we are committed to delivering innovative solutions that drive growth and add value to our clients. With a team of experienced professionals and a passion for excellence.

Follow us

“View All Fields” Permission – Understanding Field Visibility Controls

“View All Fields” Permission – Understanding Field Visibility Controls

Images
Authored by
Nitish Jadhav
Date Released
June 30, 2026
Comments
No Comments

INTRODUCTION

Field-level security (FLS) in Salesforce is designed to control which users see which fields. It’s a fundamental security control that allows organizations to hide sensitive data from users who don’t need it. A user without FLS access to a field can’t see it on record pages, in reports, or in APIs.

Spring ’26 introduces a new permission that challenges this model: “View All Fields.” When enabled, it allows users to see all fields on an object, regardless of their field-level security configuration. It’s powerful, potentially useful, and potentially dangerous depending on how it’s used.

This post explores what the “View All Fields” permission does, why Salesforce added it, when it’s appropriate to use, and critical security considerations for administrators.


UNDERSTANDING FIELD-LEVEL SECURITY

How FLS Currently Works

Field-Level Security Basics

What FLS Does:

  • Controls field visibility at the profile/permission set level
  • User without FLS read access: can’t see field
  • User without FLS edit access: can see but can’t edit field
  • Applies to:
    • Record page layouts
    • Reports
    • Dashboards
    • List views
    • API responses
    • Flows and Apex

How It Works:

User tries to access field

→ System checks profile/permission set

→ If FLS allows read: User sees field

→ If FLS allows edit: User can modify field

→ If FLS blocks: User doesn’t see field at all

Example:

Account object has fields:

– Name (visible to all)

– Annual Revenue (Finance only – FLS restricts)

– Credit Limit (Finance only – FLS restricts)

Sales user:

– Can see Name

– Cannot see Annual Revenue (no FLS read)

– Cannot see Credit Limit (no FLS read)

Finance user:

– Can see Name

– Can see Annual Revenue (FLS allows read)

– Can edit Credit Limit (FLS allows read + edit)

Why FLS Matters

Security Purpose:

  • Prevents unauthorized data access
  • Enforces data classification
  • Complies with data protection regulations
  • Ensures least privilege access

Common Use Cases:

  • Hide salary data from non-HR
  • Hide social security numbers
  • Hide financial data from non-Finance
  • Hide health information from non-Medical
  • Hide personal data from non-Admin

THE “VIEW ALL FIELDS” PERMISSION

What the New Permission Does

What “View All Fields” Permission Is

Definition:
A permission that grants read-only visibility to all fields on an object, regardless of field-level security configuration.

Key Characteristic:

  • Bypasses field-level security restrictions
  • Applies to all fields on the selected object
  • Read-only (doesn’t grant edit access)
  • Can be assigned per object or globally

What It Does

User Experience:

  • Without “View All Fields” permission:
    • User sees fields their profile/permission set allows
    • Sensitive fields hidden by FLS
  • With “View All Fields” permission:
    • User sees all fields on object
    • Even fields normally hidden by FLS
    • FLS restrictions bypassed for visibility only

Concrete Example:

  • Account object with “View All Fields” enabled:
  • Sales Rep WITHOUT permission:
    • Sees: Name, Industry, Website
    • Doesn’t see: Annual Revenue, Credit Limit, Internal Notes
  • Sales Rep WITH permission:
    • Sees: Name, Industry, Website
    • ALSO sees: Annual Revenue, Credit Limit, Internal Notes
    • But cannot edit them (unless FLS allows)

Scope and Applicability

Per-Object:

  • Assigned at object level
  • Can grant “View All Fields” for Account
  • But not for Contact
  • Granular control

Read-Only:

  • Allows viewing only
  • Edit access still controlled by FLS
  • User can see field but can’t edit it
  • Unless FLS specifically allows edit

What It Doesn’t Override:

  • Record-level access (sharing model)
  • Edit permissions on fields
  • Apex-level access controls
  • API visibility restrictions (generally)

SECURITY CONSIDERATIONS AND RISKS

Why This Permission Requires Careful Management

Risk 1: Accidental Over-Access

The Risk:
Admin assigns “View All Fields” thinking it’s only for specific fields, but it applies to all fields.

Scenario:

Admin: “I’ll assign ‘View All Fields’ for Account to Sales team”

Intention: See customer financial data (Annual Revenue, Industry)

Reality: See customer health data, personal notes, internal risk assessments

Unintended access to sensitive information

Mitigation:

  • Understand permission scope before assigning
  • Test in sandbox
  • Document intent
  • Audit assignments regularly

Risk 2: Security Model Bypass

The Risk:
“View All Fields” bypasses the field-level security model the organization designed.

Scenario:

Organization policy: Finance fields visible only to Finance team

Sales manager gets “View All Fields” for some reason

Sales manager now sees all Account fields including financial data

Security model breached

Mitigation:

  • Assign only when necessary
  • Document justification
  • Audit regularly
  • Consider alternatives

Risk 3: Accidental Data Exposure

The Risk:
User with “View All Fields” shares information they see with someone who shouldn’t have access.

