Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Field-Level Security entry
How-to guide

How to configure Field-Level Security

Configuring Field-Level Security is one of the most-done admin tasks in any Salesforce org. The configuration is per-field per-Profile, so the work multiplies fast on orgs with many custom fields and many Profiles.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated May 16, 2026

Configuring Field-Level Security is one of the most-done admin tasks in any Salesforce org. The configuration is per-field per-Profile, so the work multiplies fast on orgs with many custom fields and many Profiles.

  1. Open Setup and navigate to the field

    Setup > Object Manager > select the object > Fields & Relationships > select the field. The field detail page has a Set Field-Level Security button at the top.

  2. Click Set Field-Level Security

    The button opens a matrix of Profiles with Read and Edit checkboxes for the field. The matrix is per-field, not per-Profile, so you set FLS for one field across all Profiles at once.

  3. Set Read and Edit per Profile

    Tick Read for Profiles that should see the field, Edit for Profiles that should also change it. Default to least-privilege; grant access only to Profiles that need it.

  4. Save

    Click Save. The change takes effect immediately for all users on those Profiles.

  5. Repeat for Permission Sets

    Permission Sets carry their own FLS. Setup > Users > Permission Sets > select the Permission Set > Field-Level Security configures FLS through Permission Sets, which is the cleaner pattern for granular field access.

  6. Test with representative users

    Log in as a user on a Profile or Permission Set whose FLS you just configured and confirm the field appears (or does not appear) as expected.

  7. Default FLS for new fields

    Configure at field creation. The dialog at the end of field creation lets you grant FLS to specific Profiles immediately.

Key options
Read accessremember

Required for the field to appear at all.

Edit accessremember

Required for the field to be writable. Read=true with Edit=false produces a read-only field.

Gotchas
  • FLS is invisible to users. A user who cannot see a field cannot tell whether the field is blank or whether they lack access. This is a feature, not a bug, but it produces confusing "the field is missing" support tickets.
  • Required-on-Page-Layout + Read=false in FLS produces an unsaveable record. Align Page Layout and FLS settings to prevent this.
  • FLS configured per Profile multiplies fast. Prefer FLS through Permission Sets so granting field access does not require Profile-level edits.
  • Integration users typically need broader FLS than human users. Build a dedicated Integration User Profile and audit it carefully.

See the full Field-Level Security entry

Field-Level Security includes the definition, worked example, deep dive, related terms, and a quiz.