Field-Level Security

Security of fields is determined by a combination of the profile and the page layout.The
more restrictive of the two always takes precedence.The two ways to edit field-level security
are through the profile directly using the Field-Level Security section or through a
feature called Field Accessibility. Field Accessibility is a bit more sophisticated because it
provides a consolidated view of fields across page layouts and profiles.

Field-Level Security in Profiles

To reach the field-level security section, click Setup, and in the Administration Setup area,
click Manage Users --> Profiles. Select a profile by clicking its name and scroll down to
the Field-Level Security section. Click the View link next to the object name, such as Project.


The two possible states for a field are visible and read-only. Fields marked as visible are
available for display on page layouts belonging to this profile. Read-only fields might also
be visible on a page layout, but values in these fields cannot be modified.

Field Accessibility

Field Accessibility addresses the finer control of fields provided through the combination
of page layout and profile.The more restrictive of two settings always wins. So, if a page
layout defines a field as read-only that is defined in the profile as being invisible, the profile
takes precedence, and the field is hidden. Field Accessibility provides an easy way to
see this behavior in action.
To use Field Accessibility, click Setup, and in the Administration Setup area, click
Security Controls ➝ Field Accessibility. Select an object and then drill in by Field or Profile
to see the corresponding field accessibility table. Each field has one of four accessibility
values:
 Required: If a field is defined as required in its page layout and visible in its profile,
it is a required field.This means for a record to be saved, it must contain a value
for this field.
 Editable: A field defined as visible in both the page layout and the profile is designated
as editable.This field appears to the user and can be modified.
 Read-Only: If a field is declared read-only on its profile or visible in its profile and
read-only in its page layout, then it is a read-only field. It appears in the page layout,
but its value cannot be modified.
 Hidden: Fields that are set to invisible on their profile or page layout are hidden.
Hidden fields are never shown to the users of this profile.
Try marking a field as read-only in its page layout but invisible in its profile.Then hover
the cursor over the word Hidden in the Field accessibility table.You’ll see the message that
the field is hidden because of Field Security. If you edit the field again and make it visible
via the profile, the field becomes read-only per the page layout.