with a formula field...
We had a need to limit visibility to a "Reserve" field on our Opportunities to only the record owner, and the Roles above. Another wrinkle was to only allow the record owner, or manager to update this "Reserve" field, but not peers
the solution I came up with was to create a formula field, "User Visible Reserve" that displays the value if UserID = OwnerID, else display $0, as well as a new field called New Reserve.
I created a workflow that would take the "New Reserve" and pass it to the "Reserve" field IF UserID = Owner ID, and a Validation Rule that would display an error if there was not a match
I also used 2 Page Layouts, one for the Reps and one for Managers. The Rep layout did not have the "Reserve" field only "User Visible Reserve" and "New Reserve" The Manager page layout had all 3
Although a determined Rep could create a list view or report to see the "Reserve" field of Opps owned by a peer, those permissions could be revoked, and this provides a decent solution for our business
Attribution to: Robert Craven
Possible Suggestion/Solution #2
Kind of. You can set field-level permissions by Profile and by Permission Set. You could set a base profile with the least access and then add access by permission set to those that need increased visibility.
Attribution to: Mike Chale
Possible Suggestion/Solution #3
The profiles are something through which you can handle this .You will have to get away with roles and somehow manage with profiles to achieve this requirement.Field level security applies for profile and roles have no control over field visibilty.May be having different profiles may help here
Attribution to: Mohith Shrivastava
Possible Suggestion/Solution #4
No, this isn't possible. You either have Read-Only or you have Read/Write access to a field. This does not change with ownership of records. Depending on your use case you may be able to pull it off via a Visualforce page which dynamically shows fields depending on ownership.
Please note, though: Regular field-level security will still apply when users run reports, i.e. if they have field-level access to a field, they will be able to see the value of it in reports for any record they have access to.
Attribution to: JLiljegren__c
Possible Suggestion/Solution #5
The short answer is no - there is no concept of dynamic field level security which is conditional in nature (e.g. show the field if I own the record or above the record owner in the role hierarchy but hide it from everyone else). As the other posts indicate, FLS is a static permission that crosses all conditions and is tied in positive fashion to a user.
However, there are some work around solutions. For instance, before binding a field in a visualforce page, you can put a conditional in place around an attribute of the current user including their profile (e.g. if System Admin, show field, otherwise hide it). This is security through obfuscation since non-visualforce interfaces that read this record would of course show the field (e.g. search, reports, list views, etc...).
Attribution to: Adam Torman
Possible Suggestion/Solution #6
Easy way out of this would be to just use profiles and have different page layouts for each profile. This was you can hide certain fields from others. But it does not work the suggested, ie. you can't do it by role. If the owner has a limited profile, he or she will only see those fields the page layout shows.
Attribution to: akarnid
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/4520