Scenario:

Support agent with “View All Fields” sees customer credit limit

Shares limit with colleague who shouldn’t see it

Data exposure

No audit trail of who accessed what

Mitigation:

  • Control assignment carefully
  • Train users on data sensitivity
  • Maintain audit logs
  • Monitor for abuse

Risk 4: Compliance Violations

The Risk:
“View All Fields” grants access to regulated data, creating compliance issues.

Scenario:

Organization subject to HIPAA (health data)

Employee shouldn’t have access to patient data

Employee gets “View All Fields” for Contact

Now has access to patient health information

HIPAA violation

Mitigation:

  • Understand regulatory requirements
  • Audit “View All Fields” assignments against regulations
  • Document compliance rationale
  • Consider role-based alternatives

BEST PRACTICES FOR USING “VIEW ALL FIELDS”

Responsible Permission Assignment

Best Practice 1: Understand the Scope Before Assigning

Do:

  • Understand which fields are covered
  • Know which data is sensitive
  • Document why assignment needed
  • Test in sandbox first

Don’t:

  • Assign without understanding scope
  • Assume it’s limited to certain fields
  • Assign for convenience
  • Skip sandbox testing

Best Practice 2: Document the Assignment

Create record of:

Permission Set Name: Support_Advanced

Object: Account

Permission: View All Fields

Assigned to: Support team

Reason: Support needs field visibility for troubleshooting

Approved by: [Manager]

Date: [Date]

Review date: [Quarterly]

Purpose:

  • Clear audit trail
  • Justification documented
  • Easy to review
  • Compliance evidence

Best Practice 3: Audit Assignments Regularly

Quarterly Review:

  • List all “View All Fields” assignments
  • Verify still needed
  • Check for over-assignment
  • Document findings
  • Remove unnecessary assignments

Process:

  1. Query which permission sets have “View All Fields”
  2. Check who has those permission sets
  3. Verify need still exists
  4. Remove if no longer needed
  5. Document review

Best Practice 4: Use Role-Based Permission Sets

Pattern:

Instead of: Individual assignments

Use: Role-based permission sets

Example:

– Support_Advanced (for support team)

– Audit_Viewer (for audit team)

– Analytics_Viewer (for analytics team)

Each role gets appropriate permissions

Clear purpose

Easy to manage

Easy to review

Best Practice 5: Consider Alternatives First

Before assigning “View All Fields”:

  1. Can FLS be adjusted (more specific)?
  2. Can role be given needed fields specifically?
  3. Is there a business process alternative?
  4. Is “View All Fields” truly necessary?

Only if:

  • No FLS alternative works
  • Business need clear
  • Security implications understood
  • Approved by appropriate stakeholders

Best Practice 6: Train Users on Data Sensitivity

If assigning “View All Fields”:

  • Train users on which fields are sensitive
  • Explain why fields are restricted
  • Set expectations for appropriate use
  • Make consequences clear

Communication:

“You now have access to all Account fields including:

– Annual Revenue (financial data)

– Credit Limit (sensitive)

– Internal Risk Assessment (confidential)

This access is for [specific purpose].

Treat this data with appropriate care.

Sharing restricted data is a violation.

Report suspicious access.


AUDIT AND COMPLIANCE

Managing “View All Fields” for Governance

Audit Strategy

Regular Audits (Quarterly):

  1. Identify all “View All Fields” assignments
  2. For each assignment:
    • Verify user/role still exists
    • Confirm assignment still needed
    • Check for related permissions
    • Review recent access logs
  3. Remove unnecessary assignments
  4. Document findings

Compliance Audits (Annually):

  1. Map “View All Fields” assignments to regulated data
  2. Verify compliance with regulations
  3. Document compliance rationale
  4. Report to compliance team
  5. Plan remediation if needed

Monitoring

Track:

  • Who has “View All Fields” permissions
  • When assignments made
  • When assignments removed
  • Access logs for users with permission

Alert on:

  • New “View All Fields” assignment
  • Unusual access patterns
  • Access to sensitive fields by users with permission
  • Regulatory data access

Documentation

Maintain records:

  • All “View All Fields” assignments
  • Justification for each
  • Approval records
  • Audit results
  • Changes/removals

Purpose:

  • Audit trail
  • Compliance evidence
  • Accountability
  • Historical reference

FINAL THOUGHTS

The “View All Fields” permission is a useful addition to Salesforce’s permission model, but it requires careful thought and management. It’s not a convenience feature—it’s a security control that bypasses other security controls.

The key principle: use it only when necessary, document why, audit regularly, and maintain compliance.

Appropriate use cases exist: audit teams, support troubleshooting, analytics, data migration. In these contexts, it’s a clean solution that avoids over-granting edit access or creating complex FLS configurations.

Inappropriate use is equally easy: assigning for convenience, not understanding scope, allowing access to regulated data without justification, neglecting to audit.

The difference between helpful and risky is proper governance. Document assignments. Understand what data is visible. Audit regularly. Train users. Maintain compliance.

For Salesforce administrators, “View All Fields” is a new tool to understand and use responsibly. For organizations, it’s a permission that requires policy and oversight to use safely.

When managed well, it solves real problems. When neglected, it’s a security risk.

 

Leave a Reply

Your email address will not be published. Required fields are marked *