Field Level Security – Update, Don’t Read

I always assumed Field Level Security privileges are somehow inclusive, meaning you can’t have Update privilege without Read. I was wrong.

Defining the Field Security privileges like this

image

will prevent the profile users from reading the secured field value but will allow them to create with and update it.

FLSDemo

I can’t think of a business process which requires such behavior, but since Field Level Security apply to APIs as well as UI, it may be useful when external applications are required to update a secured value but are not allowed to retrieve it.