What is the most important tip for working with Logged-in User?

Quick Fact: Every Salesforce session has exactly one logged-in user. Every record-access check, field-level security check, and audit trail entry derives from this user, which is why the concept is foundational across the platform.

Core CRMBeginner

Logged-in User

Q: What is the Logged-in User?

The Logged-in User is whoever currently has an active Salesforce session, with their permissions controlling what they can do.

Q: How is the logged-in user referenced in formulas?

$User is the global variable for accessing logged-in user info in formulas, validation rules, and Visualforce.

Q: How is it accessed in Apex?

Apex uses the UserInfo class for accessing logged-in user information.

The Logged-In User in Salesforce is the User record that owns the current session.

Hear it

§ 01

Definition

The Logged-In User in Salesforce is the User record that owns the current session. Every Salesforce session, whether through the UI, the API, a Connected App, or a flow, runs in the context of one user. The session''s permissions, sharing access, profile settings, and audit trail all derive from this user. Formula functions ($User.Id, $User.FirstName), Apex methods (UserInfo.getUserId(), UserInfo.getProfileId()), and Lightning Component context all expose the logged-in user as a fundamental piece of session state.

The concept matters because Salesforce''s entire security model is user-centric. Record access is determined by the logged-in user''s sharing; field-level security is determined by the user''s profile and permission sets; report visibility is determined by the user''s role hierarchy and folder access. Every Apex call, Visualforce page, Lightning Component, and integration callout runs as a specific user. Knowing how to identify, log, and respect the logged-in user is foundational for any Salesforce build that needs to be secure, auditable, or personalized.

§ 02

How the Logged-In User context drives every Salesforce operation

$User merge fields in formulas

Formula fields, validation rules, email templates, and Visualforce pages all access the logged-in user via the $User global. $User.Id returns the user ID; $User.FirstName, $User.LastName, $User.Email, $User.UserName, and custom fields are all reachable. The $User merge fields make personalization trivial: an email template that says Hi $User.FirstName produces the right greeting per recipient.

UserInfo class in Apex

Apex exposes the logged-in user via the UserInfo system class. UserInfo.getUserId() returns the user ID; UserInfo.getProfileId() returns the profile; UserInfo.getOrganizationId() returns the org ID. UserInfo.getName(), UserInfo.getEmail(), UserInfo.getLocale() and other methods cover most session-context needs. UserInfo is static; no instantiation needed.

Lightning Component user context

Lightning Web Components access the logged-in user via the @salesforce/user module. import userId from ''@salesforce/user/Id''; import userName from ''@salesforce/user/Name''; The component receives the values as static imports, which the framework resolves at runtime. No Apex call needed for basic user info.

Run As vs. logged-in

Flows and processes have a Run As setting that decides whose context the automation runs in. The default is User Who Launched the Flow (the logged-in user). The alternative is System Mode, which bypasses sharing and FLS entirely. System Mode is sometimes necessary but always increases security risk; default to user-mode unless system-mode is genuinely required.

Audit fields populated from logged-in user

Every record gets CreatedById and LastModifiedById fields populated automatically from the logged-in user at the time of insert and update. The audit chain is the standard mechanism for tracking who did what. Apex code running as a service account (integration user) populates these with the integration user''s ID, which is why audit queries should filter on user type.

Login flows and session events

Salesforce ships Login Flows that run when a user logs in (custom MFA prompts, terms-of-service acceptance, password resets). These flows have access to the logged-in user as the standard context. Real-Time Event Monitoring also captures login and session events with the user as the primary key.

Integration user vs. real user

Integrations authenticate as a user (an Integration User license user, or a regular user). The integration user is the logged-in user for the duration of the API session; every operation traces to them. Distinguishing integration users from real users in audit and reporting matters for security analysis.

§ 03

Access and use the logged-in user context

Access patterns differ by surface: formulas, Apex, Lightning, flow. Pick the right pattern per the use case.

In formulas, use $User merge fields
$User.Id, $User.FirstName, $User.Email, etc. Drop them into formula fields, validation rules, email templates, Visualforce.
In Apex, use UserInfo
Id myId = UserInfo.getUserId(); String myProfile = UserInfo.getProfileId(); No instantiation needed.
In Lightning Web Components, import from @salesforce/user
import userId from ''@salesforce/user/Id''; The component receives the value statically at render time.
In Flow, use $User global variable
{!$User.Id}, {!$User.FirstName}, etc., in any flow formula or merge field.
For impersonation testing
Setup, Users, click Login next to the user. Salesforce switches the session to that user for testing. Use sparingly; document the impersonation.
For audit reporting
Query CreatedById and LastModifiedById on the relevant object. Group by user to surface activity patterns.

Mandatory fields

User contextrequired

Every session has a logged-in user; access patterns differ by surface.

Profile and Permission Setsrequired

Decide what the logged-in user can do.

CreatedById / LastModifiedByIdrequired

Audit fields populated automatically.

Run As setting (Flow)required

Decides whether automation respects the logged-in user.

Gotchas

System Mode flows bypass the logged-in user''s sharing. Use only when absolutely required.
Integration users are the logged-in user for the API session. Audit reports must distinguish them from real users.
Impersonation (Login As) changes the logged-in user temporarily. Audit fields still track the impersonating user; document the use.
The $User global in formulas evaluates at render time, not at record save. Use $User in display contexts; use UserInfo in code logic.

Trust & references

Sources

Cross-checked against the following references.

UserInfo Apex ClassSalesforce Developers
Users OverviewSalesforce Help

Official documentation

Straight from the source - Salesforce's reference material on Logged-in User.

User Object ReferenceSalesforce Developers

Keep learning

Hands-on resources to go deeper on Logged-in User.

Data SecurityResource ·

Was this entry helpful?

Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

Test your knowledge

Q1. What is the Logged-in User?

Q2. How is the logged-in user referenced in formulas?

Q3. How is it accessed in Apex?

Discussion

Loading…

Loading discussion…

Back to Dictionary