Salesforce Data Security: Implementing Field-Level Security in Apex

Data security is a top priority for any Salesforce implementation. Controlling access to sensitive fields ensures that sensitive information is only visible to authorized users. In this blog post, we’ll explore how to implement field-level security in Apex to enforce data privacy and protect sensitive data in Salesforce.

The Challenge: Implementing Field-Level Security

In Salesforce, standard object and field-level security settings control field visibility and accessibility. However, there may be scenarios where you need to enforce field-level security programmatically using Apex, such as when performing data manipulations or custom business logic.

The Solution: Dynamic Field-Level Security in Apex

To implement field-level security in Apex, we’ll leverage the Schema class and dynamic field accessibility methods. Here’s a step-by-step guide to solving this challenge:

Step 1: Identify the Target Fields

Identify the fields for which you want to enforce field-level security. These fields should contain sensitive data that needs to be protected.

Step 2: Check Field Accessibility

Use the Schema class to dynamically check the accessibility of the target fields for the current user. The Schema class provides methods like isAccessible() and isUpdateable() that allow you to determine the accessibility of fields.

Map<String, Schema.SObjectField> fieldMap = Schema.SObjectType.ObjectName.fields.getMap();

if (fieldMap.containsKey('FieldName__c')) {
    Schema.DescribeFieldResult fieldResult = fieldMap.get('FieldName__c').getDescribe();

    if (fieldResult.isAccessible() && fieldResult.isUpdateable()) {
        // Field is accessible and updateable for the current user
        // Perform your logic here
    } else {
        // Field is not accessible or updateable
        // Handle the restricted access scenario

In the example code above, we retrieve the DescribeFieldResult for the target field (FieldName__c). We then check if the field is both accessible and updateable for the current user. Based on the accessibility result, you can proceed with your desired logic or handle restricted access scenarios.

Step 3: Handle Restricted Access

When the target field is not accessible or updateable, you need to handle the restricted access scenario accordingly. This may include displaying an error message, logging the event, or performing alternative actions based on your specific requirements.

Step 4: Test Field-Level Security

Test the field-level security implementation by executing the relevant code with different user profiles and permissions. Ensure that the field accessibility checks are correctly enforced and that the desired actions are taken based on the access level.


Implementing field-level security in Apex provides an additional layer of data protection and ensures that sensitive information remains secure within your Salesforce org. By using the dynamic field accessibility methods provided by the Schema class, you can programmatically enforce data privacy rules and control access to sensitive fields.

In this blog post, we explored the challenge of implementing field-level security in Apex and provided a step-by-step guide to implementing the solution. By following these steps, you can enforce field-level security in your Apex code and safeguard sensitive data from unauthorized access.

Remember to thoroughly test your implementation and consider incorporating field-level security checks into your custom business logic to ensure consistent data protection across your Salesforce org.

About the blog

SFDCLessons is a blog where you can find various Salesforce tutorials and tips that we have written to help beginners and experienced developers alike. we also share my experience and knowledge on Salesforce best practices, troubleshooting, and optimization. Don’t forget to follow us on:


Subscribe to our email newsletter to be notified when a new post is published.


Arun Kumar

Arun Kumar is a Salesforce Certified Platform Developer I with over 7+ years of experience working on the Salesforce platform. He specializes in developing custom applications, integrations, and reports to help customers streamline their business processes. Arun is passionate about helping businesses leverage the power of Salesforce to achieve their goals.

This Post Has One Comment

Leave a Reply