Toggle Side Panel
Close search

Activity Forums Salesforce® Discussions What are CRUD/FLS issues in Salesforce? How can it be resolved?

Tagged: , , , ,

  • Ravi

    Member
    April 30, 2016 at 2:20 PM

    Force.com allows developers and administrators to control access to data at many different levels. You can control access at the object-level, the record-level, and at the field-level.

    Object-level security within the salesforce.com environment is referred to as Create-Read-Update-Delete (CRUD) access. CRUD settings are applied at the profile level and can be used to restrict the actions that users can take on each type of standard and custom object. An example use of CRUD would be to remove the ability for a custom "auditor" profile to update, create, or delete any Account record.

    Field-level security (FLS) is configured similarly to CRUD but allows administrators to define the profiles that can see and write to most fields of standard and custom objects.

  • shariq

    Member
    September 19, 2018 at 11:45 AM

    Hi,

    FLS stands for field level security. FLS can be ensure by adding permission checks before performing DML.
    Suppose we are performing DML on account object and we want to ensure FLS for name field then :

    For an upsert DML
    Account acc = new Account();

    if(Schema.sObjectType.account.fields.name.isCreateable() && Schema.sObjectType.account.fields.name.isUpdateable()){
    acc.name = ‘Test’;
    }

    here it checks weather user has permission to update and create name field or not. this is how it is ensuring the FLS. similarly we can add checks for some other DML’s.

    Hope this helps!

    • This reply was modified 7 years, 5 months ago by  shariq.

  • Parul

    Member
    September 19, 2018 at 12:32 PM

    Hi

    Field Level Security or FLS gives you the provision to restrict particular individuals from accessing super sensitive and confidential information that are located in the records that they can see. FLS security is configured similar to CRUD but it allows the administrators to be able to pre-define the profiles that can see as well as write to most of the fields of the custom and standard objects.

     

     

    Thanks

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos