Security: Scenario 3 Solution

The solution section provides an overview of how to solve this scenario, and why that solution was chosen.  The Solution Steps section immediately following outlines the exact steps used to replicate the solution.

Solution:

Remove field-level security access to the fax field on lead and account for the inside sales profile.

Optionally, remove the fax field from the corresponding page layouts.  Removing the fax fields from the page layouts does not remove access to the data through other means (reporting, API, etc.).

Solution Steps:

There are several different ways that you can change field-level security (1. Setup –> Security Controls –> Field Accessibility, 2. edit the profile, 3. on the field).  Which method you choose to use is up to you, but the net result will be the same!

  1. Setup –> Customize –> Leads –> Fields.  Click Fax.  Click Set Field-Level Security.  Uncheck visible from the Inside Sales profile.  Save.
  2. Setup –> Customize –> Accounts –> Fields.  Click Fax.  Click Set Field-Level Security.  Uncheck visible from the Inside Sales profile.  Save.

30 Responses to “Security: Scenario 3 Solution”

  1. mimmiem.o@gmail.com August 18, 2016 at 11:35 am #

    I did this scenario, but had the wrong idea in the beginning because I only thought about hiding the ‘Fax’ field from page layouts ( Contact and Accounts). I actually didn’t think about the Leads object.

    I did go through both scenario solutions, but i still have an issue. I’m not sure if i am understanding the question properly.

    When i logged in as ‘James Smith’ and i ran a report, i was still able to add the fax field onto the report, but i guess since they wont have that field available to capture when the ‘Inside Sales’ team capture leads there wouldn’t be anything to report, but if there was information there wouldn’t they be able to see it?

    • JohnCoppedge August 18, 2016 at 1:17 pm #

      That’s why you need to use field level security rather than page layouts – fls will remove reporting ability

      • mimmiem.o@gmail.com August 18, 2016 at 2:07 pm #

        Hi John

        I suppose this was the response to my question above. Thanks

        So you are saying that even though i was able to see the field in the reports, this profile would not be able to see any information ( even if there were fax numbers there) because that field is hidden from the ‘Inside Sales’ profile?

        Thanks.
        Mimmie

        • JohnCoppedge August 18, 2016 at 2:24 pm #

          I’m saying that that’s why removing the field from the page layout doesn’t necessarily prevent the user from seeing the data- they can report on it, access via the API, etc.

  2. rshanahan July 7, 2016 at 2:15 am #

    The instructions state that ‘the inside sales team should no longer collect or use fax numbers’. Therefore, I took that as throughout all of Salesforce, not just Leads/Accounts. So would it be safe to say that if I remove the Fax view/edit abilities from the Contact field section of the Profile that would suffice? By doing so, the Fax check boxes don’t even appear in Leads/Accounts (they only re-appear if the Fax check box within the Profile is enabled).

  3. CarlosSiqueira May 15, 2016 at 11:34 pm #

    Nice to see the other ways like going thru Security Controls as Jose Tejeda posted and Object Settings as Christopher Loncar showed.
    I would not go thru Page Layout since the user could still report it or maybe even serach it or create a formula field and get the data.
    I went Profile ==> Field-Level Security ==> Account ==> Fax ==> Unchecked
    Same for Lead and Contacts.

    • JohnCoppedge August 19, 2016 at 9:24 pm #

      There are often multiple paths to complete action in Salesforce, which I suppose is good and bad 😉

  4. Stattman April 1, 2016 at 1:42 pm #

    Hi John,

    I see that for this scenario, I could either modify the profile, select account object, and then field permissions…. Or I could follow the solution and customise object then FLS.
    They both seem to achieve the same result. For certification I’m wondering if there are scenarios where one method would be “more correct / appropriate” than the other? (More than one right answer on a multiple choice would get confusing).

    Thank you
    Mark

    • JohnCoppedge April 10, 2016 at 11:02 pm #

      Hey Mark,

      There is no “better” way from a ui standpoint – the exam is going to test you on what needs to be done not the click stream to get there. Good q!

  5. g.levy@mamacash.org February 6, 2016 at 5:35 pm #

    Hi John,

    In my org. I have a situation where group of employees carry certain profile and they use a certain Opportunity (that capture their work process). One individual should have extra fields that are not relevant for the other users, and those fields should not be relevant to the other users.

    If i remove all those fields from the opportunity and create 2 Permissions Sets (one for that individual for her fields, and Second for other users for their use of fields) – this means that they cannot report on each others fields

    The other options is to create a separate profile for that one individual and allow access to fields via Field level Security (and than all be able to report on all fields).

    Could you recommend me of best way to look at it?
    Thank you,
    Gil

    • JohnCoppedge February 8, 2016 at 2:41 pm #

      Yeah you’re on the right track. I would think about if the person with the elevated privileges is a “common” (or standard) user type (e.g. are you going to have many other users down the line assigned this set of permissions).

      If the answer to that is yes, then I’d lean towards a profile. Otherwise, I’d lean towards a permission set.

      Another question- will you need to assign those subset of permissions to users that belong to another profile? If yes, then permission set sounds more appealing again.

      • g.levy@mamacash.org February 8, 2016 at 8:02 pm #

        Great, thank you

  6. Dorothy Narvaez April 2, 2015 at 9:32 pm #

    So was wondering – is it necessary to also remove the check on the Contact Fax field?

    • JohnCoppedge April 3, 2015 at 2:01 pm #

      Yes. Removing the fax fields from the page layouts does not remove access to the data through other means (reporting, API, etc.).

      So if the user should not have access to the data, you absolutely need to disable access to the field. Make sure you really understand the difference, I would expect this to appear on the exam.

  7. Kevin Parsakia February 3, 2015 at 7:38 pm #

    I went with removing it from the page layouts, and modifying the FLS permissions. I didn’t consider the lead objects which is an excellent point. Would it make sense to consider cloning the page layout, or do you assume they wouldn’t see the data period with the FLS permissions?

    Thank you in advance

    • JohnCoppedge February 3, 2015 at 9:53 pm #

      Exactly – they can’t see the field even if it is listed on the page layout if the FLS doesn’t give them access.

  8. Jasmin Akerele January 16, 2015 at 11:41 pm #

    Hi John,
    Please help me to understand, following the steps to removing the viewing of Lead Fax and Account Fax from Inside Sales, I get. The part I dont understand is put how can I ensure Inside Sales ability to not “report” on these fields as well. It seem like the assignment is a two part scenario: 1.Users assigned the “Inside Sales” profile cannot VIEW or REPORT on the lead fax field or account fax field.

    • JohnCoppedge January 19, 2015 at 9:52 pm #

      Changing field level security (as in the steps above) will remove visibility to the field data itself, and therefore those users will no longer be able to report on this data (or access via the API). If you were simply to remove the field from the page layout, the users could potentially still report on the underlying data.

  9. Raajesh Kumar November 28, 2014 at 12:01 am #

    Don’t we need to remove the fax field from “Contact” object first?

    • JohnCoppedge November 28, 2014 at 2:51 am #

      You can’t remove standard fields (fax being a standard field) – you can only remove a user’s access to the field.

  10. Philip Belanger September 12, 2014 at 7:06 pm #

    I also went through manage users route, is this correct?
    setup>Manage Users>Profiles>’
    *Inside Sales
    *Page Layouts
    *Account Layouts then removed the Fax button and saved and then same for Leads Layout.

    • JohnCoppedge September 21, 2014 at 6:06 pm #

      Yes – there are many ways to change the same settings. I haven’t tested each of these but it would not surprise me if there were 3-4 different routes to accomplish the same configuration change.

    • tarahall813 September 1, 2015 at 2:28 pm #

      I know I’m a little late to the game here, but users would still be able to see the field in reports if it’s only removed from the page layouts. So keep in mind for confidential / sensitive fields, this solution alone won’t be sufficient.

  11. Christopher Loncar July 14, 2014 at 1:39 pm #

    I went another way and it seems to have the same result:
    Setup > Manage Users > Profiles
    * Choose “Inside Sales”
    * Choose “Object Settings”
    * Select Leads (or Accounts)
    * Edit
    and remove the Read permissions for Fax.

  12. Jose Tejeda May 7, 2014 at 5:35 am #

    Just an FYI-
    One can also navigate this way:
    Setup>Security Controls>Field Accessibility
    *Choose record type (LEAD)
    *Click “view by fields”
    *Select fax fields from dropdown menu (all record types will display containing Fax fields)
    *Under specific profile type, click on “Editable”
    *Uncheck “Visible” box from specific profile type.’ click save (field will now display “hidden”)

  13. Andrew June 19, 2013 at 6:04 pm #

    Should we disable the contact fax number too?

    • JohnCoppedge June 28, 2013 at 1:01 pm #

      Hi Andrew. Good catch – yes disabling fax on the contact records would be appropriate as well!

      • Jason Shin February 9, 2014 at 2:06 am #

        Same should go true for Leads’ fax/fax opt-out fields as well since both Sales & Marketing teams are phasing out the non-electronic form of communication.

      • Jaredander March 8, 2016 at 5:56 pm #

        I have also noticed that the fax is editable/viewable from the account details.

Leave a Reply