Let me explain the permission hierarchy in Salesforce when it comes to field-level security (FLS): When both Profile and Permission Set have different levels of field access: 1. The most permissive setting wins 2. Permissions are additive, not restrictive So in your scenario: - If you give READ access in the Profile - But NO access in the Permission Set - The user will still have READ access to the field This is because: - Permission Sets are designed to grant additional access, not restrict it - They can't be used to revoke permissions that are already granted at the Profile level - The user will retain the READ access from their base Profile, regardless of the Permission Set settings To completely restrict access to the field: - You would need to remove access at both Profile AND Permission Set levels - Or remove access at the Profile level, since that's the base level of access Best Practice: - Keep minimal permissions in the base Profile - Use Permission Sets to grant additional access when needed - Don't rely on Permission Sets to restrict access that's already granted in the Profile
Preview:
downloadDownload PNG
downloadDownload JPEG
downloadDownload SVG
Tip: You can change the style, width & colours of the snippet with the inspect tool before clicking Download!
Click to optimize width for Twitter